web_traffic

The following methods allow for interaction with the Z-Insights Web Traffic Analytics API.

Methods are accessible via zinsights.web_traffic

Copyright (c) 2023, Zscaler Inc.

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

class WebTrafficAPI

Bases: APIClient

A Client object for the Z-Insights WEB_TRAFFIC domain.

Provides access to web traffic analytics and reports including: - Traffic by location - Traffic by user - Protocol distribution - Threat categories

get_no_grouping(start_time, end_time, traffic_unit='TRANSACTIONS', dlp_engine_filter=None, action_filter=None, include_trend=False, trend_interval=None, limit=None, filter_by=None, order_by=None)

Get web traffic data without grouping (overall traffic).

Parameters:

  • start_time – Start time in epoch milliseconds.

  • end_time – End time in epoch milliseconds.

  • traffic_unit – Either “TRANSACTIONS” or “BYTES”.

  • dlp_engine_filter – DLP engine filter.

  • action_filter – Action filter (e.g., “ALLOW”, “BLOCK”).

  • include_trend – Whether to include trend data.

  • trend_interval – Trend interval (e.g., “HOURLY”, “DAILY”).

  • limit – Maximum number of entries to return.

  • filter_by – Filter options using WebEntriesFilterBy.

  • order_by – Ordering options using list of WebOrderBy.

Returns:

(entries_list, response, error)

Return type:

tuple

get_protocols(start_time, end_time, traffic_unit='TRANSACTIONS', limit=None, filter_by=None, order_by=None)

Get web traffic protocol distribution.

Parameters:

  • start_time – Start time in epoch milliseconds.

  • end_time – End time in epoch milliseconds.

  • traffic_unit – Either “TRANSACTIONS” or “BYTES”.

  • limit – Maximum number of entries to return.

  • filter_by – Filter options using WebEntriesFilterBy.

  • order_by – Ordering options using list of WebOrderBy.

Returns:

(entries_list, response, error)

Return type:

tuple

get_threat_class(start_time, end_time, traffic_unit='TRANSACTIONS', limit=None, filter_by=None, order_by=None)

Get web traffic data grouped by threat class.

Parameters:

  • start_time – Start time in epoch milliseconds.

  • end_time – End time in epoch milliseconds.

  • traffic_unit – Either “TRANSACTIONS” or “BYTES”.

  • limit – Maximum number of entries to return.

  • filter_by – Filter options using WebEntriesFilterBy.

  • order_by – Ordering options using list of WebOrderBy.

Returns:

(entries_list, response, error)

Return type:

tuple

get_threat_super_categories(start_time, end_time, traffic_unit='TRANSACTIONS', limit=None, filter_by=None, order_by=None)

Get web traffic data grouped by threat super categories.

Parameters:

  • start_time – Start time in epoch milliseconds.

  • end_time – End time in epoch milliseconds.

  • traffic_unit – Either “TRANSACTIONS” or “BYTES”.

  • limit – Maximum number of entries to return.

  • filter_by – Filter options using WebEntriesFilterBy.

  • order_by – Ordering options using list of WebOrderBy.

Returns:

(entries_list, response, error)

Return type:

tuple

get_traffic_by_location(start_time, end_time, traffic_unit='TRANSACTIONS', include_trend=False, trend_interval=None, limit=None, filter_by=None, order_by=None)

Get web traffic data grouped by location.

Parameters:

  • start_time – Start time in epoch milliseconds.

  • end_time – End time in epoch milliseconds.

  • traffic_unit – Either “TRANSACTIONS” or “BYTES”.

  • include_trend – Whether to include trend data.

  • trend_interval – Trend interval (e.g., “HOURLY”, “DAILY”).

  • limit – Maximum number of entries to return.

  • filter_by – Filter options using WebEntriesFilterBy.

  • order_by – Ordering options using list of WebOrderBy.

Returns:

(entries_list, response, error)

Return type:

tuple

Examples

>>> entries, _, err = client.zinsights.web_traffic.get_traffic_by_location(
...     start_time=start_time,
...     end_time=end_time,
...     traffic_unit="TRANSACTIONS",
...     limit=10
... )
>>>
>>> # With trend data
>>> entries, _, err = client.zinsights.web_traffic.get_traffic_by_location(
...     start_time=start_time,
...     end_time=end_time,
...     traffic_unit="TRANSACTIONS",
...     include_trend=True,
...     trend_interval="HOURLY"
... )