check_point.mgmt.cp_mgmt_threat_profile – Manages threat-profile objects on Check Point over Web Services API

From Get docs
Ansible/docs/2.11/collections/check point/mgmt/cp mgmt threat profile module


check_point.mgmt.cp_mgmt_threat_profile – Manages threat-profile objects on Check Point over Web Services API

Note

This plugin is part of the check_point.mgmt collection (version 2.0.0).

To install it use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_threat_profile.


New in version 2.9: of check_point.mgmt


Synopsis

  • Manages threat-profile objects on Check Point devices including creating, updating and removing objects.
  • All operations are performed over Web Services API.

Parameters

Parameter Choices/Defaults Comments

activate_protections_by_extended_attributes

list / elements=string

Activate protections by these extended attributes.

category

string

IPS tag category name.

name

string

IPS tag name.

active_protections_performance_impact

string

  • high
  • medium
  • low
  • very_low

Protections with this performance impact only will be activated in the profile.

active_protections_severity

string

  • Critical
  • High
  • Medium or above
  • Low or above

Protections with this severity only will be activated in the profile.

anti_bot

boolean

  • no
  • yes

Is Anti-Bot blade activated.

anti_virus

boolean

  • no
  • yes

Is Anti-Virus blade activated.

auto_publish_session

boolean

  • no
  • yes

Publish the current session if changes have been performed after task completes.

color

string

  • aquamarine
  • black
  • blue
  • crete blue
  • burlywood
  • cyan
  • dark green
  • khaki
  • orchid
  • dark orange
  • dark sea green
  • pink
  • turquoise
  • dark blue
  • firebrick
  • brown
  • forest green
  • gold
  • dark gold
  • gray
  • dark gray
  • light green
  • lemon chiffon
  • coral
  • sea green
  • sky blue
  • magenta
  • purple
  • slate blue
  • violet red
  • navy blue
  • olive
  • orange
  • red
  • sienna
  • yellow

Color of the object. Should be one of existing colors.

comments

string

Comments string.

confidence_level_high

string

  • Inactive
  • Ask
  • Prevent
  • Detect

Action for protections with high confidence level.

confidence_level_low

string

  • Inactive
  • Ask
  • Prevent
  • Detect

Action for protections with low confidence level.

confidence_level_medium

string

  • Inactive
  • Ask
  • Prevent
  • Detect

Action for protections with medium confidence level.

deactivate_protections_by_extended_attributes

list / elements=string

Deactivate protections by these extended attributes.

category

string

IPS tag category name.

name

string

IPS tag name.

details_level

string

  • uid
  • standard
  • full

The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

ignore_errors

boolean

  • no
  • yes

Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.

ignore_warnings

boolean

  • no
  • yes

Apply changes ignoring warnings.

indicator_overrides

list / elements=string

Indicators whose action will be overridden in this profile.

action

string

  • Inactive
  • Ask
  • Prevent
  • Detect

The indicator's action in this profile.

indicator

string

The indicator whose action is to be overridden.

ips

boolean

  • no
  • yes

Is IPS blade activated.

ips_settings

dictionary

IPS blade settings.

exclude_protection_with_performance_impact

boolean

  • no
  • yes

Whether to exclude protections depending on their level of performance impact.

exclude_protection_with_performance_impact_mode

string

  • very low
  • low or lower
  • medium or lower
  • high or lower

Exclude protections with this level of performance impact.

exclude_protection_with_severity

boolean

  • no
  • yes

Whether to exclude protections depending on their level of severity.

exclude_protection_with_severity_mode

string

  • low or above
  • medium or above
  • high or above
  • critical

Exclude protections with this level of severity.

newly_updated_protections

string

  • active
  • inactive
  • staging

Activation of newly updated protections.

malicious_mail_policy_settings

dictionary

Malicious Mail Policy for MTA Gateways.

add_customized_text_to_email_body

boolean

  • no
  • yes

Add customized text to the malicious email body.

add_email_subject_prefix

boolean

  • no
  • yes

Add a prefix to the malicious email subject.

