Can I get a entries of Unused Rules with no repeat count from Custom Report?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Can I get a entries of Unused Rules with no repeat count from Custom Report?

L3 Networker

Hi guys,

I have question about PaloAlto Custom Report. I can find that document for getting used rules with counter from customer report as How to Create Custom Report to Show The Least Used Rules in Security Policies

But Customer want to know exactly UNUSED RULES WITH COUNTER from custom report. Is it possible?

Customer really want to have that custom report can show entries of rule-name with no count. If not, I want to have feature request to PaloAlto HQ.

pastedImage_4.png

Above is a sample of used rules with counter from custom report and that don't contain entry of unused rule with no repeat count.

Thanks.
Regards,

Roh

2 REPLIES 2

L3 Networker

I am not sure about making a report to show you those unused rules. But as an administration task, once a year, I will go into the rules. Tick "Highlight unused rules" , select them all and then move them all to the bottom underneath my "drop all" rule.

That will then show all your unused rules in one easy to see location. I am assuming this is the reason the customer wants such a report?

You could then also export the rules as a CSV file to see all the rules in question. In case you wanted something printable.

Hi JRussell,

Thanks for answer.

As you know that "Highlight unused rules" could show only Unused Rules after device started up. I and customer want to know exactly about Unused Rules for particular schedule such as 2 weeks or 1 month or custom schedule. I believe that the PaloAlto Firewall don't have feature about showing Unused Rules with particular time-frame. So it should be requested to PAN HQ as feature requesting by SE.

Thanks!

Regards,

Roh

  • 2483 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!