: Rule Usage Hit Count Query
Focus
Focus

Rule Usage Hit Count Query

Table of Contents

Rule Usage Hit Count Query

Query your policy rule base to determine rule usage for a specified period of time.
  • PoliciesRule Usage
Use the rule usage query to filter the selected rulebase over a specified period of time. The rule usage query allows you to quickly filter your policy rulebase to identify unused rules for removal so that you can reduce open entry points for an attacker. Click PDF/CSV to export the filtered rules in PDF or CSV format. To use the Rule Usage Hit Count Query, you must enable the Policy Rule Hit Count setting (Device > Setup > Management).
By default, the Name, Location, Created, Modified, and Rule Usage columns are displayed when you query the rule usage in your policy rule base. You can add more columns to view additional information about the policy rules.
Task
Description
Hit Count
Timeframe
Indicate the time frame to query the selected rulebase. Select from the predetermined time frames or set a Custom time frame.
Usage
Select the rule usage to query: Any, Unused, Used, or Partially Used (Panorama only).
Since
(Custom Timeframe only) Select the date and time from which to query the policy rulebase.
Exclude rules reset during the last _ days
Select this option to exclude any rules that were manually reset by a user within the specified number of days.
Actions
Delete
Delete one or more selected policy rules.
Enable
Enable one or more selected policy rules when disabled.
Disable
Disable one or more selected policy rules.
PDF/CSV
Export the filtered policy rules currently displayed in PDF or CSV format.
Reset Rule Hit Counter
Reset the rule usage data for the Selected rules or for All rules that have been filtered and are currently displayed.
Tag
Apply one or more group tags to one or more selected policy rules. The group tag must already exist in order to tag the policy rule(s).
Untag
Remove one or more group tags from one or more selected policy rules.

Device Rule Usage for Rule Hit Count Query

View the device rule usage for a selected policy rule when performing a rule usage hit count query.
You can view the device and virtual system rule usage when you viewing the rule usage for a policy rule from the Panorama management server. Reset Rule Hit Counter to reset the Hit Count, First Hit, and Last Hit.
Click PDF/CSV to export the filtered rules in PDF or CSV format.
Field
Description
Device Group
Device group that device or virtual system belongs to.
Device Name/Virtual System
Name of the device group or virtual system.
Hit Count
Total number of traffic matches for the policy rule.
Last Hit
Date and time of the latest traffic match for the policy rule.
First Hit
Date and time of the first traffic match for the policy rule.
Last Update Received
Date and time of the last received rule usage information from the device to the Panorama management server.
Created
Date and time the policy rule was created.
Modified
Date and time the policy rule was last modified. Column is blank if the policy rule has not been modified.
State
Connection status of the device: Connected, or Disconnected.