pmeyerson · October 26, 2017 21:14
diff --git a/amp-export-network-events.py b/amp-export-network-events.py
 #!/usr/bin/python
 # Fill in your apikey and apipwd and hostname of machine to get started.  
 # Determine the hostguid from the amp console.  Advanced users could use another api query to retreive this.
 # This script is rough but should get you started.

 import json
 import requests
 import csv
 import datetime

 data    =[]
 nfm     =[]
 apikey = ''
 apipwd = ''
 hostguid1 = 

 filename = "amp-export_" + str(datetime.date.today()) + '.csv'
 header = ("timestamp", "hostname", "src_port", "src_ip", "dest_port", "dest_ip", "direction", "protocol")

 obj1 = requests.get('https://api.amp.cisco.com/v1/computers/'+hostguid1+'/trajectory', auth=(apikey, apipwd))
 data.append((obj1, obj1.json()))

 for status, response in data:
    if 200 != status.status_code:
        print "error " + str(status)
        exit()
    else:
        for event in response['data']['events']:
            
            if event['event_type'] == "NFM":
                #print(event)
                direction = event['network_info']['nfm']['direction'].split(' ',1)[0]
                if direction=="Outgoing":

                    nfm.append((event['date'].split('+',1)[0],
                    response['data']['computer']['hostname'],
                    event['network_info']['local_port'],
                    event['network_info']['local_ip'],
                    event['network_info']['remote_port'],
                    event['network_info']['remote_ip'],
                    direction,
                    event['network_info']['nfm']['protocol']))

                elif direction=="Incoming":

                    nfm.append((event['date'].split('+', 1)[0],
                    response['data']['computer']['hostname'],
                    event['network_info']['remote_port'],
                    event['network_info']['remote_ip'],
                    event['network_info']['local_port'],
                    event['network_info']['local_ip'],
                    direction,
                    event['network_info']['nfm']['protocol']))

 with open(filename, 'w') as fout:
    write = csv.writer(fout, lineterminator='\n')
    if len(header) > 0:
        write.writerow(header)
    write.writerows(nfm)

 print "wrote file " + filename + " " + str(len(nfm)) + " events from " + str(len(data)) + " hosts"
 exit(0)
	#!/usr/bin/python
	# Fill in your apikey and apipwd and hostname of machine to get started.
	# Determine the hostguid from the amp console. Advanced users could use another api query to retreive this.
	# This script is rough but should get you started.

	import json
	import requests
	import csv
	import datetime

	data =[]
	nfm =[]
	apikey = ''
	apipwd = ''
	hostguid1 =

	filename = "amp-export_" + str(datetime.date.today()) + '.csv'
	header = ("timestamp", "hostname", "src_port", "src_ip", "dest_port", "dest_ip", "direction", "protocol")

	obj1 = requests.get('https://api.amp.cisco.com/v1/computers/'+hostguid1+'/trajectory', auth=(apikey, apipwd))
	data.append((obj1, obj1.json()))

	for status, response in data:
	if 200 != status.status_code:
	print "error " + str(status)
	exit()
	else:
	for event in response['data']['events']:

	if event['event_type'] == "NFM":
	#print(event)
	direction = event['network_info']['nfm']['direction'].split(' ',1)[0]
	if direction=="Outgoing":

	nfm.append((event['date'].split('+',1)[0],
	response['data']['computer']['hostname'],
	event['network_info']['local_port'],
	event['network_info']['local_ip'],
	event['network_info']['remote_port'],
	event['network_info']['remote_ip'],
	direction,
	event['network_info']['nfm']['protocol']))

	elif direction=="Incoming":

	nfm.append((event['date'].split('+', 1)[0],
	response['data']['computer']['hostname'],
	event['network_info']['remote_port'],
	event['network_info']['remote_ip'],
	event['network_info']['local_port'],
	event['network_info']['local_ip'],
	direction,
	event['network_info']['nfm']['protocol']))

	with open(filename, 'w') as fout:
	write = csv.writer(fout, lineterminator='\n')
	if len(header) > 0:
	write.writerow(header)
	write.writerows(nfm)

	print "wrote file " + filename + " " + str(len(nfm)) + " events from " + str(len(data)) + " hosts"
	exit(0)