03-02-2026 11:29 PM
Dear Community
We try to get out the hit counts from the API connection between Panorama and ServiceNow. Is there someone in the community who has experience where the hit counts can be read out? Within the API documentation, we were not able to get more details. We are able to read the whole rules, their object groups and also the objects. But we miss the way how to read the hit counts for a specific rule (even if the field exists).
Any help would be appreciated.
Many thanks
Markus
03-03-2026 07:55 PM
Hi @M.Albisser ,
Hit counts aren’t returned when retrieving the rulebase through the configuration API. They are runtime counters maintained by the dataplane, so they need to be queried through the operational API (type=op) instead.
You can retrieve them using an operational command similar to the following:
<show>
<rule-hit-count>
<vsys>
<vsys-name>
<entry name="vsys1">
<rule-base>
<entry name="security">
<rules>
<all/>
</rules>
</entry>
</rule-base>
</entry>
</vsys-name>
</vsys>
</rule-hit-count>
</show>
**FYI, I tested this against a ngfw where I don't have multi-vsys enabled.
You can experiment with the request via FW API browser, which will generate the XML structure for the operational command. From there you should be able to incorporate the request into your API call from SNOW.
Hope this helps! Please let us know if you are able to get this operational.
03-03-2026 07:55 PM
Hi @M.Albisser ,
Hit counts aren’t returned when retrieving the rulebase through the configuration API. They are runtime counters maintained by the dataplane, so they need to be queried through the operational API (type=op) instead.
You can retrieve them using an operational command similar to the following:
<show>
<rule-hit-count>
<vsys>
<vsys-name>
<entry name="vsys1">
<rule-base>
<entry name="security">
<rules>
<all/>
</rules>
</entry>
</rule-base>
</entry>
</vsys-name>
</vsys>
</rule-hit-count>
</show>
**FYI, I tested this against a ngfw where I don't have multi-vsys enabled.
You can experiment with the request via FW API browser, which will generate the XML structure for the operational command. From there you should be able to incorporate the request into your API call from SNOW.
Hope this helps! Please let us know if you are able to get this operational.
03-04-2026 12:33 AM
Hi JayGolf
Many thanks for your feedback. I forwarded your answer to the guys who are implementing the API. As soon I have a feedback, I will let you know and I then also will rate the answer.
Thank you
Markus
03-10-2026 03:16 AM
Thank you Jay for your reply. This helped our ServiceNow engineer to get the hit counts via API
03-10-2026 07:22 AM
Great to hear. Cheers! @M.Albisser
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
