One thing I found out during the API exploration of various vendor, Fortinet is one of the vendor which has a broad set of those interfaces among their product lines. It was surprising as I had thought Fortinet had been one of the most locked in company in terms of API (as the document is extremely difficult to find).
Some of their product can be deployed onto the AWS quite easily, hence it’s easy to evaluate, and once you have access to the right channel, it has quite a bunch of resource to support you.
Output Example:
Streaming Media and Download 137171.941 Advertising 49508.214 Business 45659.808 Internet Radio and TV 27932.994 Information Technology 25066.791 Health and Wellness 18918.331 Government and Legal Organizations 18881.806 Web Hosting 18608.554 Shopping 10576.678 Education 9224.136 Games 9083.764 Newly Observed Domain 7193.726 Personal Websites and Blogs 7054.746 Society and Lifestyles 4378.23 Unrated 3771.063 Content Servers 2933.707 Search Engines and Portals 1620.786 Meaningless Content 1577.338 Restaurant and Dining 535.872 Proxy Avoidance 494.937 Malicious Websites 188.418 Newsgroups and Message Boards 160.979 News and Media 138.786 Social Networking 64.236 Information and Computer Security 51.736 Reference 44.47 Finance and Banking 42.153 Travel 29.101 Web Analytics 17.174 Entertainment 8.232 Web-based Applications 3.737 Instant Messaging 2.95
Because I usually watch Netflix for a few hours everyday, it occupies most of the internet usage.
Here is the code:
Most of the connection sequence, I used the class provided by Fortinet team (FNTNLIB).
import operator
import fmg_jsonapi
IPADDR = "your-fortianalyzer-ipaddress"
USER = "admin"
PASSWD = "your-admin-password"
def get_top_website_params():
from datetime import datetime, timedelta
current_time = datetime.now()
week_before = current_time - timedelta(days=7)
top_web_params = {
"case-sensitive": "false",
"device": [{"devid": "All_Devices"}],
"filter": "",
"limit": 100,
"sort-by": [
{
"field": "bandwidth",
"order": "desc"
}
],
"time-range": {
"end": current_time.strftime("%Y-%m-%d %H:%M"),
"start": week_before.strftime("%Y-%m-%d %H:%M"),
},
"url": "/fortiview/adom/root/top-websites/run"
}
return top_web_params
def get_task_params(task_id):
task_params = {
"url": "/fortiview/adom/root/top-sources/run/" + str(task_id)
}
return task_params
def get_data():
conn = fmg_jsonapi.FortiManagerJSON()
# conn.verbose('on')
# conn.debug('on')
conn.login(IPADDR, USER, PASSWD)
# create top website viewer tasks
params1 = [{"apiver": 3}]
params1[0].update(get_top_website_params())
status, data = conn.http_request('add', params1)
task_id = data['tid']
params2 = [{"apiver": 3}]
params2[0].update(get_task_params(task_id))
status, data = conn.http_request('get', params2)
# conn.verbose('off')
# conn.debug('off')
conn.logout()
return data
if __name__ == "__main__":
d = get_data()
traffic_data = {}
for category in d['data']:
traffic_data[category['catdesc']] = float(category['bandwidth'])
sorted_traffic_data = sorted(traffic_data.items(), key=operator.itemgetter(1), reverse=True)
for cat in sorted_traffic_data:
print(cat[0], cat[1]/1000)
このFortiAnalyzerからの出力結果をWordCloudにすると以下のような感じ。
これをEcho Spot, Echo Showなどと組み合わせれば、音声で過去一週間でどのようなWebサイトが閲覧されたかが表示される。
