cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Rule base export with zero hit count

Jump to solution

Hi 

I am trying to export the rules with zero hit count for past three months using API to do a rule base clean up.

Is there a way to filter only the rules with zero counts to be exported using show access-rulebase command

My commnad as follows 

mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX"

Thanks & Regards

Arun

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
Highlighted
Kannan_R
Iron

Re: Rule base export with zero hit count

Jump to solution

Hi Arun,

  You may try this.

mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX"  --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv

HTH,

Kannan

0 Kudos
2 Replies
Employee+
Employee+

Re: Rule base export with zero hit count

Jump to solution

The API team has actually recently released a script to accomplish something very similar. It might work directly for you or maybe you can draw inspiration from it.

GitHub - CheckPointSW/PolicyCleanUp 

Highlighted
Kannan_R
Iron

Re: Rule base export with zero hit count

Jump to solution

Hi Arun,

  You may try this.

mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX"  --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv

HTH,

Kannan

0 Kudos