This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
‎2021-05-27 05:47 AM
Jump to solution

Export of rules with zero hits in dashboard

 Hi everyone,

 

I saw some posts about this before, but there was never a confirmation if this was ever available. I am trying to export rules in excel format for a customer that requested list of rules with zero hits, but does not seem its possible. I exported all the rules and can filter for example for any disabled rules, but I dont see column anywhere in excel file for hits, though hits column is enabled in dashboard.

 

Any idea if this is possible in R81 at all? It is cloud mgmt, but I dont think that makes any difference. 

Also, another thing I noticed, though this could be pure cosmetic is that all 100 some NAT rules show zero hits, which also makes no sense, since we know bunch of them are getting hit for sure.

 

Thanks in advance!

0 Kudos
40 Replies
the_rock
Legend
Legend
‎2023-02-28 05:55 AM
In response to Eric_Smith
Jump to solution

Agree 100%. It would be awesome feature to have, for sure. I also made another post about https inspection policy rules hits and hopefully that will also be integrated at some point in future releases, lets see.

Youssef_Obeidal
Employee
Employee
a week ago
In response to Eric_Smith
Jump to solution

Hi,
We are aware of the requirement, and working to add it soon. it is part of our short term plan.
will include the hitcount data, first hit, and last hit.

the_rock
Legend
Legend
a week ago
In response to Youssef_Obeidal
Jump to solution

Great news @Youssef_Obeidal 

0 Kudos
Eric_Smith
Participant
a week ago
In response to Youssef_Obeidal
Jump to solution

That will be amazing. Thank you for the Update Youssef.

the_rock
Legend
Legend
a week ago
In response to Eric_Smith
Jump to solution

Also, just to "throw" this into the mix, as they say, I think it would be AMAZING @Youssef_Obeidal  if hits could be enabled hor https inspection policy. I had many customers ask me about it, but so far, I dont see it in R82 EA either.

Best,

Andy

0 Kudos
Sergei_Karpovit
Participant
‎2024-04-05 11:46 AM
In response to Eric_Smith
Jump to solution

were there any updates to your question? we are as well looking for a report that will have another column, which will show “Rule Last Used” information, which is available via Dashboard when you hover mouse over the hit number as well in rule details information? this would be very helpful. When we do export, it doesn't give you an option to select which data you want to export, but providing that future, would greatly benefit everyone. 

0 Kudos
Sergei_Karpovit
Participant
‎2024-04-05 11:41 AM
In response to Tomer_Noy
Jump to solution

Is it possible to add another column to report which will show “Rule Last Used” information, which is available via Dashboard when you hover mouse over the hit number as well in rule details information? this would be very helpful. When we do export, it doesn't give you an option to select which data you want to export, but providing that future, would greatly benefit everyone. Thank you

0 Kudos
the_rock
Legend
Legend
‎2024-04-05 12:08 PM
In response to Sergei_Karpovit
Jump to solution

Interesting question, I dont see that anywhere either, not sure if its possible.

Andy

0 Kudos
Sergei_Karpovit
Participant
‎2024-04-05 12:17 PM
In response to the_rock
Jump to solution

if they can get count data, getting the date of the last hit shouldn't be an issue :), especially that info is available via Dashboard in 2 places.

0 Kudos
the_rock
Legend
Legend
‎2024-04-05 12:19 PM
In response to Sergei_Karpovit
Jump to solution

Thats true, as long as hit count is enabled, it will show last hit, agree : - )

Andy

0 Kudos
Sergei_Karpovit
Participant
a week ago
In response to Tomer_Noy
Jump to solution

It looks like a lot of good progress been made on the Export of rules with zero hits in dashboard, however there is always room for improvement and if further request can be fulfilled by checkpoint, that will make happy many people. One request in discussions below is about getting First & Last hit dates to be exported along with the hits number, that info is currently available in the Dashboard, that should be simple. But i have another request and if Checkpoint can make it happen, that would be brilliant. Let's say i have a rule were source or destination is not a single object but a group with multiple objects. I want to see in the dashboard the number of hits generated and accepted by each object. And if for some reason one of the source objects not generating traffic or traffic not being send to one of the destination objects, that will help us to cleanup unused objects. Today unused object is the one that is not used in any group, policy, etc... but in reality, sometimes there are servers that been decommissioned or re-used for different app but Security team wasn't updated and if this information is missed, then object will be sitting in the rule without generation or accepting traffic, means unused and can be removed. I hope this makes sense, can be done and will be done in one of the next Dashboard patches or upgrades.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events