add_x_header_to_email

boolean

  • no
  • yes

Add an X-Header to the malicious email.

email_action

string

  • allow
  • block

Block - block the entire malicious email
Allow - pass the malicious email and apply email changes (like, remove attachments and links, add x-header, etc...).

email_body_customized_text

string

Customized text for the malicious email body.
Available predefined fields,
$verdicts$ - the malicious/error attachments/links verdict.

email_subject_prefix_text

string

Prefix for the malicious email subject.

failed_to_scan_attachments_text

string

Replace attachments that failed to be scanned with this text.
Available predefined fields,
$filename$ - the malicious file name.
$md5$ - MD5 of the malicious file.

malicious_attachments_text

string

Replace malicious attachments with this text.
Available predefined fields,
$filename$ - the malicious file name.
$md5$ - MD5 of the malicious file.

malicious_links_text

string

Replace malicious links with this text.
Available predefined fields,
$neutralized_url$ - neutralized malicious link.

remove_attachments_and_links

boolean

  • no
  • yes

Remove attachments and links from the malicious email.

send_copy

boolean

  • no
  • yes

Send a copy of the malicious email to the recipient list.

send_copy_list

list / elements=string

Recipient list to send a copy of the malicious email.

name

string / required

Object name.

overrides

list / elements=string

Overrides per profile for this protection.

action

string

  • Threat Cloud: Inactive
  • Detect
  • Prevent

Core: Drop

  • Inactive
  • Accept

Protection action.

capture_packets

boolean

  • no
  • yes

Capture packets.

protection

string

IPS protection identified by name or UID.

track

string

  • none
  • log
  • alert
  • mail
  • snmp trap
  • user alert
  • user alert 1
  • user alert 2

Tracking method for protection.

state

string

  • present

  • absent

State of the access rule (present or absent). Defaults to present.

tags

list / elements=string

Collection of tag identifiers.

threat_emulation

boolean

  • no
  • yes

Is Threat Emulation blade activated.

use_extended_attributes

boolean

  • no
  • yes

Whether to activate/deactivate IPS protections according to the extended attributes.

use_indicators

boolean

  • no
  • yes

Indicates whether the profile should make use of indicators.

version

string

Version of checkpoint. If not given one, the latest version taken.

wait_for_task

boolean

  • no

  • yes

Wait for the task to end. Such as publish task.

wait_for_task_timeout

integer

Default:

30

How many minutes to wait until throwing a timeout error.



Examples

- name: add-threat-profile
  cp_mgmt_threat_profile:
    active_protections_performance_impact: low
    active_protections_severity: low or above
    anti_bot: true
    anti_virus: true
    confidence_level_high: prevent
    confidence_level_medium: prevent
    ips: true
    ips_settings:
      exclude_protection_with_performance_impact: true
      exclude_protection_with_performance_impact_mode: high or lower
      newly_updated_protections: staging
    name: New Profile 1
    state: present
    threat_emulation: true

- name: set-threat-profile
  cp_mgmt_threat_profile:
    active_protections_performance_impact: low
    active_protections_severity: low or above
    anti_bot: true
    anti_virus: false
    comments: update recommended profile
    confidence_level_high: prevent
    confidence_level_low: prevent
    confidence_level_medium: prevent
    ips: false
    ips_settings:
      exclude_protection_with_performance_impact: true
      exclude_protection_with_performance_impact_mode: high or lower
      newly_updated_protections: active
    name: New Profile 1
    state: present
    threat_emulation: true

- name: delete-threat-profile
  cp_mgmt_threat_profile:
    name: New Profile 1
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

cp_mgmt_threat_profile

dictionary

always, except when deleting the object.

The checkpoint object created or updated.





Authors

  • Or Soffer (@chkp-orso)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/check_point/mgmt/cp_mgmt_threat_profile_module.html


Retrieved from "https://getdocs.org/index.php?title=Ansible/docs/2.11/collections/check_point/mgmt/cp_mgmt_threat_profile_module&oldid=60866"
Powered by MediaWiki