81 lines
2.7 KiB
Python
81 lines
2.7 KiB
Python
|
#!/usr/bin/env python3
|
||
|
#
|
||
|
# Copyright 2019, Mischa Peters <mischa AT netskope DOT com>, Netskope.
|
||
|
# Version 1.0 - 20191028
|
||
|
#
|
||
|
# Collects all the page events, counts all the domain hits and category hits
|
||
|
#
|
||
|
# Requires:
|
||
|
# - Python 3.x
|
||
|
#
|
||
|
import json
|
||
|
import urllib.request
|
||
|
import argparse
|
||
|
from collections import Counter
|
||
|
from operator import itemgetter
|
||
|
|
||
|
parser = argparse.ArgumentParser(description="Get all events from Netskope API", epilog="2019 (c) Netskope")
|
||
|
parser.add_argument("tenant", type=str, help="Tenant Name (eg. ams.eu)")
|
||
|
parser.add_argument("token", type=str, help="Tenat API Token")
|
||
|
parser.add_argument("-t", "--timeperiod", type=int, default='86400', help="Timeperiod 3600 | 86400 | 604800 | 2592000 (default: 86400)")
|
||
|
parser.add_argument("-r", "--rows", type=int, default='0', help="Number of rows (default display all)")
|
||
|
parser.add_argument("-s", "--show", action='store_true', help="Show category hits")
|
||
|
parser.add_argument("-d", "--debug", action='store_true', help="debug")
|
||
|
|
||
|
try:
|
||
|
args = parser.parse_args()
|
||
|
tenant = args.tenant
|
||
|
token = args.token
|
||
|
timeperiod = args.timeperiod
|
||
|
rows = args.rows
|
||
|
show = args.show
|
||
|
debug = args.debug
|
||
|
|
||
|
except argparse.ArgumentError as e:
|
||
|
print(str(e))
|
||
|
|
||
|
domain_count = Counter()
|
||
|
domain_category = {}
|
||
|
domain_ccl = {}
|
||
|
domain_cci = {}
|
||
|
category_count = Counter()
|
||
|
rows = None if rows == 0 else rows
|
||
|
|
||
|
def get_json(type):
|
||
|
domain = "goskope.com"
|
||
|
url = f"https://{tenant}.{domain}/api/v1/events?token={token}&type={type}&timeperiod={timeperiod}"
|
||
|
req = urllib.request.Request(url)
|
||
|
with urllib.request.urlopen(req) as response:
|
||
|
content = response.read()
|
||
|
json_data = json.loads(content)
|
||
|
if debug: print (json_data)
|
||
|
print(json.dumps(json_data, indent=4, sort_keys=True))
|
||
|
return(json_data)
|
||
|
|
||
|
json_content = get_json("page")
|
||
|
for i in range (0, len (json_content['data'])):
|
||
|
domain = json_content["data"][i]["domain"]
|
||
|
ccl = json_content["data"][i]["ccl"]
|
||
|
category = json_content["data"][i]["category"]
|
||
|
#ccl = json_content["data"][i]["ccl"]
|
||
|
cci = json_content["data"][i]["cci"]
|
||
|
domain_count[domain] += 1
|
||
|
domain_category[domain] = category
|
||
|
domain_ccl[domain] = ccl
|
||
|
domain_cci[domain] = cci
|
||
|
category_count[category] += 1
|
||
|
|
||
|
top_domains = domain_count.most_common(rows)
|
||
|
print (f"{'Domain':<40s}{'Hits':>5s} - Category")
|
||
|
print ("################################################################################")
|
||
|
for i in top_domains:
|
||
|
print (f"{i[0]:<40s}{i[1]:5d} - {domain_category[i[0]]} - {domain_ccl[i[0]]}")
|
||
|
|
||
|
print ("")
|
||
|
if show:
|
||
|
top_categories = category_count.most_common()
|
||
|
print (f"{'Category':<40s}{'Hits':>5s}")
|
||
|
print ("################################################################################")
|
||
|
for i in top_categories:
|
||
|
print (f"{i[0]:<40s}{i[1]:5d}")
|