https://community.cisco.com/t5/network-security/disabling-multiple-unused-rules-through-the-fmc-api/m-p/5232404#M1117968 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/169850">@Oliver Kaiser</a>&nbsp;</P><P>I'm new to the whole API thing and just started using Postman to try a few things from a branch created from their FMC library.&nbsp;</P><P>So far I've reached your step 3 using the request called Read Hitcounts for Device"</P><P><SPAN class=""><SPAN>GET: {{protocol}}</SPAN></SPAN><SPAN>://</SPAN><SPAN class=""><SPAN>{{hostname}}</SPAN></SPAN><SPAN>/api/fmc_config/v1/domain/</SPAN><SPAN class=""><SPAN>{{domain_id}}</SPAN></SPAN><SPAN>/policy/accesspolicies/</SPAN><SPAN class=""><SPAN>{{accesspolicy_id}}</SPAN></SPAN><SPAN>/operational/hitcounts?filter=deviceId:</SPAN><SPAN class=""><SPAN>{{device_id}}</SPAN></SPAN><SPAN>&amp;expanded=True</SPAN></P><P><SPAN>Would you be able to elaborate how do I do step 4 and 5?</SPAN></P><P><SPAN>Many thanks,</SPAN></P><P>&nbsp;</P> Wed, 04 Dec 2024 12:42:20 GMT atsukane 2024-12-04T12:42:20Z https://community.cisco.com/t5/network-security/disabling-multiple-unused-rules-through-the-fmc-api/m-p/4284489#M1078011 <P>Can multiple rules be referenced in the API script to disable those that are unused? &nbsp;</P> Tue, 02 Feb 2021 16:57:38 GMT https://community.cisco.com/t5/network-security/disabling-multiple-unused-rules-through-the-fmc-api/m-p/4284489#M1078011 Scott_22 2021-02-02T16:57:38Z https://community.cisco.com/t5/network-security/disabling-multiple-unused-rules-through-the-fmc-api/m-p/4284716#M1078020 <P>Yes, this is possible. but how are you identifying the unused ACP rules? and will you be doing this through a script or using Postman, etc.?</P> <P>depending on how you are doing this, you may (or may not) need to add ?bulk=true to the end of the POST URL you will be using.</P> Tue, 02 Feb 2021 21:33:20 GMT https://community.cisco.com/t5/network-security/disabling-multiple-unused-rules-through-the-fmc-api/m-p/4284716#M1078020 Marius Gunnerud 2021-02-02T21:33:20Z https://community.cisco.com/t5/network-security/disabling-multiple-unused-rules-through-the-fmc-api/m-p/4284734#M1078022 <P>6.4.0 introduced an api endpoint for hitcounts. You could do the following to disable all rules without hitcount</P><P>&nbsp;</P><P>1. PUT to&nbsp;/policy/accesspolicies/{container_uuid}/operational/hitcounts) to update hitcounts (no payload needed)<BR />2. GETto&nbsp;/policy/accesspolicies/{container_uuid}/operational/hitcounts to get all hitcount data</P><P>3. GET to&nbsp;/policy/accesspolicies/{container_uuid}/accessrules to read all accessruled</P><P>4. Loop through all hitcounts, check if hitcount = 0, edit the corresponding accessrule to set state to DISABLED (as fetched via step 3)&nbsp;</P><P>5. PUT to&nbsp;/policy/accesspolicies/{container_uuid}/accessrules?bulk=True with the list of rules that you want to change</P><P>&nbsp;</P><P>I created a python library to interface with FMC, maybe that will be helpful to you: <A href="https://github.com/kaisero/fireREST" target="_blank">https://github.com/kaisero/fireREST</A></P><P>There is also another cool project called fmcapi that you could look into&nbsp;<A href="https://github.com/daxm/fmcapi" target="_blank">https://github.com/daxm/fmcapi</A></P> Tue, 02 Feb 2021 22:06:03 GMT https://community.cisco.com/t5/network-security/disabling-multiple-unused-rules-through-the-fmc-api/m-p/4284734#M1078022 Oliver Kaiser 2021-02-02T22:06:03Z https://community.cisco.com/t5/network-security/disabling-multiple-unused-rules-through-the-fmc-api/m-p/5232404#M1117968 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/169850">@Oliver Kaiser</a>&nbsp;</P><P>I'm new to the whole API thing and just started using Postman to try a few things from a branch created from their FMC library.&nbsp;</P><P>So far I've reached your step 3 using the request called Read Hitcounts for Device"</P><P><SPAN class=""><SPAN>GET: {{protocol}}</SPAN></SPAN><SPAN>://</SPAN><SPAN class=""><SPAN>{{hostname}}</SPAN></SPAN><SPAN>/api/fmc_config/v1/domain/</SPAN><SPAN class=""><SPAN>{{domain_id}}</SPAN></SPAN><SPAN>/policy/accesspolicies/</SPAN><SPAN class=""><SPAN>{{accesspolicy_id}}</SPAN></SPAN><SPAN>/operational/hitcounts?filter=deviceId:</SPAN><SPAN class=""><SPAN>{{device_id}}</SPAN></SPAN><SPAN>&amp;expanded=True</SPAN></P><P><SPAN>Would you be able to elaborate how do I do step 4 and 5?</SPAN></P><P><SPAN>Many thanks,</SPAN></P><P>&nbsp;</P> Wed, 04 Dec 2024 12:42:20 GMT https://community.cisco.com/t5/network-security/disabling-multiple-unused-rules-through-the-fmc-api/m-p/5232404#M1117968 atsukane 2024-12-04T12:42:20Z