Rule Usage Hit Count Query
Table of Contents
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device Setup Ace
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Rule Usage Hit Count Query
Query your policy rule base to determine rule usage for
a specified period of time.
- PoliciesRule Usage
Use the rule usage query to filter the selected
rulebase over a specified period of time. The rule usage query allows
you to quickly filter your policy rulebase to identify unused rules
for removal so that you can reduce open entry points for an attacker.
Click PDF/CSV to export the filtered rules
in PDF or CSV format. To use the Rule Usage Hit Count Query, you
must enable the Policy Rule Hit Count setting
(Device > Setup > Management).
By default, the Name, Location, Created, Modified,
and Rule Usage columns are displayed when
you query the rule usage in your policy rule base. You can add more
columns to view additional information about the policy rules.
Task | Description |
---|---|
Hit Count | |
Timeframe | Indicate the time frame to query the selected
rulebase. Select from the predetermined time frames or set a Custom time
frame. |
Usage | Select the rule usage to query: Any, Unused, Used,
or Partially Used (Panorama only). |
Since | (Custom Timeframe only) Select
the date and time from which to query the policy rulebase. |
Exclude rules reset during the last _ days | Select this option to exclude any rules
that were manually reset by a user within the specified number of
days. |
Actions | |
Delete | Delete one or more selected policy rules. |
Enable | Enable one or more selected policy rules
when disabled. |
Disable | Disable one or more selected policy rules. |
PDF/CSV | Export the filtered policy rules currently
displayed in PDF or CSV format. |
Reset Rule Hit Counter | Reset the rule usage data for the Selected
rules or for All rules that have
been filtered and are currently displayed. |
Tag | Apply one or more group tags to one or more
selected policy rules. The group tag must already exist in order
to tag the policy rule(s). |
Untag | Remove one or more group tags from one or
more selected policy rules. |
Device Rule Usage for Rule Hit Count Query
View the device rule usage for a selected policy rule
when performing a rule usage hit count query.
You can view the device and virtual system rule usage
when you viewing the rule usage for a policy rule from the Panorama
management server. Reset Rule Hit Counter to
reset the Hit Count, First Hit, and Last Hit.
Click PDF/CSV to export the filtered rules
in PDF or CSV format.
Field | Description |
---|---|
Device Group | Device group that device or virtual system
belongs to. |
Device Name/Virtual System | Name of the device group or virtual system. |
Hit Count | Total number of traffic matches for the
policy rule. |
Last Hit | Date and time of the latest traffic match
for the policy rule. |
First Hit | Date and time of the first traffic match
for the policy rule. |
Last Update Received | Date and time of the last received rule
usage information from the device to the Panorama management server. |
Created | Date and time the policy rule was created. |
Modified | Date and time the policy rule was last modified.
Column is blank if the policy rule has not been modified. |
State | Connection status of the device: Connected,
or Disconnected. |