mirror of https://github.com/ansible/ansible.git
threat_profile module (#61391)
* threat_profile module * list to dict * fix examplepull/53508/merge
parent
f1e1da7ad3
commit
fff11bde0d
@ -0,0 +1,400 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage CheckPoint Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_threat_profile
|
||||
short_description: Manages threat-profile objects on Checkpoint over Web Services API
|
||||
description:
|
||||
- Manages threat-profile objects on Checkpoint devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
active_protections_performance_impact:
|
||||
description:
|
||||
- Protections with this performance impact only will be activated in the profile.
|
||||
type: str
|
||||
choices: ['high', 'medium', 'low', 'very_low']
|
||||
active_protections_severity:
|
||||
description:
|
||||
- Protections with this severity only will be activated in the profile.
|
||||
type: str
|
||||
choices: ['Critical', 'High', 'Medium or above', 'Low or above']
|
||||
confidence_level_high:
|
||||
description:
|
||||
- Action for protections with high confidence level.
|
||||
type: str
|
||||
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
|
||||
confidence_level_low:
|
||||
description:
|
||||
- Action for protections with low confidence level.
|
||||
type: str
|
||||
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
|
||||
confidence_level_medium:
|
||||
description:
|
||||
- Action for protections with medium confidence level.
|
||||
type: str
|
||||
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
|
||||
indicator_overrides:
|
||||
description:
|
||||
- Indicators whose action will be overridden in this profile.
|
||||
type: list
|
||||
suboptions:
|
||||
action:
|
||||
description:
|
||||
- The indicator's action in this profile.
|
||||
type: str
|
||||
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
|
||||
indicator:
|
||||
description:
|
||||
- The indicator whose action is to be overriden.
|
||||
type: str
|
||||
ips_settings:
|
||||
description:
|
||||
- IPS blade settings.
|
||||
type: dict
|
||||
suboptions:
|
||||
exclude_protection_with_performance_impact:
|
||||
description:
|
||||
- Whether to exclude protections depending on their level of performance impact.
|
||||
type: bool
|
||||
exclude_protection_with_performance_impact_mode:
|
||||
description:
|
||||
- Exclude protections with this level of performance impact.
|
||||
type: str
|
||||
choices: ['very low', 'low or lower', 'medium or lower', 'high or lower']
|
||||
exclude_protection_with_severity:
|
||||
description:
|
||||
- Whether to exclude protections depending on their level of severity.
|
||||
type: bool
|
||||
exclude_protection_with_severity_mode:
|
||||
description:
|
||||
- Exclude protections with this level of severity.
|
||||
type: str
|
||||
choices: ['low or above', 'medium or above', 'high or above', 'critical']
|
||||
newly_updated_protections:
|
||||
description:
|
||||
- Activation of newly updated protections.
|
||||
type: str
|
||||
choices: ['active', 'inactive', 'staging']
|
||||
malicious_mail_policy_settings:
|
||||
description:
|
||||
- Malicious Mail Policy for MTA Gateways.
|
||||
type: dict
|
||||
suboptions:
|
||||
add_customized_text_to_email_body:
|
||||
description:
|
||||
- Add customized text to the malicious email body.
|
||||
type: bool
|
||||
add_email_subject_prefix:
|
||||
description:
|
||||
- Add a prefix to the malicious email subject.
|
||||
type: bool
|
||||
add_x_header_to_email:
|
||||
description:
|
||||
- Add an X-Header to the malicious email.
|
||||
type: bool
|
||||
email_action:
|
||||
description:
|
||||
- Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and
|
||||
links, add x-header, etc...).
|
||||
type: str
|
||||
choices: ['allow', 'block']
|
||||
email_body_customized_text:
|
||||
description:
|
||||
- Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict.
|
||||
type: str
|
||||
email_subject_prefix_text:
|
||||
description:
|
||||
- Prefix for the malicious email subject.
|
||||
type: str
|
||||
failed_to_scan_attachments_text:
|
||||
description:
|
||||
- Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file
|
||||
name.<br> $md5$ - MD5 of the malicious file.
