Is there a way through the clash or GUI to tell how long a rule in a policy package has been disabled or even unused?
clish. not clash.
You would have to look at the audit logs to see when a given rule was disabled.
Not sure the hit counts are exposed via the API, but even then it wouldn't show you the last time the rule was hit.
In the name of the topic you ask how to check when a rule was disabled, but below you ask about a policy package. Then you ask how to check when it was disabled or when was the last hit. It is a bit difficult to understand what exactly information you need.
I assume that you need to check when a rule was disabled in a policy and by GUI you mean one of SmartConsole applications and not Gaia web-interface.
SmartDashboard > Right mouse click on the rule > Copy Rule UID
SmartView Tracker > Management tab > Paste UID into filter
SmartConsole > Security Policies tab > Choose the rule > Check in History tab below
SmartConsole > Security Policies tab > Right mouse click on the rule > Copy Rule UID
SmartConsole > Logs & Monitor tab > New tab > Open Audit Log View > Paste UID in search
Apparently using the logging on 77.10-20 for Rule UID is process intensive and big organizations like ours do not use. it. Thanks for the help. R80.10 + will help some
Retrieving data ...