Try SpotterManages threat-indicator objects on Check Point over Web Services API
| "added in version" 2.9 of ansible.builtin"
Authors: Or Soffer (@chkp-orso)
preview | supported by community
pipInstall with pip install ansible==2.9.17
Manages threat-indicator objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-threat-indicator
cp_mgmt_threat_indicator:
action: ask
ignore_warnings: true
name: My_Indicator
observables:
- confidence: medium
mail_to: someone@somewhere.com
name: My_Observable
product: AV
severity: low
profile_overrides:
- action: detect
profile: My_Profile
state: present
- name: set-threat-indicator
cp_mgmt_threat_indicator:
action: prevent
ignore_warnings: true
name: My_Indicator
state: present
- name: delete-threat-indicator
cp_mgmt_threat_indicator:
name: My_Indicator
state: absent
name:
description:
- Object name.
required: true
type: str
tags:
description:
- Collection of tag identifiers.
type: list
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
state:
choices:
- present
- absent
default: present
description:
- State of the access rule (present or absent).
type: str
action:
choices:
- Inactive
- Ask
- Prevent
- Detect
description:
- The indicator's action.
type: str
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
comments:
description:
- Comments string.
type: str
observables:
description:
- The indicator's observables.
suboptions:
comments:
description:
- Comments string.
type: str
confidence:
choices:
- low
- medium
- high
- critical
description:
- The confidence level the indicator has that a real threat has been uncovered.
type: str
domain:
description:
- The name of a domain.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes.
If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ip_address:
description:
- A valid IP-Address.
type: str
ip_address_first:
description:
- A valid IP-Address, the beginning of the range. If you configure this parameter
with a value, you must also configure the value of the 'ip-address-last' parameter.
type: str
ip_address_last:
description:
- A valid IP-Address, the end of the range. If you configure this parameter with
a value, you must also configure the value of the 'ip-address-first' parameter.
type: str
mail_cc:
description:
- A valid E-Mail address, cc field.
type: str
mail_from:
description:
- A valid E-Mail address, sender field.
type: str
mail_reply_to:
description:
- A valid E-Mail address, reply-to field.
type: str
mail_subject:
description:
- Subject of E-Mail.
type: str
mail_to:
description:
- A valid E-Mail address, recipient filed.
type: str
md5:
description:
- A valid MD5 sequence.
type: str
name:
description:
- Object name. Should be unique in the domain.
type: str
product:
choices:
- AV
- AB
description:
- The software blade that processes the observable, AV - AntiVirus, AB - AntiBot.
type: str
severity:
choices:
- low
- medium
- high
- critical
description:
- The severity level of the threat.
type: str
url:
description:
- A valid URL.
type: str
type: list
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings
flag was omitted - warnings will also be ignored.
type: bool
wait_for_task:
default: true
description:
- Wait for the task to end. Such as publish task.
type: bool
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
profile_overrides:
description:
- Profiles in which to override the indicator's default action.
suboptions:
action:
choices:
- Inactive
- Ask
- Prevent
- Detect
description:
- The indicator's action in this profile.
type: str
profile:
description:
- The profile in which to override the indicator's action.
type: str
type: list
auto_publish_session:
default: false
description:
- Publish the current session if changes have been performed after task completes.
type: bool
observables_raw_data:
description:
- The contents of a file containing the indicator's observables.
type: str
wait_for_task_timeout:
default: 30
description:
- How many minutes to wait until throwing a timeout error.
type: int
cp_mgmt_threat_indicator: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict