PDA

View Full Version : Reporter: require a 'how to' to show unused objects in rules



insecure
2010-06-29, 04:21
Hi all,

How do I go about this? I would like to show what objects with in a rule are not being used for say the last 2 weeks. What reports and what manipulation of the content is required to report this?

I log EVERY rule.

Cheers..

ssaglauskas
2016-02-16, 13:55
Hi all,

How do I go about this? I would like to show what objects with in a rule are not being used for say the last 2 weeks. What reports and what manipulation of the content is required to report this?

I log EVERY rule.

Cheers..

Hello everyone,
Does anyone have any answer to this question? I need to remove objects that are not used some time ago, but many are part of some rules and I do not see this at SmartDashboard.

Thank you

jdmoore0883
2016-02-16, 14:12
There is nothing that will simply provide you this information.

What cold you do, is break up some the rules in question, reset the hit counters, and watch the hits, if the rule gets hits, those objects are in use, and if not, they may not be. This will likely take time and no small amount of effort, but can be done.

On another note, you can use SmartDashboard to search for "unused objects", but be aware that this will NOT give you the information you are after. The "Unused objects" simply indicates unused in a rule. So, for example, if you have a network object representing a network that doesn't actually exist, but is in a rule, it will never show up in the "Unused objects", as it is used in a rule (despite that the network doesn't actually exist). In this kind of case, you would need to separate the objects into multiple rules, and as noted above, watch the hit counters and see what is and is not being hit.

brian_netsec
2016-02-17, 07:17
Simplest method would be a third party tool, take a look at Tufin SecureTrack

PhoneBoy
2016-02-17, 07:47
R80 management will be able to tell you which objects on which rule are being used the most/least.