ansible / ansible.builtin / v2.8.13 / module / fortios_dlp_sensor Configure DLP sensors in Fortinet's FortiOS and FortiGate. | "added in version" 2.8 of ansible.builtin" Authors: Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityansible.builtin.fortios_dlp_sensor (v2.8.13) — module
pip
Install with pip install ansible==2.8.13
This module is able to configure a FortiGate or FortiOS by allowing the user to configure dlp feature and sensor category. Examples includes all options and need to be adjusted to datasources before usage. Tested with FOS v6.0.2
- hosts: localhost vars: host: "192.168.122.40" username: "admin" password: "" vdom: "root" tasks: - name: Configure DLP sensors. fortios_dlp_sensor: host: "{{ host }}" username: "{{ username }}" password: "{{ password }}" vdom: "{{ vdom }}" dlp_sensor: state: "present" comment: "Comment." dlp-log: "enable" extended-log: "enable" filter: - action: "allow" archive: "disable" company-identifier: "myId_9" expiry: "<your_own_value>" file-size: "11" file-type: "12 (source dlp.filepattern.id)" filter-by: "credit-card" fp-sensitivity: - name: "default_name_15 (source dlp.fp-sensitivity.name)" id: "16" match-percentage: "17" name: "default_name_18" proto: "smtp" regexp: "<your_own_value>" severity: "info" type: "file" flow-based: "enable" full-archive-proto: "smtp" nac-quar-log: "enable" name: "default_name_26" options: "<your_own_value>" replacemsg-group: "<your_own_value> (source system.replacemsg-group.name)" summary-proto: "smtp"
host: description: - FortiOS or FortiGate ip address. required: true vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. https: default: false description: - Indicates if the requests towards FortiGate must use HTTPS protocol type: bool password: default: '' description: - FortiOS or FortiGate password. username: description: - FortiOS or FortiGate username. required: true dlp_sensor: default: null description: - Configure DLP sensors. suboptions: comment: description: - Comment. dlp-log: choices: - enable - disable description: - Enable/disable DLP logging. extended-log: choices: - enable - disable description: - Enable/disable extended logging for data leak prevention. filter: description: - Set up DLP filters for this sensor. suboptions: action: choices: - allow - log-only - block - quarantine-ip description: - Action to take with content that this DLP sensor matches. archive: choices: - disable - enable description: - Enable/disable DLP archiving. company-identifier: description: - Enter a company identifier watermark to match. Only watermarks that your company has placed on the files are matched. expiry: description: - Quarantine duration in days, hours, minutes format (dddhhmm). file-size: description: - Match files this size or larger (0 - 4294967295 kbytes). file-type: description: - Select the number of a DLP file pattern table to match. Source dlp.filepattern.id. filter-by: choices: - credit-card - ssn - regexp - file-type - file-size - fingerprint - watermark - encrypted description: - Select the type of content to match. fp-sensitivity: description: - Select a DLP file pattern sensitivity to match. suboptions: name: description: - Select a DLP sensitivity. Source dlp.fp-sensitivity.name. required: true id: description: - ID. required: true match-percentage: description: - Percentage of fingerprints in the fingerprint databases designated with the selected fp-sensitivity to match. name: description: - Filter name. proto: choices: - smtp - pop3 - imap - http-get - http-post - ftp - nntp - mapi - mm1 - mm3 - mm4 - mm7 description: - Check messages or files over one or more of these protocols. regexp: description: - Enter a regular expression to match (max. 255 characters). severity: choices: - info - low - medium - high - critical description: - Select the severity or threat level that matches this filter. type: choices: - file - message description: - Select whether to check the content of messages (an email message) or files (downloaded files or email attachments). flow-based: choices: - enable - disable description: - Enable/disable flow-based DLP. full-archive-proto: choices: - smtp - pop3 - imap - http-get - http-post - ftp - nntp - mapi - mm1 - mm3 - mm4 - mm7 description: - Protocols to always content archive. nac-quar-log: choices: - enable - disable description: - Enable/disable NAC quarantine logging. name: description: - Name of the DLP sensor. required: true options: description: - Configure DLP options. replacemsg-group: description: - Replacement message group used by this DLP sensor. Source system.replacemsg-group.name. state: choices: - present - absent description: - Indicates whether to create or remove the object summary-proto: choices: - smtp - pop3 - imap - http-get - http-post - ftp - nntp - mapi - mm1 - mm3 - mm4 - mm7 description: - Protocols to always log summary.
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str