Rule Usage Analysis (Palo Alto NGFW)
The Rule Usage feature helps network admins identify rules for potential elimination due to lack of use. This feature only applies to Palo Alto NGFW (not Panorama). Rule Usage Analysis (aka Hit Count) requests additional Access Rule usage information from firewalls using the connector. When setting up a new connector, the user will have the ability to enable the extraction of rule usage information:
Note that existing connectors will not be affected and cannot be edited to enable hit count data retrieval.
From the NGFW, we extract four values for each access rule:
- First Hit – Timestamp of first rule usage
- Last Hit – Timestamp of last rule usage
- Hits Updated – Timestamp of last data refresh
- Hits – Usage count
The information is presented as additional columns in the Access Rules Table. The four columns are disabled by default and will need to be enabled by the user using the menu at the top right.
Once enabled, the hit count data will be displayed in the Access rules table: