Try SpotterManages threat-profile objects on Check Point over Web Services API
| "added in version" 2.9 of ansible.builtin"
Authors: Or Soffer (@chkp-orso)
preview | supported by community
pipInstall with pip install ansible==2.9.17
Manages threat-profile objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-threat-profile
cp_mgmt_threat_profile:
active_protections_performance_impact: low
active_protections_severity: low or above
anti_bot: true
anti_virus: true
confidence_level_high: prevent
confidence_level_medium: prevent
ips: true
ips_settings:
exclude_protection_with_performance_impact: true
exclude_protection_with_performance_impact_mode: high or lower
newly_updated_protections: staging
name: New Profile 1
state: present
threat_emulation: true
- name: set-threat-profile
cp_mgmt_threat_profile:
active_protections_performance_impact: low
active_protections_severity: low or above
anti_bot: true
anti_virus: false
comments: update recommended profile
confidence_level_high: prevent
confidence_level_low: prevent
confidence_level_medium: prevent
ips: false
ips_settings:
exclude_protection_with_performance_impact: true
exclude_protection_with_performance_impact_mode: high or lower
newly_updated_protections: active
name: New Profile 1
state: present
threat_emulation: true
- name: delete-threat-profile
cp_mgmt_threat_profile:
name: New Profile 1
state: absent
ips:
description:
- Is IPS blade activated.
type: bool
name:
description:
- Object name.
required: true
type: str
tags:
description:
- Collection of tag identifiers.
type: list
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
state:
choices:
- present
- absent
default: present
description:
- State of the access rule (present or absent).
type: str
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
anti_bot:
description:
- Is Anti-Bot blade activated.
type: bool
comments:
description:
- Comments string.
type: str
overrides:
description:
- Overrides per profile for this protection.
suboptions:
action:
choices:
- 'Threat Cloud: Inactive'
- Detect
- 'Prevent <br> Core: Drop'
- Inactive
- Accept
description:
- Protection action.
type: str
capture_packets:
description:
- Capture packets.
type: bool
protection:
description:
- IPS protection identified by name or UID.
type: str
track:
choices:
- none
- log
- alert
- mail
- snmp trap
- user alert
- user alert 1
- user alert 2
description:
- Tracking method for protection.
type: str
type: list
anti_virus:
description:
- Is Anti-Virus blade activated.
type: bool
ips_settings:
description:
- IPS blade settings.
suboptions:
exclude_protection_with_performance_impact:
description:
- Whether to exclude protections depending on their level of performance impact.
type: bool
exclude_protection_with_performance_impact_mode:
choices:
- very low
- low or lower
- medium or lower
- high or lower
description:
- Exclude protections with this level of performance impact.
type: str
exclude_protection_with_severity:
description:
- Whether to exclude protections depending on their level of severity.
type: bool
exclude_protection_with_severity_mode:
choices:
- low or above
- medium or above
- high or above
- critical
description:
- Exclude protections with this level of severity.
type: str
newly_updated_protections:
choices:
- active
- inactive
- staging
description:
- Activation of newly updated protections.
type: str
type: dict
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings
flag was omitted - warnings will also be ignored.
type: bool
wait_for_task:
default: true
description:
- Wait for the task to end. Such as publish task.
type: bool
use_indicators:
description:
- Indicates whether the profile should make use of indicators.
type: bool
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
threat_emulation:
description:
- Is Threat Emulation blade activated.
type: bool
indicator_overrides:
description:
- Indicators whose action will be overridden in this profile.
suboptions:
action:
choices:
- Inactive
- Ask
- Prevent
- Detect
description:
- The indicator's action in this profile.
type: str
indicator:
description:
- The indicator whose action is to be overridden.
type: str
type: list
auto_publish_session:
default: false
description:
- Publish the current session if changes have been performed after task completes.
type: bool
confidence_level_low:
choices:
- Inactive
- Ask
- Prevent
- Detect
description:
- Action for protections with low confidence level.
type: str
confidence_level_high:
choices:
- Inactive
- Ask
- Prevent
- Detect
description:
- Action for protections with high confidence level.
type: str
wait_for_task_timeout:
default: 30
description:
- How many minutes to wait until throwing a timeout error.
type: int
confidence_level_medium:
choices:
- Inactive
- Ask
- Prevent
- Detect
description:
- Action for protections with medium confidence level.
type: str
use_extended_attributes:
description:
- Whether to activate/deactivate IPS protections according to the extended attributes.
type: bool
active_protections_severity:
choices:
- Critical
- High
- Medium or above
- Low or above
description:
- Protections with this severity only will be activated in the profile.
type: str
malicious_mail_policy_settings:
description:
- Malicious Mail Policy for MTA Gateways.
suboptions:
add_customized_text_to_email_body:
description:
- Add customized text to the malicious email body.
type: bool
add_email_subject_prefix:
description:
- Add a prefix to the malicious email subject.
type: bool
add_x_header_to_email:
description:
- Add an X-Header to the malicious email.
type: bool
email_action:
choices:
- allow
- block
description:
- Block - block the entire malicious email<br>Allow - pass the malicious email
and apply email changes (like, remove attachments and links, add x-header, etc...).
type: str
email_body_customized_text:
description:
- Customized text for the malicious email body.<br> Available predefined fields,<br>
$verdicts$ - the malicious/error attachments/links verdict.
type: str
email_subject_prefix_text:
description:
- Prefix for the malicious email subject.
type: str
failed_to_scan_attachments_text:
description:
- Replace attachments that failed to be scanned with this text.<br> Available
predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5
of the malicious file.
type: str
malicious_attachments_text:
description:
- Replace malicious attachments with this text.<br> Available predefined fields,<br>
$filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file.
type: str
malicious_links_text:
description:
- Replace malicious links with this text.<br> Available predefined fields,<br>
$neutralized_url$ - neutralized malicious link.
type: str
remove_attachments_and_links:
description:
- Remove attachments and links from the malicious email.
type: bool
send_copy:
description:
- Send a copy of the malicious email to the recipient list.
type: bool
send_copy_list:
description:
- Recipient list to send a copy of the malicious email.
type: list
type: dict
active_protections_performance_impact:
choices:
- high
- medium
- low
- very_low
description:
- Protections with this performance impact only will be activated in the profile.
type: str
activate_protections_by_extended_attributes:
description:
- Activate protections by these extended attributes.
suboptions:
category:
description:
- IPS tag category name.
type: str
name:
description:
- IPS tag name.
type: str
type: list
deactivate_protections_by_extended_attributes:
description:
- Deactivate protections by these extended attributes.
suboptions:
category:
description:
- IPS tag category name.
type: str
name:
description:
- IPS tag name.
type: str
type: list
cp_mgmt_threat_profile: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict