Skip to main content



Cisco Defense Orchestrator

Hit Rates

CDO enables you to evaluate the outcome of policy rules, on top of secure and scalable orchestration of policies, providing a simple visualization for more accurate policy analysis and an immediate, actionable pivot to root cause, all in a single pane from the cloud. The New Hit Rates functionality enables you to:

  • Eliminate obsolete and never-matched policy rules, increasing security posture.
  • Optimize firewall performance by instantly identifying bottlenecks as well as ensuring correct and efficient prioritization is enforced (for example, most triggered policy rule is prioritized higher).
  • Maintain a history of Hit Rates information, even upon device or policy rule reset, for a configured data retention period (1 year).
  • Strengthen validation of suspected shadow and unused rules based on actionable information. Removing doubt about update or delete.
  • Visualize policy rule usage in the context of the entire policy, leveraging predefined time intervals (day, week, month, year) and scale of actual hits (zero, >100, >100k, etc.) to evaluate impact on packets traversing the network.



  • Was this article helpful?