Do a count of flows from QRadar

process_qradar_traffic.py

#!/usr/bin/python3

'magnitude,protocol,protocolName,startTime,stopTime,startDateTime,stopDateTime,destIp,destinationPort,srcIp,sourcePort,dstPortInvalid,srcPortInvalid,customProps,sourceV6Ip,destinationV6Ip,tLVProperties,domainID,domainName,categoryDescription,qid,eventName,category,flowIdentifier,appId,compoundAppID,appName,totalDestinationBytes,totalBytes,totalDestinationPackets,severity,credibility,relevance,sensorInterfaceId,flowSensorName,flowInterfaceName,totalSourceBytes,totalSourcePackets,mPCEvent,firstPacketTime,lastPacketDateTime,sourcePayloadAsBase64,sourcePayloadAsHexOneLine,sourcePayloadAsUTF,destinationPayloadAsBase64,destinationPayloadAsHexOneLine,destinationPayloadAsUTF,icmpCode,icmpType,icmpTypeDescription,flowType,flowTypeDescription,sourceTOS,destinationTOS,destinationDSCP,destinationPrecedence,sourceDSCP,sourcePrecedence,direction,directionDescription,destinationTCPFlags,sourceTCPFlags,sourceTCPFlagsDescription,destinationTCPFlagsDescription'

import csv

#infile = './export.csv.head'
infile = './export.csv.nullsremoved'

trafficcount = {}

with open(infile,newline='', encoding = "ISO-8859-1") as csvfile:
    in_reader = csv.DictReader(csvfile,quotechar='"',delimiter=',')

    for row in in_reader:
        key = ','.join((row["srcIp"],row["destIp"],row["destinationPort"]))
        if not key in trafficcount:
            trafficcount[key] = [int(row["totalSourceBytes"]),int(row["totalDestinationBytes"])]
        else:
            trafficcount[key][0] = trafficcount[key][0] + int(row["totalSourceBytes"])
            trafficcount[key][1] = trafficcount[key][1] + int(row["totalDestinationBytes"])

for key,count in trafficcount.items():
    print("{},{},{}".format(key,count[0],count[1]))