This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
StevePearson
Contributor
‎2024-07-05 06:21 AM

Report on rules with zero hits

I'm working on R81.20 with the latest jumbo, and need to get a report of rules with zero hits.

Ideally I'd like to be able to run this on a schedule, for example every week, to show rules with zero hits in the last 90 days.

I've seen several things about this, some suggest using a mgmt_cli command, some suggest API, but nothing definitive.

As a temporary workaround I've exported the policy to CSV but the hits column is not populated despite the hits showing correctly in SmartConsole!

0 Kudos
8 Replies
Lesley
Mentor Mentor
Mentor
‎2024-07-05 01:31 PM

Compliance blade can report about this. It will make a PDF.

https://community.checkpoint.com/t5/Management/Use-Check-Point-Compliance-Blade-for-unused-rules-in-...

This post is a bit older so the current software will also show the rule numbers and a bit more info. 

 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend
‎2024-07-05 03:51 PM

I found the same issue in R81.20 lab, but when I did it in R81.10 and R80.40, I could see hits column in exported csv file.

Andy

0 Kudos
D_W
Advisor
‎2024-07-06 12:25 AM

When you export the Policy with the Show Policy Package Tool and option "-c" you should see the hit count.

 sk120342
Newest version and more info about option "-c" here https://github.com/CheckPointSW/ShowPolicyPackage 

0 Kudos
the_rock
Legend
Legend
‎2024-07-06 04:30 AM
In response to D_W

Interesting...never knew that. Will try it in the lab later and report.

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-07-06 04:58 AM
In response to D_W

Definitely good option, thanks for that tip!

Below is output from the lab:

[Expert@CP-MANAGEMENT:0]# cd /opt/CPsuite-R81.20/fw1/scripts/
[Expert@CP-MANAGEMENT:0]# ./web_api_show_package.sh -k cp-lab-policy -c
Script finished running successfully!
Result file location: show_package-2024-07-06_07-53-44.tar.gz

 

Little snippet:

 

Screenshot_1.png

 

 

0 Kudos
the_rock
Legend
Legend
‎2024-07-06 05:02 AM
In response to D_W

hough, got me thinking...since @StevePearson was looking to get this in csv format, not sure if thats possible using this method?

Andy

0 Kudos
StevePearson
Contributor
‎2024-07-12 02:29 AM
In response to the_rock

Hi Andy,

What I'd ideally like is a report just showing the zero hit rules, so as I couldn't find anything I thought CVS would be a good option as I could sort it easily.

This script is the best I've see so far, yes it contains all the rules not just the zero hits but I've got a highlighter that can fix that issue for now so that the customer can at least see them fairly easily.

I'm having a play with the compliance blade in my lab to see if I can get something from that too, as Lesley suggested.

Steve

0 Kudos
StevePearson
Contributor
‎2024-07-12 02:30 AM
In response to D_W

Thanks, I wasn't aware of this script!

I'll give it a try and see how it looks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top