#!/usr/bin/env python3
#
# Copyright 2019, Mischa Peters <mischa AT netskope DOT com>, Netskope.
# Version 1.0 - 20191028
#
# Collects all the page events, counts all the domain hits and category hits
#
# Requires:
#   - Python 3.x
#       
import json
import urllib.request
import argparse
from collections import Counter
from operator import itemgetter

parser = argparse.ArgumentParser(description="Get all events from Netskope API", epilog="2019 (c) Netskope")
parser.add_argument("tenant", type=str, help="Tenant Name (eg. ams.eu)")
parser.add_argument("token", type=str, help="Tenat API Token")
parser.add_argument("-t", "--timeperiod", type=int, default='86400', help="Timeperiod 3600 | 86400 | 604800 | 2592000 (default: 86400)")
parser.add_argument("-r", "--rows", type=int, default='0', help="Number of rows (default display all)")
parser.add_argument("-s", "--show", action='store_true', help="Show category hits")
parser.add_argument("-d", "--debug", action='store_true', help="debug")

try:
	args = parser.parse_args()
	tenant = args.tenant
	token = args.token
	timeperiod = args.timeperiod
	rows = args.rows
	show = args.show
	debug = args.debug

except argparse.ArgumentError as e:
	print(str(e))

domain_count = Counter()
domain_category = {}
domain_ccl = {}
domain_cci = {}
category_count = Counter()
rows = None if rows == 0 else rows

def get_json(type):
	domain = "goskope.com"
	url = f"https://{tenant}.{domain}/api/v1/events?token={token}&type={type}&timeperiod={timeperiod}"
	req = urllib.request.Request(url)
	with urllib.request.urlopen(req) as response:
		content = response.read()
	json_data = json.loads(content)
	if debug: print (json_data)
	print(json.dumps(json_data, indent=4, sort_keys=True))
	return(json_data)

json_content = get_json("page")
for i in range (0, len (json_content['data'])):
	domain = json_content["data"][i]["domain"]
	ccl = json_content["data"][i]["ccl"]
	category = json_content["data"][i]["category"]
	#ccl = json_content["data"][i]["ccl"]
	cci = json_content["data"][i]["cci"]
	domain_count[domain] += 1
	domain_category[domain] = category
	domain_ccl[domain] = ccl
	domain_cci[domain] = cci
category_count[category] += 1

top_domains = domain_count.most_common(rows)
print (f"{'Domain':<40s}{'Hits':>5s} - Category")
print ("################################################################################")
for i in top_domains: 
	print (f"{i[0]:<40s}{i[1]:5d} - {domain_category[i[0]]} - {domain_ccl[i[0]]}")

print ("")
if show:
	top_categories = category_count.most_common()
	print (f"{'Category':<40s}{'Hits':>5s}")
	print ("################################################################################")
	for i in top_categories: 
		print (f"{i[0]:<40s}{i[1]:5d}")