fortios_log_threat_weight – Configure threat weight settings in Fortinet’s FortiOS and FortiGate

From Get docs
Ansible/docs/2.8/modules/fortios log threat weight module


fortios_log_threat_weight – Configure threat weight settings in Fortinet’s FortiOS and FortiGate

New in version 2.8.


Synopsis

  • This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify log feature and threat_weight category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2

Requirements

The below requirements are needed on the host that executes this module.

  • fortiosapi>=0.9.8

Parameters

Parameter Choices/Defaults Comments

host

- / required

FortiOS or FortiGate ip address.

https

boolean

  • no
  • yes

Indicates if the requests towards FortiGate must use HTTPS protocol

log_threat_weight

-

Default:

null

Configure threat weight settings.

application

-

Application-control threat weight settings.

category

-

Application category.

id

- / required

Entry ID.

level

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for Application events.

blocked-connection

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for blocked connections.

failed-connection

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for failed connections.

geolocation

-

Geolocation-based threat weight settings.

country

-

Country code.

id

- / required

Entry ID.

level

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for Geolocation-based events.

ips

-

IPS threat weight settings.

critical-severity

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for IPS critical severity events.

high-severity

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for IPS high severity events.

info-severity

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for IPS info severity events.

low-severity

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for IPS low severity events.

medium-severity

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for IPS medium severity events.

level

-

Score mapping for threat weight levels.

critical

-

Critical level score value (1 - 100).

high

-

High level score value (1 - 100).

low

-

Low level score value (1 - 100).

medium

-

Medium level score value (1 - 100).

malware

-

Anti-virus malware threat weight settings.

botnet-connection

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for detected botnet connections.

command-blocked

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for blocked command detected.

mimefragmented

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for mimefragmented detected.

oversized

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for oversized file detected.

switch-proto

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for switch proto detected.

virus-blocked

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for virus (blocked) detected.

virus-file-type-executable

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for virus (filetype executable) detected.

virus-infected

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for virus (infected) detected.

virus-outbreak-prevention

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for virus (outbreak prevention) event.

virus-scan-error

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for virus (scan error) detected.

status

-

  • enable
  • disable

Enable/disable the threat weight feature.

url-block-detected

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for URL blocking.

web

-

Web filtering threat weight settings.

category

-

Threat weight score for web category filtering matches.

id

- / required

Entry ID.

level

-

  • disable
  • low
  • medium
  • high
  • critical

Threat weight score for web category filtering matches.

password

-

Default:

""

FortiOS or FortiGate password.

username

- / required

FortiOS or FortiGate username.

vdom

-

Default:

"root"

Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.



Notes

Note

  • Requires fortiosapi library developed by Fortinet
  • Run as a local_action in your playbook


Examples

- hosts: localhost
  vars:
   host: "192.168.122.40"
   username: "admin"
   password: ""
   vdom: "root"
  tasks:
  - name: Configure threat weight settings.
    fortios_log_threat_weight:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      https: "False"
      log_threat_weight:
        application:
         -
            category: "4"
            id:  "5"
            level: "disable"
        blocked-connection: "disable"
        failed-connection: "disable"
        geolocation:
         -
            country: "<your_own_value>"
            id:  "11"
            level: "disable"
        ips:
            critical-severity: "disable"
            high-severity: "disable"
            info-severity: "disable"
            low-severity: "disable"
            medium-severity: "disable"
        level:
            critical: "20"
            high: "21"
            low: "22"
            medium: "23"
        malware:
            botnet-connection: "disable"
            command-blocked: "disable"
            mimefragmented: "disable"
            oversized: "disable"
            switch-proto: "disable"
            virus-blocked: "disable"
            virus-file-type-executable: "disable"
            virus-infected: "disable"
            virus-outbreak-prevention: "disable"
            virus-scan-error: "disable"
        status: "enable"
        url-block-detected: "disable"
        web:
         -
            category: "38"
            id:  "39"
            level: "disable"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

build

string

always

Build number of the fortigate image


Sample:

1547

http_method

string

always

Last method used to provision the content into FortiGate


Sample:

PUT

http_status

string

always

Last result given by FortiGate on last operation applied


Sample:

200

mkey

string

success

Master key (id) used in the last call to FortiGate


Sample:

id

name

string

always

Name of the table used to fulfill the request


Sample:

urlfilter

path

string

always

Path of the table used to fulfill the request


Sample:

webfilter

revision

string

always

Internal revision number


Sample:

17.0.2.10658

serial

string

always

Serial number of the unit


Sample:

FGVMEVYYQT3AB5352

status

string

always

Indication of the operation's result


Sample:

success

vdom

string

always

Virtual domain used


Sample:

root

version

string

always

Version of the FortiGate


Sample:

v5.6.3




Status

Authors

  • Miguel Angel Munoz (@mamunozgonzalez)
  • Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/fortios_log_threat_weight_module.html