cp_mgmt_threat_profile – Manages threat-profile objects on Check Point over Web Services API
cp_mgmt_threat_profile – Manages threat-profile objects on Check Point over Web Services API
New in version 2.9.
Synopsis
- Manages threat-profile objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
Parameters
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
activate_protections_by_extended_attributes list |
Activate protections by these extended attributes. | ||
category string |
IPS tag category name. | ||
name string |
IPS tag name. | ||
active_protections_performance_impact string |
|
Protections with this performance impact only will be activated in the profile. | |
active_protections_severity string |
|
Protections with this severity only will be activated in the profile. | |
anti_bot boolean |
|
Is Anti-Bot blade activated. | |
anti_virus boolean |
|
Is Anti-Virus blade activated. | |
auto_publish_session boolean |
|
Publish the current session if changes have been performed after task completes. | |
color string |
|
Color of the object. Should be one of existing colors. | |
comments string |
Comments string. | ||
confidence_level_high string |
|
Action for protections with high confidence level. | |
confidence_level_low string |
|
Action for protections with low confidence level. | |
confidence_level_medium string |
|
Action for protections with medium confidence level. | |
deactivate_protections_by_extended_attributes list |
Deactivate protections by these extended attributes. | ||
category string |
IPS tag category name. | ||
name string |
IPS tag name. | ||
details_level string |
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. | |
ignore_errors boolean |
|
Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. | |
ignore_warnings boolean |
|
Apply changes ignoring warnings. | |
indicator_overrides list |
Indicators whose action will be overridden in this profile. | ||
action string |
|
The indicator's action in this profile. | |
indicator string |
The indicator whose action is to be overridden. | ||
ips boolean |
|
Is IPS blade activated. | |
ips_settings dictionary |
IPS blade settings. | ||
exclude_protection_with_performance_impact boolean |
|
Whether to exclude protections depending on their level of performance impact. | |
exclude_protection_with_performance_impact_mode string |
|
Exclude protections with this level of performance impact. | |
exclude_protection_with_severity boolean |
|
Whether to exclude protections depending on their level of severity. | |
exclude_protection_with_severity_mode string |
|
Exclude protections with this level of severity. | |
newly_updated_protections string |
|
Activation of newly updated protections. | |
malicious_mail_policy_settings dictionary |
Malicious Mail Policy for MTA Gateways. | ||
add_customized_text_to_email_body boolean |
|
Add customized text to the malicious email body. | |
add_email_subject_prefix boolean |
|
Add a prefix to the malicious email subject. | |
add_x_header_to_email boolean |
|
Add an X-Header to the malicious email. | |
email_action string |
|
Block - block the entire malicious email | |
email_body_customized_text string |
Customized text for the malicious email body. | ||
email_subject_prefix_text string |
Prefix for the malicious email subject. | ||
failed_to_scan_attachments_text string |
Replace attachments that failed to be scanned with this text. | ||
malicious_attachments_text string |
Replace malicious attachments with this text. | ||
malicious_links_text string |
Replace malicious links with this text. | ||
remove_attachments_and_links boolean |
|
Remove attachments and links from the malicious email. | |
send_copy boolean |
|
Send a copy of the malicious email to the recipient list. | |
send_copy_list list |
Recipient list to send a copy of the malicious email. | ||
name string / required |
Object name. | ||
overrides list |
Overrides per profile for this protection. | ||
action string |
Core: Drop
|
Protection action. | |
capture_packets boolean |
|
Capture packets. | |
protection string |
IPS protection identified by name or UID. | ||
track string |
|
Tracking method for protection. | |
state string |
|
State of the access rule (present or absent). Defaults to present. | |
tags list |
Collection of tag identifiers. | ||
threat_emulation boolean |
|
Is Threat Emulation blade activated. | |
use_extended_attributes boolean |
|
Whether to activate/deactivate IPS protections according to the extended attributes. | |
use_indicators boolean |
|
Indicates whether the profile should make use of indicators. | |
version string |
Version of checkpoint. If not given one, the latest version taken. | ||
wait_for_task boolean |
|
Wait for the task to end. Such as publish task. |
Examples
- name: add-threat-profile
cp_mgmt_threat_profile:
active_protections_performance_impact: low
active_protections_severity: low or above
anti_bot: true
anti_virus: true
confidence_level_high: prevent
confidence_level_medium: prevent
ips: true
ips_settings:
exclude_protection_with_performance_impact: true
exclude_protection_with_performance_impact_mode: high or lower
newly_updated_protections: staging
name: New Profile 1
state: present
threat_emulation: true
- name: set-threat-profile
cp_mgmt_threat_profile:
active_protections_performance_impact: low
active_protections_severity: low or above
anti_bot: true
anti_virus: false
comments: update recommended profile
confidence_level_high: prevent
confidence_level_low: prevent
confidence_level_medium: prevent
ips: false
ips_settings:
exclude_protection_with_performance_impact: true
exclude_protection_with_performance_impact_mode: high or lower
newly_updated_protections: active
name: New Profile 1
state: present
threat_emulation: true
- name: delete-threat-profile
cp_mgmt_threat_profile:
name: New Profile 1
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
cp_mgmt_threat_profile dictionary |
always, except when deleting the object. |
The checkpoint object created or updated.
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Or Soffer (@chkp-orso)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/cp_mgmt_threat_profile_module.html