>
    Rule Usage Hit Count Query
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Policies
    4. Rule Usage Hit Count Query
    Download PDF
    Next-Generation Firewall

    Rule Usage Hit Count Query

    Table of Contents

    Rule Usage Hit Count Query

    Query your policy rule base to determine rule usage for a specified period of time.
    • PoliciesRule Usage
    Use the rule usage query to filter the selected rulebase over a specified period of time. The rule usage query allows you to quickly filter your policy rulebase to identify unused rules for removal so that you can reduce open entry points for an attacker. Click PDF/CSV to export the filtered rules in PDF or CSV format. To use the Rule Usage Hit Count Query, you must enable the Policy Rule Hit Count setting (Device > Setup > Management).
    By default, the Name, Location, Created, Modified, and Rule Usage columns are displayed when you query the rule usage in your policy rule base. You can add more columns to view additional information about the policy rules.
    Task
    Description
    Hit Count
    Timeframe
    Indicate the time frame to query the selected rulebase. Select from the predetermined time frames or set a Custom time frame.
    Usage
    Select the rule usage to query: Any, Unused, Used, or Partially Used (Panorama only).
    Since
    (Custom Timeframe only) Select the date and time from which to query the policy rulebase.
    Exclude rules reset during the last _ days
    Select this option to exclude any rules that were manually reset by a user within the specified number of days.
    Actions
    Delete
    Delete one or more selected policy rules.
    Enable
    Enable one or more selected policy rules when disabled.
    Disable
    Disable one or more selected policy rules.
    PDF/CSV
    Export the filtered policy rules currently displayed in PDF or CSV format.
    Reset Rule Hit Counter
    Reset the rule usage data for the Selected rules or for All rules that have been filtered and are currently displayed.
    Tag
    Apply one or more group tags to one or more selected policy rules. The group tag must already exist in order to tag the policy rule(s).
    Untag
    Remove one or more group tags from one or more selected policy rules.

    Device Rule Usage for Rule Hit Count Query

    View the device rule usage for a selected policy rule when performing a rule usage hit count query.
    You can view the device and virtual system rule usage when you viewing the rule usage for a policy rule from the Panorama management server. Reset Rule Hit Counter to reset the Hit Count, First Hit, and Last Hit.
    Click PDF/CSV to export the filtered rules in PDF or CSV format.
    Field
    Description
    Device Group
    Device group that device or virtual system belongs to.
    Device Name/Virtual System
    Name of the device group or virtual system.
    Hit Count
    Total number of traffic matches for the policy rule.
    Last Hit
    Date and time of the latest traffic match for the policy rule.
    First Hit
    Date and time of the first traffic match for the policy rule.
    Last Update Received
    Date and time of the last received rule usage information from the device to the Panorama management server.
    Created
    		Date and time the policy rule was created.
    Modified
    Date and time the policy rule was last modified. Column is blank if the policy rule has not been modified.
    State
    Connection status of the device: Connected, or Disconnected.

    © 2025 Palo Alto Networks, Inc. All rights reserved.