Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Hainich
Collaborator

R80.20 SmartReporter : how to do a report "rule base analysis"?

Hello,

 

how can i do an report for rule-base analysis?

i want to report 0-Hit Rules and Rules which has no hits since x days.

 

please help!

 

Daniel

4 Replies
PhoneBoy
Admin
Admin

I don't believe we have this in SmartEvent currently.
However, using the API, you can get the necessary information and potentially event act on it (deleting or disabling the rules).
Couple examples:
https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Disable-Delete-Rules-with-a-Zero-...
https://github.com/CheckPointSW/PolicyCleanUp
Daniel_Hainich
Collaborator

Dilian_Chernev
Collaborator

I have modified some scripts and get this one:

mgmt_cli -r true --port 4434 show access-rulebase name Network show-hits true --format json limit 50000 | jq  '.rulebase[] | .rulebase[] | [."rule-number", .name, .hits.value]' --compact-output  | sed 's/\[//g'| sed 's/\]//g'

This command prints all rules from first to last, name of the rule and the hit count for that rule.
If there are sub-layers, the command should be run for each sub-layer.

 

PhoneBoy
Admin
Admin

You will not necessarily get all the results just setting the limit to 50000.
You may need to execute the command multiple times using the offset parameter (e.g. offset 500 to get the next 500 rules, offset 1000 to get the next 500 after that).

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events