cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

R80.20 SmartReporter : how to do a report "rule base analysis"?

Hello,

 

how can i do an report for rule-base analysis?

i want to report 0-Hit Rules and Rules which has no hits since x days.

 

please help!

 

Daniel

0 Kudos
4 Replies
Admin
Admin

Re: R80.20 SmartReporter : how to do a report "rule base analysis"?

I don't believe we have this in SmartEvent currently.
However, using the API, you can get the necessary information and potentially event act on it (deleting or disabling the rules).
Couple examples:
https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Disable-Delete-Rules-with-a-Zero-...
https://github.com/CheckPointSW/PolicyCleanUp
0 Kudos

Re: R80.20 SmartReporter : how to do a report "rule base analysis"?

0 Kudos

Re: R80.20 SmartReporter : how to do a report "rule base analysis"?

I have modified some scripts and get this one:

mgmt_cli -r true --port 4434 show access-rulebase name Network show-hits true --format json limit 50000 | jq  '.rulebase[] | .rulebase[] | [."rule-number", .name, .hits.value]' --compact-output  | sed 's/\[//g'| sed 's/\]//g'

This command prints all rules from first to last, name of the rule and the hit count for that rule.
If there are sub-layers, the command should be run for each sub-layer.

 

0 Kudos
Admin
Admin

Re: R80.20 SmartReporter : how to do a report "rule base analysis"?

You will not necessarily get all the results just setting the limit to 50000.
You may need to execute the command multiple times using the offset parameter (e.g. offset 500 to get the next 500 rules, offset 1000 to get the next 500 after that).
0 Kudos