Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to get Top blocked sites by URL using API

Solved
azrul6
Comes here often
3 weeks ago
3 weeks ago

How to get Top blocked sites by URL using API

Hi

 

Currently i already manage to fetch contentfiltering from each network in my orgnanization using this 2 call

 

https://api.meraki.com/api/v1/organizations/{organizationId}/networks
https://api.meraki.com/api/v1/networks/{networkId}/appliance/contentFiltering

 

I already go through the api documentation , but still can't find how to get blocked sites data. It can be done by report summary in meraki dashboard but how i want to achieve this using API ?

 

Can anyone help me or give some tips how to fetch the data.

 

thanks

0 Kudos
1 Accepted Solution
sungod
Kind of a big deal
3 weeks ago
3 weeks ago

For reporting, the ones I use to get security/blocking related events are...

 

https://developer.cisco.com/meraki/api-v1/get-network-events/    with filters to select just the event types I want, for instance...

 

 

aiomeraki.networks.getNetworkEvents(net['id'], productType="appliance", includedEventTypes = ["nbar_block", "cf_block", "sf_url_block", "sf_binary_block"], perPage=1000, total_pages="all")

 

 

See this for the current list of event types... https://developer.cisco.com/meraki/api-v1/get-network-events-event-types/

 

...note that the return format/content varies depending on event type, I don't think it's definitively documented, I ended up gathering lots of events to work out the format of the ones I was interested in, there can also be different formats for the same event type.

 

But not all events are 'events' 😀 This call is also needed...

 

https://developer.cisco.com/meraki/api-v1/get-organization-appliance-security-events/

....there's a network-level version of this too...

https://developer.cisco.com/meraki/api-v1/get-network-appliance-security-events/

 

I actually prefer the network-level version, as the org-level one doesn't include the network ID in responses (which IMO it should!)

View solution in original post

5 Replies 5
sungod
Kind of a big deal
3 weeks ago
3 weeks ago

For reporting, the ones I use to get security/blocking related events are...

 

https://developer.cisco.com/meraki/api-v1/get-network-events/    with filters to select just the event types I want, for instance...

 

 

aiomeraki.networks.getNetworkEvents(net['id'], productType="appliance", includedEventTypes = ["nbar_block", "cf_block", "sf_url_block", "sf_binary_block"], perPage=1000, total_pages="all")

 

 

See this for the current list of event types... https://developer.cisco.com/meraki/api-v1/get-network-events-event-types/

 

...note that the return format/content varies depending on event type, I don't think it's definitively documented, I ended up gathering lots of events to work out the format of the ones I was interested in, there can also be different formats for the same event type.

 

But not all events are 'events' 😀 This call is also needed...

 

https://developer.cisco.com/meraki/api-v1/get-organization-appliance-security-events/

....there's a network-level version of this too...

https://developer.cisco.com/meraki/api-v1/get-network-appliance-security-events/

 

I actually prefer the network-level version, as the org-level one doesn't include the network ID in responses (which IMO it should!)

In response to sungod
azrul6
Comes here often
3 weeks ago
3 weeks ago

Thanks for your guide, already make the progress in this matter.. manage to fetch the data either from organization or network..

 

but i got on more problem,
from the dashboard it self.. it can show report from 1st september but using the api

response = dashboard.appliance.getNetworkApplianceSecurityEvents  or

response = dashboard.appliance.getOrganizationApplianceSecurityEvents

 

already set t0=1725148800

 

my result will only show from 5th of september not from 1st septem.. i wonder where the problem because i already using same timestamp for other api, it show correctly from 1st september

 

thanks for your help

0 Kudos
In response to azrul6
sungod
Kind of a big deal
3 weeks ago
3 weeks ago

Can you post all the parameters you are using, not only the t0 value.

 

Are you 100% certain there were security events between 1st and 5th? Remember some events related to security are actually obtained as network events. 

 

If you set t0 to 1696982400 (about a year ago) what do you see?

0 Kudos
In response to sungod
azrul6
Comes here often
3 weeks ago
3 weeks ago

This is all the parameter


response = dashboard.appliance.getOrganizationApplianceSecurityEvents(
organization_id,
total_pages='all',
perPage='1000',
t0=starting_after,
t1=ending_before
)

 

where  starting_after=1725148800 and ending_before = 1727740799

 


Already set t0 to 1696982400, same result only manage to fetch data from 5th september

0 Kudos
In response to azrul6
sungod
Kind of a big deal
3 weeks ago
3 weeks ago

You have...

 

perPage='1000',

 

...but this should be an integer, try...

 

perPage=1000,

 

Otherwise, assuming the equipment has been installed and with current config before 1st September, if there were security events they should be there.

 

One other thing to try, just in case something weird is going on, add the parameter...

 

sortOrder='descending'

 

...and see if it makes a difference to what you get.

 

If it's still not working, you may need to open a support case.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.