Get Rule Hit Count
Counts the number of times a specific rule or rules were triggered on a specific device.
External Documentation
To learn more, visit the AlgoSec Firewall Analyzer documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Device Tree Name | Tree name of the device. Can be obtained via List Devices action. |
| End Time | Count the number of hits that occurred before this time. |
| Filter By | Determines whether to filter results by: - Latest Report - Use the Start Time & End Time defined in the latest report.- Custom Time Frame - Specify your own Start Time & End Time. |
| Rule IDs | A comma separated or JSON list of Rule IDs for which to collect hit counts. |
| Start Time | Count the number of hits that occurred after this time. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Page | Specifies the page of results to retrieve. |
| Page Size | The number of results to display per page. |
| Reverse Sort | If checked, the results will be sorted by rules with the least hits first. |
Example Output
{
"status": "OK",
"data": {
"deviceTreeName": "MyDevice",
"ruleIds": {
"content": [
{
"ruleId": "from_dmz_to_untrust_name_119",
"count": 11937
},
{
"ruleId": "from_untrust_to_dmz_name_153",
"count": 10371
},
{
"ruleId": "from_untrust_to_dmz_name_166",
"count": 8942
},
{
"ruleId": "from_dmz_to_untrust_name_154",
"count": 6513
},
{
"ruleId": "from_untrust_to_dmz_name_150",
"count": 73
}
],
"number": 0,
"size": 900,
"totalElements": 35,
"pageable": {
"sort": {
"sorted": false,
"unsorted": true,
"empty": true
},
"pageNumber": 0,
"pageSize": 900,
"offset": 0,
"paged": true,
"unpaged": false
},
"last": true,
"totalPages": 1,
"sort": {
"sorted": false,
"unsorted": true,
"empty": true
},
"first": true,
"numberOfElements": 35,
"empty": false
},
"startTime": 1,
"endTime": 1974667654000
},
"additionalInfo": {}
}
Workflow Library Example
Get Rule Hit Count with Algosec Firewall Analyzer and Send Results Via Email
Preview this Workflow on desktop