Rule Usage Hit Count Query
Query your policy rule base to determine rule usage for a specified period of time.
- PoliciesRule Usage
Use the rule usage query to filter the selected rulebase over a specified period of time. The rule usage query allows you to quickly filter your policy rulebase to identify unused rules for removal so that you can reduce open entry points for an attacker. Click
PDF/CSVto export the filtered rules in PDF or CSV format. To use the Rule Usage Hit Count Query, you must enable the
Policy Rule Hit Countsetting (Device > Setup > Management).
By default, the
Rule Usagecolumns are displayed when you query the rule usage in your policy rule base. You can add more columns to view additional information about the policy rules.
Indicate the time frame to query the selected rulebase. Select from the predetermined time frames or set a
Select the rule usage to query:
Custom Timeframe only) Select the date and time from which to query the policy rulebase.
Exclude rules reset during the last _ days
Select this option to exclude any rules that were manually reset by a user within the specified number of days.
Device Rule Usage for Rule Hit Count Query
View the device rule usage for a selected policy rule when performing a rule usage hit count query.
You can view the device and virtual system rule usage when you viewing the rule usage for a policy rule from the Panorama management server.
Reset Rule Hit Counterto reset the Hit Count, First Hit, and Last Hit.
PDF/CSVto export the filtered rules in PDF or CSV format.
Device group that device or virtual system belongs to.
Device Name/Virtual System
Name of the device group or virtual system.
Total number of traffic matches for the policy rule.
Date and time of the latest traffic match for the policy rule.
Date and time of the first traffic match for the policy rule.
Last Update Received
Date and time of the last received rule usage information from the device to the Panorama management server.
Date and time the policy rule was created.
Date and time the policy rule was last modified. Column is blank if the policy rule has not been modified.
Connection status of the device: