ansible / ansible.builtin / v2.9.0 / module / cp_mgmt_threat_indicator Manages threat-indicator objects on Check Point over Web Services API | "added in version" 2.9 of ansible.builtin" Authors: Or Soffer (@chkp-orso) preview | supported by communityansible.builtin.cp_mgmt_threat_indicator (v2.9.0) — module
pip
Install with pip install ansible==2.9.0
Manages threat-indicator objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-threat-indicator cp_mgmt_threat_indicator: action: ask ignore_warnings: true name: My_Indicator observables: - confidence: medium mail_to: someone@somewhere.com name: My_Observable product: AV severity: low profile_overrides: - action: detect profile: My_Profile state: present
- name: set-threat-indicator cp_mgmt_threat_indicator: action: prevent ignore_warnings: true name: My_Indicator state: present
- name: delete-threat-indicator cp_mgmt_threat_indicator: name: My_Indicator state: absent
name: description: - Object name. required: true type: str tags: description: - Collection of tag identifiers. type: list color: choices: - aquamarine - black - blue - crete blue - burlywood - cyan - dark green - khaki - orchid - dark orange - dark sea green - pink - turquoise - dark blue - firebrick - brown - forest green - gold - dark gold - gray - dark gray - light green - lemon chiffon - coral - sea green - sky blue - magenta - purple - slate blue - violet red - navy blue - olive - orange - red - sienna - yellow description: - Color of the object. Should be one of existing colors. type: str state: choices: - present - absent default: present description: - State of the access rule (present or absent). Defaults to present. type: str action: choices: - Inactive - Ask - Prevent - Detect description: - The indicator's action. type: str version: description: - Version of checkpoint. If not given one, the latest version taken. type: str comments: description: - Comments string. type: str observables: description: - The indicator's observables. suboptions: comments: description: - Comments string. type: str confidence: choices: - low - medium - high - critical description: - The confidence level the indicator has that a real threat has been uncovered. type: str domain: description: - The name of a domain. type: str ignore_errors: description: - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. type: bool ignore_warnings: description: - Apply changes ignoring warnings. type: bool ip_address: description: - A valid IP-Address. type: str ip_address_first: description: - A valid IP-Address, the beginning of the range. If you configure this parameter with a value, you must also configure the value of the 'ip-address-last' parameter. type: str ip_address_last: description: - A valid IP-Address, the end of the range. If you configure this parameter with a value, you must also configure the value of the 'ip-address-first' parameter. type: str mail_cc: description: - A valid E-Mail address, cc field. type: str mail_from: description: - A valid E-Mail address, sender field. type: str mail_reply_to: description: - A valid E-Mail address, reply-to field. type: str mail_subject: description: - Subject of E-Mail. type: str mail_to: description: - A valid E-Mail address, recipient filed. type: str md5: description: - A valid MD5 sequence. type: str name: description: - Object name. Should be unique in the domain. type: str product: choices: - AV - AB description: - The software blade that processes the observable, AV - AntiVirus, AB - AntiBot. type: str severity: choices: - low - medium - high - critical description: - The severity level of the threat. type: str url: description: - A valid URL. type: str type: list details_level: choices: - uid - standard - full description: - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. type: str ignore_errors: description: - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. type: bool wait_for_task: default: true description: - Wait for the task to end. Such as publish task. type: bool ignore_warnings: description: - Apply changes ignoring warnings. type: bool profile_overrides: description: - Profiles in which to override the indicator's default action. suboptions: action: choices: - Inactive - Ask - Prevent - Detect description: - The indicator's action in this profile. type: str profile: description: - The profile in which to override the indicator's action. type: str type: list auto_publish_session: description: - Publish the current session if changes have been performed after task completes. type: bool observables_raw_data: description: - The contents of a file containing the indicator's observables. type: str wait_for_task_timeout: default: 30 description: - How many minutes to wait until throwing a timeout error. type: int
cp_mgmt_threat_indicator: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict