f5networks.f5_modules.bigip_asm_policy_signature_set – Manages Signature Sets on an ASM policy
f5networks.f5_modules.bigip_asm_policy_signature_set – Manages Signature Sets on an ASM policy
Note
This plugin is part of the f5networks.f5_modules collection (version 1.6.0).
To install it use: ansible-galaxy collection install f5networks.f5_modules
.
To use it in a playbook, specify: f5networks.f5_modules.bigip_asm_policy_signature_set
.
New in version 1.0.0: of f5networks.f5_modules
Synopsis
- Manages Signature Sets on an ASM policy.
Parameters
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
alarm boolean |
|
Specifies if the security policy logs the request data in the Statistics screen when a request matches a signature that is included in the signature set. | |
block boolean |
|
Effective when the security policy enforcement mode is Blocking. Determines how the system treats requests that match a signature included in the signature set. When When | |
learn boolean |
|
Specifies if the security policy learns all requests that match a signature that is included in the signature set. | |
name string / required |
Specifies the name of the signature sets to apply on, or remove from, the ASM policy. Apart from built-in signature sets that ship with the device, you can create and use custom signature sets. When When When When When When When When When When When When When When When When When When When When When When When When When When When | ||
partition string |
Default: "Common" |
This parameter is only used when identifying an ASM policy. | |
policy_name string / required |
Specifies the name of an existing ASM policy to add or remove signature sets to. | ||
provider dictionary added in 1.0.0 of f5networks.f5_modules |
A dict object containing connection details. | ||
auth_provider string |
Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. | ||
no_f5_teem boolean |
|
If You may omit this option by setting the environment variable | |
password string / required |
The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable
| ||
server string / required |
The BIG-IP host. You may omit this option by setting the environment variable | ||
server_port integer |
Default: 443 |
The BIG-IP server port. You may omit this option by setting the environment variable | |
timeout integer |
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error. | ||
transport string |
|
Configures the transport connection to use when connecting to the remote device. | |
user string / required |
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable | ||
validate_certs boolean |
|
If You may omit this option by setting the environment variable | |
state string |
|
When When |
Notes
Note
- This module is primarily used as a component of configuring an ASM policy in the Ansible Galaxy ASM Policy Role.
- For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
- Requires BIG-IP software version >= 12.
- The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the f5networks.f5_modules.bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.
Examples
- name: Add Signature Set to ASM Policy
bigip_asm_policy_signature_set:
name: IIS and Windows Signatures
policy_name: FooPolicy
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Remove Signature Set to ASM Policy
bigip_asm_policy_signature_set:
name: IIS and Windows Signatures
policy_name: FooPolicy
state: absent
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
alarm boolean |
changed |
Specifies whether the security policy logs the request data in the Statistics screen.
Sample: True |
block boolean |
changed |
Determines how the system treats requests that match a signature included in the signature set.
|
learn boolean |
changed |
Specifies if the policy learns all requests that match a signature that is included in the signature set.
Sample: True |
name string |
changed |
The name of the Signature Set added/removed on an ASM policy.
Sample: Cisco Signatures |
policy_name string |
changed |
The name of the ASM policy
Sample: FooPolicy |
Authors
- Wojciech Wypior (@wojtek0806)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/f5networks/f5_modules/bigip_asm_policy_signature_set_module.html