Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
StevePearson
Participant

Report on rules with zero hits

I'm working on R81.20 with the latest jumbo, and need to get a report of rules with zero hits.

Ideally I'd like to be able to run this on a schedule, for example every week, to show rules with zero hits in the last 90 days.

I've seen several things about this, some suggest using a mgmt_cli command, some suggest API, but nothing definitive.

As a temporary workaround I've exported the policy to CSV but the hits column is not populated despite the hits showing correctly in SmartConsole!

0 Kudos
8 Replies
Lesley
Leader Leader
Leader

Compliance blade can report about this. It will make a PDF.

https://community.checkpoint.com/t5/Management/Use-Check-Point-Compliance-Blade-for-unused-rules-in-...

This post is a bit older so the current software will also show the rule numbers and a bit more info. 

 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend

I found the same issue in R81.20 lab, but when I did it in R81.10 and R80.40, I could see hits column in exported csv file.

Andy

0 Kudos
D_W
Advisor

When you export the Policy with the Show Policy Package Tool and option "-c" you should see the hit count.

 sk120342
Newest version and more info about option "-c" here https://github.com/CheckPointSW/ShowPolicyPackage 

0 Kudos
the_rock
Legend
Legend

Interesting...never knew that. Will try it in the lab later and report.

Andy

0 Kudos
the_rock
Legend
Legend

Definitely good option, thanks for that tip!

Below is output from the lab:

[Expert@CP-MANAGEMENT:0]# cd /opt/CPsuite-R81.20/fw1/scripts/
[Expert@CP-MANAGEMENT:0]# ./web_api_show_package.sh -k cp-lab-policy -c
Script finished running successfully!
Result file location: show_package-2024-07-06_07-53-44.tar.gz

 

Little snippet:

 

Screenshot_1.png

 

 

0 Kudos
the_rock
Legend
Legend

hough, got me thinking...since @StevePearson was looking to get this in csv format, not sure if thats possible using this method?

Andy

0 Kudos
StevePearson
Participant

Hi Andy,

What I'd ideally like is a report just showing the zero hit rules, so as I couldn't find anything I thought CVS would be a good option as I could sort it easily.

This script is the best I've see so far, yes it contains all the rules not just the zero hits but I've got a highlighter that can fix that issue for now so that the customer can at least see them fairly easily.

I'm having a play with the compliance blade in my lab to see if I can get something from that too, as Lesley suggested.

Steve

0 Kudos
StevePearson
Participant

Thanks, I wasn't aware of this script!

I'll give it a try and see how it looks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events