Rule merge all results

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Rule merge all results

L3 Networker

I am running Expedition 1.0.106 and have a question about merging rules. Once the analysis is done I am presented with cases that I look at individually. From there I can merge by highlighting the rules or by clicking on the 'merge by selection or all results'.  Either one of those ways works to merge a case. The question I have is the part that says '...or all results'. I have over 4000 cases and would like to choose to merge all results but it does not work. When I have no cases selected and click the button it says it has merged 2 rules (not sure what is up with that) but it does not merge all results. As an alternative, I check the box next to 'Duplicates' which should select all cases but it says you can only select 10 cases at a time. 

 

Thanks for any help.

34 REPLIES 34

L5 Sessionator

Please check with the most current version of Expedition, 1.1.9, to see if this aspect has been fixed in iterations between your version and the most recent one.

If not, let's try to check it again with some examples?

I upgraded the tool to 1.1.19 but it did not help. Just to make sure here are the steps I am following.

1. From Policies choose 'Filters'

2. Choose Merge, Analyze, Policies, Security Policies

3.  In the section titled 'Show rules by identical,' I choose action, from, to, source, destination

4.  I then click the blue 'analyze and filter' button

5. After the analysis is done I would click the green button that says 'Merge by selection or all results' (since I have not selected any cases to merge I was hoping it would merge 'all results'). It does not merge all results and even though no cases are chosen it still says it has combined a couple of security rules.

6. If instead choose  10 separate cases to merge it will still only merge the last case that was chosen.

 

Hopefully, this helps explain what I am trying to do and what is not working.

 

Thanks.

to clarify the behavior of the "Merge by selection or all results', the result of clicking this button will not merge the rules in all cases listed. Instead the behavior is intended to be used as an option to choose to merge all of the matched results on a case by case basis. 

 

The alternative to using the 'Merge by selection of all results' is to first click on the case, which will display the results - matched security policies that can be merged, is to manually choose the security policies to merge then click on the 'Merge by selection of all results' button. 

 

So the workflow is you must first select the case then choose to merge all of select only those policies that should be merged. 

 

From a safe practice recommendation, the matches of which security policies to be merged should be reviewed prior to choosing to merge them.

I understand what you are saying about ‘safe practice’ and do intend to review all of the cases but still don’t understand the behavior of the button.  The button says to “Merge by selection OR all results”. That implies to me that without selecting any cases it will merger all cases(all results). That would be very helpful as it is easier to click through the cases to verify they are correct and then to either select all of them or none and clicking the button then should merge them all. On the other hand, I would be ok if I could just select a bunch of cases at once and merge them. The tool lets you choose multiple cases (or click the box next to ‘Duplicates’ to select all…although it does come back to say that you can only select 10 cases at a time) but it does not work. If I choose 2 or 3 cases as an example and click the merge button it comes back to show that only the last case chosen was merged. I have tried that a bunch of times and it still does nothing more than merge the last case chosen.

 

Thanks

I will verify the option to select up to 10 cases. 

 

But wording wise, the wording can be improved upon for clearer intent, but the intent is to force the user to choose the cases from the listing and display the results (of the rules that can be merged upon review) for review prior to merging. 

If i can add my 2 cents to what @aporue proposed.

 

If possible, it would be very helpful if we can select a large number of cases to be merged individually. This would help the repetition of doing each case individually. Especially when there are hundreds of cases.

 

There is the excel export of the cases which can be used to verify before doing a large number of merges. eg. i can verify that cases 1-10 and 12-15 are cases i want to merge individually.

 

My experiences on 1.1.8 and 1.1.9 is the same, when more than one case is selected, it only merge the last case.

 

i'll look into the option to select 10, if that is not working then I will file a bug.

Any update on this issue? I have a project that has 4000 cases to merge so even doing 10 at a time will take forever so the option to be able to merge all cases at once would be very helpful. Like the other poster stated we can download the spreadsheet of cases and review offline to determine that they are correct. Plus, I have not seen a case yet that was not correct as all I am filtering on is source/destination.

 

Thanks.

Any updates on this issue?

 

thanks.

We still have to check this case and correct it if not behaving as it should.

 

 

L0 Member

Also impacted by this limitation.  😐  Awaiting a fix or work around. 

Any updates on when/if this issue will be resolved?

 

Thanks,

Keith

As it has been 3 weeks since your last response I just wanted to check again to see if/when this issue will be fixed? 

Rule merge will come tomorrow.

However, it will still be limited to 10 merges at a time.

Additionally, it will check that you do not merge rules with "any" and values in Users, Applications and Services

  • 13927 Views
  • 34 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!