shadow_it

The following methods allow for interaction with the Z-Insights Shadow IT Discovery Analytics API.

Methods are accessible via zinsights.shadow_it

Copyright (c) 2023, Zscaler Inc.

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

class ShadowItAPI

Bases: APIClient

A Client object for the Z-Insights SHADOW_IT domain.

Discover and manage shadow IT applications used by your organization’s user, department, or location.

get_apps(start_time, end_time, limit=None, filter_by=None, order_by=None)

Get Shadow IT discovered applications with full details.

AppsResponse fields:

  • application: The application name

  • application_category: The application category

  • risk_index: The risk index number

  • computed_risk_index: Computed risk index

  • sanctioned_state: Whether app is sanctioned/unsanctioned

  • integration: Number of potential integrations

  • data_consumed: Sum of upload and download bytes

  • data_uploaded: Uploaded bytes

  • data_downloaded: Downloaded bytes

  • authenticated_users: Number of authenticated users

  • unAuthenticated_location_count: Unauthenticated location count

  • last_access_time: Last access timestamp

  • vulnerability: Vulnerability information

  • undiscovered: Whether app is undiscovered

  • custom_risk_index: Custom risk index

Parameters:

  • start_time – Start time in epoch milliseconds.

  • end_time – End time in epoch milliseconds.

  • limit – Maximum number of entries to return.

  • filter_by – Filter options using ShadowITAppsFilterBy. Supports filtering by application, application_category, sanctioned_state.

  • order_by – Ordering options using list of ShadowITAppsOrderBy.

Returns:

(entries_list, response, error)

Return type:

tuple

Examples

>>> entries, _, err = client.zinsights.shadow_it.get_apps(
...     start_time=start_time,
...     end_time=end_time,
...     limit=10
... )
>>>
>>> # With filtering
>>> from zscaler.zinsights.models.inputs import ShadowITAppsFilterBy, StringFilter
>>> filter_by = ShadowITAppsFilterBy(
...     application=StringFilter(eq="Dropbox")
... )
>>> entries, _, err = client.zinsights.shadow_it.get_apps(
...     start_time=start_time,
...     end_time=end_time,
...     filter_by=filter_by
... )
get_shadow_it_summary(start_time, end_time)

Get comprehensive Shadow IT summary with all groupings and statistics.

Returns a complete summary including: - Top-level stats: total_upload_bytes, total_download_bytes, total_apps, total_bytes - group_by_app_cat_for_app: Apps grouped by category - group_by_app_cat_for_user_count: User counts grouped by category - group_by_app_cat_for_upload_bytes: Upload bytes grouped by category - group_by_app_cat_for_download_bytes: Download bytes grouped by category - group_by_app_cat_for_total_bytes: Total bytes grouped by category - group_by_risk_index_for_app: Apps grouped by risk index - group_by_provisioning_status_for_app: Apps grouped by provisioning status - group_by_access_for_app: Apps grouped by access type

Parameters:

  • start_time – Start time in epoch milliseconds.

  • end_time – End time in epoch milliseconds.

Returns:

(summary_dict, response, error)

summary_dict contains all top-level fields and group_by results.

Return type:

tuple

Examples

>>> summary, _, err = client.zinsights.shadow_it.get_shadow_it_summary(
...     start_time=start_time,
...     end_time=end_time
... )
>>> print(f"Total apps: {summary['total_apps']}")
>>> print(f"Total bytes: {summary['total_bytes']}")
>>> # Access group_by data
>>> for entry in summary.get('group_by_app_cat_for_app', {}).get('entries', []):
...     print(f"Category: {entry['name']}, Total: {entry['total']}")