Rules hit count
Count the number of times a specific rule or rules were triggered on a specific device.
Resource Name:
Request Method: POST
Request URL Header:
Element | Type | Description |
---|---|---|
Cookie Mandatory |
String | Cookie obtained from the connect method. |
Request URL Parameters:
Element | Type | Description |
---|---|---|
invertSorting Optional |
Boolean |
If true, sorts the rules with the least hits first. Default = False |
Request body parameters
Element | Type | Description |
---|---|---|
deviceTreeName Mandatory |
String | Tree name of the device. |
ruleIds Optional |
String |
The Rule IDs for which to collect hit counts. If more than one Rule ID, separate with commas. For example: [ruleid1, ruleid2, ruleid3] |
startTime endTime Mandatory, when latestReport is set to false, or left blank |
Integer (Epoch/Unix Timestamp) |
Count the number of hits that occurred between startTime and endTime. |
latestReport Mandatory, when startTime and endTime are left blank |
Boolean | If true, uses the startTime and endTime defined in the latest report. |
pageSize Optional |
Integer |
The number of rows to display per page in the output JSON file. Tip: By default, rules with zero hits are not shown in the results, although the user is notified that these rules exist. To include rules with zero hit counts in the response, increase the pageSize parameter in the API enough to fit all the rules onto a single page. |
page Optional |
Integer |
The page to display in the output JSON file. |
Response:
Code |
Description |
---|---|
200 |
OK. The response includes a set of JSON code based on the data included in the request. |
400 |
Request is invalid |
403 |
Unauthorized |
404 |
Device not found |
500 |
Policy Optimization failed |
Example request
The following example sorts the rules included in the response by least hit counts to most.
curl -X POST -H "Content-Type: application/json"
"https://<server>:<port>/ms-policy-optimizations/api/v1/rules/hit-count"
--cookie "PHPSESSID=<sessionID>" -d '{
"deviceTreeName": "<device-name>",
"ruleIds":[],
"startTime": <epoch-time>,
"endTime": <epoch-time>,
}'
Example response
The following is a truncated response showing a few rules on the device, and the number of times each rule was used.
Note: We've formatted the following example to make it easier to read. Real responses for the hit-count API are formatted as a single line.
{
"status":"OK",
"data":
{
"deviceTreeName":"MyDevice",
"ruleIds":
{"content":
[
{"ruleId":"from_dmz_to_untrust_name_119","count":11937},
{"ruleId":"from_untrust_to_dmz_name_153","count":10371},
{"ruleId":"from_untrust_to_dmz_name_166","count":8942},
{"ruleId":"from_dmz_to_untrust_name_154","count":6513},
....
....
{"ruleId":"from_untrust_to_dmz_name_150","count":73}],"number":0,"size":900,"totalElements":35,"pageable":
{"sort":
{"sorted":false,"unsorted":true,"empty":true},
"pageNumber":0,"pageSize":900,"offset":0,"paged":true,"unpaged":false
},
"last":true,"totalPages":1,"sort":
{"sorted":false,"unsorted":true,"empty":true},
"first":true,"numberOfElements":35,"empty":false
},
"startTime":1,"endTime":1974667654000},"additionalInfo":{}
}