|
||||
type: str
|
||||
malicious_attachments_text:
|
||||
description:
|
||||
- Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ -
|
||||
MD5 of the malicious file.
|
||||
type: str
|
||||
malicious_links_text:
|
||||
description:
|
||||
- Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link.
|
||||
type: str
|
||||
remove_attachments_and_links:
|
||||
description:
|
||||
- Remove attachments and links from the malicious email.
|
||||
type: bool
|
||||
send_copy:
|
||||
description:
|
||||
- Send a copy of the malicious email to the recipient list.
|
||||
type: bool
|
||||
send_copy_list:
|
||||
description:
|
||||
- Recipient list to send a copy of the malicious email.
|
||||
type: list
|
||||
overrides:
|
||||
description:
|
||||
- Overrides per profile for this protection.
|
||||
type: list
|
||||
suboptions:
|
||||
action:
|
||||
description:
|
||||
- Protection action.
|
||||
type: str
|
||||
choices: ['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']
|
||||
protection:
|
||||
description:
|
||||
- IPS protection identified by name or UID.
|
||||
type: str
|
||||
capture_packets:
|
||||
description:
|
||||
- Capture packets.
|
||||
type: bool
|
||||
track:
|
||||
description:
|
||||
- Tracking method for protection.
|
||||
type: str
|
||||
choices: ['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
use_indicators:
|
||||
description:
|
||||
- Indicates whether the profile should make use of indicators.
|
||||
type: bool
|
||||
anti_bot:
|
||||
description:
|
||||
- Is Anti-Bot blade activated.
|
||||
type: bool
|
||||
anti_virus:
|
||||
description:
|
||||
- Is Anti-Virus blade activated.
|
||||
type: bool
|
||||
ips:
|
||||
description:
|
||||
- Is IPS blade activated.
|
||||
type: bool
|
||||
threat_emulation:
|
||||
description:
|
||||
- Is Threat Emulation blade activated.
|
||||
type: bool
|
||||
activate_protections_by_extended_attributes:
|
||||
description:
|
||||
- Activate protections by these extended attributes.
|
||||
type: list
|
||||
suboptions:
|
||||
name:
|
||||
description:
|
||||
- IPS tag name.
|
||||
type: str
|
||||
category:
|
||||
description:
|
||||
- IPS tag category name.
|
||||
type: str
|
||||
deactivate_protections_by_extended_attributes:
|
||||
description:
|
||||
- Deactivate protections by these extended attributes.
|
||||
type: list
|
||||
suboptions:
|
||||
name:
|
||||
description:
|
||||
- IPS tag name.
|
||||
type: str
|
||||
category:
|
||||
description:
|
||||
- IPS tag category name.
|
||||
type: str
|
||||
use_extended_attributes:
|
||||
description:
|
||||
- Whether to activate/deactivate IPS protections according to the extended attributes.
