Reviewing Rule Statistics

Overview

The Rule Stats page displays the results for each cell after every USP matrix analysis. In this page, you can see the actual percentages, out of the total number of rules, for Services, Applications (in Allow tab), Properties, and Flow for the cell.

From the USP List (), click the name of a USP and click Rule Stats.

You can scroll down the page to see the analysis results for each cell. These results are separated into two tabs - Allow Rules and Block Rules. For example, in this image, there are 16 rules that allow traffic and five rules that block traffic.

Review Rule Statistics

When you hover over the Matrix Cell Name, you see the values for each field with the highest percentages from either the Allow Rules or the Block Rules tab. For example, if Explicit Service is 90% enabled in the Allow Rules tab and 20% enabled in the Block Rules tab, you see that Explicit Service is enabled for the cell when you hover over the cell name.

Each matrix cell includes the following fields:

  • Restriction Type: Defines the traffic between the zones represented in the cell. The default value is Allow only.

    • Allow all: All traffic is allowed.

    • Block all: All traffic is blocked.

    • Allow only: Traffic is allowed only if the traffic service is in the list of services.

    • Block only: Traffic is blocked only if the traffic service is in the list of services.

  • Services: Services that are allowed to pass between the two zones represented in the USP matrix cell. See Tufin Predefined Services

  • Applications: Applications that are allowed to pass between the two zones represented in the USP matrix cell. See Tufin Predefined Application Identities

  • Properties: Rules that match the following specified traffic requirements are allowed:

    • Explicit Source: Rules must have an explicit source, not the ANY value.

    • Explicit Destination: Rules must have an explicit destination, not the ANY value.

    • Explicit Services: Rules must have an explicit service, not the ANY value.

    • Has Comment: Rules must have text in the comment field.

    • Is Logged: Rules must be configured to create log entries.

    • Last Hit Within (days): Rules must have hits within the last X number of days.

    • Source Max IP (count): Source zone must contain less than X IP addresses.

    • Destination Max IP (count): Destination zone must contain less than X IP addresses.

    • Service Max Services (count): Service must contain less than X services.

  • Flow: Rules that match the specified traffic requirements are allowed or blocked. The default value is none. Types of flow include:

    • Host to Host: Rules where the source and destination of the traffic flow are defined by host objects.

    • Subnet to Host: Rules where the source of the traffic flow is defined by subnet objects and the destination is defined by host objects.

    • Host to Subnet: Rules where the source of the traffic flow is defined by host objects and the destination is defined by subnet objects.

  • Severity: Possible values are Critical, High, Medium, and Low. The default value is High.

  • Description: Default value is no description.

  • Cell was changed: Indicates that the cell content was changed by SPB analysis or by the app administrator.

Add or Modify Values

  1. To add or modify values, open the cell and make the required changes.

  2. Click Save.

    Changes appear when you hover over the cell name. If you made any changes, we recommend that you analyze the USP again.

Find Specific Rule Statistics

SPB includes a very powerful search feature, which is especially useful when you have a large number of USPs. See Using Search.