check_point / check_point.mgmt / 5.2.2 / module / cp_mgmt_check_threat_ioc_feed Check if a target can reach or parse a threat IOC feed; can work with an existing feed object or with a new one (by providing all relevant feed parameters). | "added in version" 3.0.0 of check_point.mgmt" Authors: Eden Brillant (@chkp-edenbr) preview | supported by communitycheck_point.mgmt.cp_mgmt_check_threat_ioc_feed (5.2.2) — module
Install with ansible-galaxy collection install check_point.mgmt:==5.2.2
collections: - name: check_point.mgmt version: 5.2.2
Check if a target can reach or parse a threat IOC feed; can work with an existing feed object or with a new one (by providing all relevant feed parameters).
All operations are performed over Web Services API.
- name: check-threat-ioc-feed cp_mgmt_check_threat_ioc_feed: ioc_feed: name: existing_feed targets: corporate-gateway
targets: description: - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. elements: str type: list version: description: - Version of checkpoint. If not given one, the latest version taken. type: str ioc_feed: description: - threat ioc feed parameters. suboptions: action: choices: - Prevent - Detect description: - The feed indicator's action. type: str certificate_id: description: - Certificate SHA-1 fingerprint to access the feed. type: str custom_comment: description: - Custom IOC feed - the column number of comment. type: int custom_confidence: description: - Custom IOC feed - the column number of confidence. type: int custom_header: description: - Custom HTTP headers. elements: dict suboptions: header_name: description: - The name of the HTTP header we wish to add. type: str header_value: description: - The name of the HTTP value we wish to add. type: str type: list custom_name: description: - Custom IOC feed - the column number of name. type: int custom_severity: description: - Custom IOC feed - the column number of severity. type: int custom_type: description: - Custom IOC feed - the column number of type in case a specific type is not chosen. type: int custom_value: description: - Custom IOC feed - the column number of value in case a specific type is chosen. type: int details_level: choices: - uid - standard - full description: - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. type: str enabled: description: - Sets whether this indicator feed is enabled. type: bool feed_type: choices: - any type - domain - ip address - md5 - url - ip range - mail subject - mail from - mail to - mail reply to - mail cc - sha1 - sha256 description: - Feed type to be enforced. type: str feed_url: description: - URL of the feed. URL should be written as http or https. type: str fields_delimiter: description: - The delimiter that separates between the columns in the feed. type: str ignore_errors: description: - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. type: bool ignore_lines_that_start_with: description: - A prefix that will determine which lines to ignore. type: str ignore_warnings: description: - Apply changes ignoring warnings. type: bool name: description: - Object name. type: str password: description: - password for authenticating with the URL. type: str use_custom_feed_settings: description: - Set in order to configure a custom indicator feed. type: bool use_gateway_proxy: description: - Use the gateway's proxy for retrieving the feed. type: bool username: description: - username for authenticating with the URL. type: str type: dict wait_for_task: default: true description: - Wait for the task to end. Such as publish task. type: bool auto_publish_session: default: false description: - Publish the current session if changes have been performed after task completes. type: bool wait_for_task_timeout: default: 30 description: - How many minutes to wait until throwing a timeout error. type: int
cp_mgmt_check_threat_ioc_feed: description: The checkpoint check-threat-ioc-feed output. returned: always. type: dict