Python 100 project #10: FortiAnalyzer Past week Top Website

One thing I found out during the API exploration of various vendor, Fortinet is one of the vendor which has a broad set of those interfaces among their product lines. It was surprising as I had thought Fortinet had been one of the most locked in company in terms of API (as the document is extremely difficult to find).

Some of their product can be deployed onto the AWS quite easily, hence it’s easy to evaluate, and once you have access to the right channel, it has quite a bunch of resource to support you.

 

Output Example:

Streaming Media and Download 137171.941
Advertising 49508.214
Business 45659.808
Internet Radio and TV 27932.994
Information Technology 25066.791
Health and Wellness 18918.331
Government and Legal Organizations 18881.806
Web Hosting 18608.554
Shopping 10576.678
Education 9224.136
Games 9083.764
Newly Observed Domain 7193.726
Personal Websites and Blogs 7054.746
Society and Lifestyles 4378.23
Unrated 3771.063
Content Servers 2933.707
Search Engines and Portals 1620.786
Meaningless Content 1577.338
Restaurant and Dining 535.872
Proxy Avoidance 494.937
Malicious Websites 188.418
Newsgroups and Message Boards 160.979
News and Media 138.786
Social Networking 64.236
Information and Computer Security 51.736
Reference 44.47
Finance and Banking 42.153
Travel 29.101
Web Analytics 17.174
Entertainment 8.232
Web-based Applications 3.737
Instant Messaging 2.95

Because I usually watch Netflix for a few hours everyday, it occupies most of the internet usage.

 

Here is the code:

Most of the connection sequence, I used the class provided by Fortinet team (FNTNLIB).

import operator

import fmg_jsonapi

IPADDR = "your-fortianalyzer-ipaddress"
USER = "admin"
PASSWD = "your-admin-password"


def get_top_website_params():
    from datetime import datetime, timedelta

    current_time = datetime.now()
    week_before = current_time - timedelta(days=7)

    top_web_params = {
        "case-sensitive": "false",
        "device": [{"devid": "All_Devices"}],
        "filter": "",
        "limit": 100,
        "sort-by": [
            {
                "field": "bandwidth",
                "order": "desc"
            }
        ],
        "time-range": {
            "end": current_time.strftime("%Y-%m-%d %H:%M"),
            "start": week_before.strftime("%Y-%m-%d %H:%M"),
        },
        "url": "/fortiview/adom/root/top-websites/run"
    }

    return top_web_params


def get_task_params(task_id):
    task_params = {
        "url": "/fortiview/adom/root/top-sources/run/" + str(task_id)
    }

    return task_params


def get_data():
    conn = fmg_jsonapi.FortiManagerJSON()
    # conn.verbose('on')
    # conn.debug('on')
    conn.login(IPADDR, USER, PASSWD)

    # create top website viewer tasks
    params1 = [{"apiver": 3}]
    params1[0].update(get_top_website_params())
    status, data = conn.http_request('add', params1)

    task_id = data['tid']
    params2 = [{"apiver": 3}]
    params2[0].update(get_task_params(task_id))
    status, data = conn.http_request('get', params2)

    # conn.verbose('off')
    # conn.debug('off')
    conn.logout()

    return data


if __name__ == "__main__":

    d = get_data()

    traffic_data = {}
    for category in d['data']:
        traffic_data[category['catdesc']] = float(category['bandwidth'])

    sorted_traffic_data = sorted(traffic_data.items(), key=operator.itemgetter(1), reverse=True)

    for cat in sorted_traffic_data:
        print(cat[0], cat[1]/1000)

 

このFortiAnalyzerからの出力結果をWordCloudにすると以下のような感じ。

これをEcho Spot, Echo Showなどと組み合わせれば、音声で過去一週間でどのようなWebサイトが閲覧されたかが表示される。