|
||||
type: bool
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-threat-profile
|
||||
cp_mgmt_threat_profile:
|
||||
active_protections_performance_impact: low
|
||||
active_protections_severity: low or above
|
||||
anti_bot: true
|
||||
anti_virus: true
|
||||
confidence_level_high: prevent
|
||||
confidence_level_medium: prevent
|
||||
ips: true
|
||||
ips_settings:
|
||||
exclude_protection_with_performance_impact: true
|
||||
exclude_protection_with_performance_impact_mode: high or lower
|
||||
newly_updated_protections: staging
|
||||
name: New Profile 1
|
||||
state: present
|
||||
threat_emulation: true
|
||||
|
||||
- name: set-threat-profile
|
||||
cp_mgmt_threat_profile:
|
||||
active_protections_performance_impact: low
|
||||
active_protections_severity: low or above
|
||||
anti_bot: true
|
||||
anti_virus: false
|
||||
comments: update recommended profile
|
||||
confidence_level_high: prevent
|
||||
confidence_level_low: prevent
|
||||
confidence_level_medium: prevent
|
||||
ips: false
|
||||
ips_settings:
|
||||
exclude_protection_with_performance_impact: true
|
||||
exclude_protection_with_performance_impact_mode: high or lower
|
||||
newly_updated_protections: active
|
||||
name: New Profile 1
|
||||
state: present
|
||||
threat_emulation: true
|
||||
|
||||
- name: delete-threat-profile
|
||||
cp_mgmt_threat_profile:
|
||||
name: New Profile 1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_threat_profile:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
active_protections_performance_impact=dict(type='str', choices=['high', 'medium', 'low', 'very_low']),
|
||||
active_protections_severity=dict(type='str', choices=['Critical', 'High', 'Medium or above', 'Low or above']),
|
||||
confidence_level_high=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
|
||||
confidence_level_low=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
|
||||
confidence_level_medium=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
|
||||
indicator_overrides=dict(type='list', options=dict(
|
||||
action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
|
||||
indicator=dict(type='str')
|
||||
)),
|
||||
ips_settings=dict(type='dict', options=dict(
|
||||
exclude_protection_with_performance_impact=dict(type='bool'),
|
||||
exclude_protection_with_performance_impact_mode=dict(type='str', choices=['very low', 'low or lower', 'medium or lower', 'high or lower']),
|
||||
exclude_protection_with_severity=dict(type='bool'),
|
||||
exclude_protection_with_severity_mode=dict(type='str', choices=['low or above', 'medium or above', 'high or above', 'critical']),
|
||||
newly_updated_protections=dict(type='str', choices=['active', 'inactive', 'staging'])
|
||||
)),
|
||||
malicious_mail_policy_settings=dict(type='dict', options=dict(
|
||||
add_customized_text_to_email_body=dict(type='bool'),
|
||||
add_email_subject_prefix=dict(type='bool'),
|
||||
add_x_header_to_email=dict(type='bool'),
|
||||
email_action=dict(type='str', choices=['allow', 'block']),
|
||||
email_body_customized_text=dict(type='str'),
|
||||
email_subject_prefix_text=dict(type='str'),
|
||||
failed_to_scan_attachments_text=dict(type='str'),
|
||||
malicious_attachments_text=dict(type='str'),
|
||||
malicious_links_text=dict(type='str'),
|
||||
remove_attachments_and_links=dict(type='bool'),
|
||||
send_copy=dict(type='bool'),
|
||||
send_copy_list=dict(type='list')
|
||||
)),
|
||||
overrides=dict(type='list', options=dict(
|
||||
action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']),
|
||||
protection=dict(type='str'),
|
||||
capture_packets=dict(type='bool'),
|
||||
track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2'])
|
||||
)),
|
||||
tags=dict(type='list'),
|
||||
use_indicators=dict(type='bool'),
|
||||
anti_bot=dict(type='bool'),
|
||||
anti_virus=dict(type='bool'),
|
||||
ips=dict(type='bool'),
|
||||
threat_emulation=dict(type='bool'),
|
||||
activate_protections_by_extended_attributes=dict(type='list', options=dict(
|
||||
name=dict(type='str'),
|
||||
category=dict(type='str')
|
||||
)),
|
||||
deactivate_protections_by_extended_attributes=dict(type='list', options=dict(
|
||||
name=dict(type='str'),
|
||||
category=dict(type='str')
|
||||
)),
|
||||
use_extended_attributes=dict(type='bool'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'threat-profile'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -0,0 +1,126 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage CheckPoint Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_threat_profile_facts
|
||||
short_description: Get threat-profile objects facts on Checkpoint over Web Services API
|
||||
description:
|
||||
- Get threat-profile objects facts on Checkpoint devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-threat-profile
|
||||
cp_mgmt_threat_profile_facts:
|
||||
name: Recommended_Profile
|
||||
|
||||
- name: show-threat-profiles
|
||||
cp_mgmt_threat_profile_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "threat-profile"
|
||||
api_call_object_plural_version = "threat-profiles"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
Loading…
Reference in New Issue