Objective: To Create more specific Rule
I have a rule in a rulebase that accepts all traffic from a S:Any D:RFC 1918 Service:Any (Not Actual). In order for us to extract source/destination/services that hit the rule we use the smartview logs and create rules base the exported data.
Is there other way of accomplishing the objective? I looked into connStat but only shows the active connections so its not as accurate as the logs cause logs can be filtered up to 30days. I would like to place remove this Any Any rule and replace it with a Drop but first need to get all legitimate services that should be allowed.
Thanks