Filter and Visual JSON data

surfjose · September 18, 2020, 10:04am

Hallo
I have the following Body output from the firewall (Checkpoint) and I want to filter out the rules with the Hits 0 and visual this rules with the row rule name and rule number.

If level zero hits

 {
        "percentage" : "0%",
        "level" : "zero",
        "value" : 0
}

Then show “rule-number” : 3, and “name” : “@sw@20200918_01”, in a table.

Part of the output:

{
  "uid" : "97be539e-7cd7-46cb-9ddb-4a69910d0aed",
  "name" : "swrzrhfw01-clu_pol Security",
  "rulebase" : [ {
    "uid" : "f4ae05b1-8179-49b8-94db-b732d36ae2d4",
    "name" : "drop some traffic",
    "type" : "access-section",
    "from" : 1,
    "to" : 13,
    "rulebase" : [ {
      "uid" : "1464723b-54ea-4286-a8fe-902c929d2b85",
      "type" : "access-rule",
      "domain" : {
        "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
        "name" : "SMC User",
        "domain-type" : "domain"
      },
      "rule-number" : 1,
      "track" : {
        "type" : "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
        "per-session" : false,
        "per-connection" : false,
        "accounting" : false,
        "enable-firewall-session" : false,
        "alert" : "none"
      },
      "source" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "source-negate" : false,
      "destination" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "destination-negate" : false,
      "service" : [ "97aeb427-9aea-11d5-bd16-0090272ccb30", "e8f77162-3b27-4649-9819-65be38f2627b", "67ce5fb6-e58b-4a16-9380-2499bdea4551" ],
      "service-negate" : false,
      "vpn" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "action" : "6c488338-8eec-4103-ad21-cd461ac2c473",
      "action-settings" : { },
      "content" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "content-negate" : false,
      "content-direction" : "any",
      "time" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "hits" : {
        "percentage" : "0%",
        "level" : "low",
        "value" : 902386,
        "first-date" : {
          "posix" : 1577836808000,
          "iso-8601" : "2020-01-01T01:00+0100"
        },
        "last-date" : {
          "posix" : 1600291044000,
          "iso-8601" : "2020-09-16T23:17+0200"
        }
      },
      "custom-fields" : {
        "field-1" : "",
        "field-2" : "",
        "field-3" : ""
      },
      "meta-info" : {
        "lock" : "unlocked",
        "validation-state" : "ok",
        "last-modify-time" : {
          "posix" : 1558370903326,
          "iso-8601" : "2019-05-20T18:48+0200"
        },
        "last-modifier" : "System",
        "creation-time" : {
          "posix" : 1558370903326,
          "iso-8601" : "2019-05-20T18:48+0200"
        },
        "creator" : "System"
      },
      "comments" : "drop h323 traffic - log track\ndrop w32.sasser.worm traffic\n2004-05-01 / te",
      "enabled" : true,
      "install-on" : [ "6c488338-8eec-4103-ad21-cd461ac2c476" ]
    }, {
      "uid" : "5083bf28-2f1b-4833-b2a7-dc9ef236e196",
      "type" : "access-rule",
      "domain" : {
        "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
        "name" : "SMC User",
        "domain-type" : "domain"
      },
      "rule-number" : 2,
      "track" : {
        "type" : "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
        "per-session" : false,
        "per-connection" : false,
        "accounting" : false,
        "enable-firewall-session" : false,
        "alert" : "none"
      },
      "source" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "source-negate" : false,
      "destination" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "destination-negate" : false,
      "service" : [ "eaedd130-2c7a-4f09-889f-1ecaf9176649", "b9822d94-7232-4ca0-a352-4184176c55c7", "f3b6bebe-a661-be4f-a0fd-bcabd4940e57" ],
      "service-negate" : false,
      "vpn" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "action" : "6c488338-8eec-4103-ad21-cd461ac2c473",
      "action-settings" : { },
      "content" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "content-negate" : false,
      "content-direction" : "any",
      "time" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "hits" : {
        "percentage" : "0%",
        "level" : "low",
        "value" : 41518540,
        "first-date" : {
          "posix" : 1577915968000,
          "iso-8601" : "2020-01-01T22:59+0100"
        },
        "last-date" : {
          "posix" : 1600288512000,
          "iso-8601" : "2020-09-16T22:35+0200"
        }
      },
      "custom-fields" : {
        "field-1" : "",
        "field-2" : "",
        "field-3" : ""
      },
      "meta-info" : {
        "lock" : "unlocked",
        "validation-state" : "ok",
        "last-modify-time" : {
          "posix" : 1558371086358,
          "iso-8601" : "2019-05-20T18:51+0200"
        },
        "last-modifier" : "System",
        "creation-time" : {
          "posix" : 1558370903332,
          "iso-8601" : "2019-05-20T18:48+0200"
        },
        "creator" : "System"
      },
      "comments" : "drop some traffic - none track !!\n2004-05-07 / te",
      "enabled" : true,
      "install-on" : [ "6c488338-8eec-4103-ad21-cd461ac2c476" ]
    }, {
      "uid" : "8d96a675-f49b-46fb-b627-11ea43c1ab7c",
      "name" : "@sw@20200918_01",
      "type" : "access-rule",
      "domain" : {
        "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
        "name" : "SMC User",
        "domain-type" : "domain"
      },
      "rule-number" : 3,
      "track" : {
        "type" : "598ead32-aa42-4615-90ed-f51a5928d41d",
        "per-session" : false,
        "per-connection" : true,
        "accounting" : false,
        "enable-firewall-session" : false,
        "alert" : "none"
      },
      "source" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "source-negate" : false,
      "destination" : [ "b53f33a6-be9a-4ce9-bd7d-033c6da94d2f" ],
      "destination-negate" : false,
      "service" : [ "a3663dec-9e8c-452b-b9d9-e55b197b9272" ],
      "service-negate" : false,
      "vpn" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "action" : "6c488338-8eec-4103-ad21-cd461ac2c473",
      "action-settings" : { },
      "content" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "content-negate" : false,
      "content-direction" : "any",
      "time" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
      "hits" : {
        "percentage" : "0%",
        "level" : "zero",
        "value" : 0
      },
      "custom-fields" : {
        "field-1" : "",
        "field-2" : "",
        "field-3" : ""
      },
      "meta-info" : {
        "lock" : "unlocked",
        "validation-state" : "ok",
        "last-modify-time" : {
          "posix" : 1600414527237,
          "iso-8601" : "2020-09-18T09:35+0200"
        },
        "last-modifier" : "swadmin",
        "creation-time" : {
          "posix" : 1558370903338,
          "iso-8601" : "2019-05-20T18:48+0200"
        },
        "creator" : "System"
      },
      "comments" : "drop 6to4 tunneling",
      "enabled" : true,
      "install-on" : [ "6c488338-8eec-4103-ad21-cd461ac2c476" ]
    }, {
      "uid" : "3d5655f3-ce0e-4fa6-a59d-364e1bf208de",
      "type" : "access-rule",
      "domain" : {
        "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
        "name" : "SMC User",
        "domain-type" : "domain"
      },

Thx for you help.
Sam