check_point / check_point.mgmt / 5.2.2 / module / cp_mgmt_threat_profile Manages threat-profile objects on Check Point over Web Services API | "added in version" 1.0.0 of check_point.mgmt" Authors: Or Soffer (@chkp-orso) preview | supported by communitycheck_point.mgmt.cp_mgmt_threat_profile (5.2.2) — module
Install with ansible-galaxy collection install check_point.mgmt:==5.2.2
collections: - name: check_point.mgmt version: 5.2.2
Manages threat-profile objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-threat-profile cp_mgmt_threat_profile: active_protections_performance_impact: low active_protections_severity: low or above anti_bot: true anti_virus: true confidence_level_high: prevent confidence_level_medium: prevent ips: true ips_settings: exclude_protection_with_performance_impact: true exclude_protection_with_performance_impact_mode: high or lower newly_updated_protections: staging name: New Profile 1 state: present threat_emulation: true
- name: set-threat-profile cp_mgmt_threat_profile: active_protections_performance_impact: low active_protections_severity: low or above anti_bot: true anti_virus: false comments: update recommended profile confidence_level_high: prevent confidence_level_low: prevent confidence_level_medium: prevent ips: false ips_settings: exclude_protection_with_performance_impact: true exclude_protection_with_performance_impact_mode: high or lower newly_updated_protections: active name: New Profile 1 state: present threat_emulation: true
- name: delete-threat-profile cp_mgmt_threat_profile: name: New Profile 1 state: absent
ips: description: - Is IPS blade activated. type: bool name: description: - Object name. required: true type: str tags: description: - Collection of tag identifiers. elements: str type: list color: choices: - aquamarine - black - blue - crete blue - burlywood - cyan - dark green - khaki - orchid - dark orange - dark sea green - pink - turquoise - dark blue - firebrick - brown - forest green - gold - dark gold - gray - dark gray - light green - lemon chiffon - coral - sea green - sky blue - magenta - purple - slate blue - violet red - navy blue - olive - orange - red - sienna - yellow description: - Color of the object. Should be one of existing colors. type: str state: choices: - present - absent default: present description: - State of the access rule (present or absent). type: str version: description: - Version of checkpoint. If not given one, the latest version taken. type: str anti_bot: description: - Is Anti-Bot blade activated. type: bool comments: description: - Comments string. type: str overrides: description: - Overrides per profile for this protection. elements: dict suboptions: action: choices: - 'Threat Cloud: Inactive' - Detect - 'Prevent <br> Core: Drop' - Inactive - Accept description: - Protection action. type: str capture_packets: description: - Capture packets. type: bool protection: description: - IPS protection identified by name or UID. type: str track: choices: - none - log - alert - mail - snmp trap - user alert - user alert 1 - user alert 2 description: - Tracking method for protection. type: str type: list anti_virus: description: - Is Anti-Virus blade activated. type: bool ips_settings: description: - IPS blade settings. suboptions: exclude_protection_with_performance_impact: description: - Whether to exclude protections depending on their level of performance impact. type: bool exclude_protection_with_performance_impact_mode: choices: - very low - low or lower - medium or lower - high or lower description: - Exclude protections with this level of performance impact. type: str exclude_protection_with_severity: description: - Whether to exclude protections depending on their level of severity. type: bool exclude_protection_with_severity_mode: choices: - low or above - medium or above - high or above - critical description: - Exclude protections with this level of severity. type: str newly_updated_protections: choices: - active - inactive - staging description: - Activation of newly updated protections. type: str type: dict details_level: choices: - uid - standard - full description: - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. type: str ignore_errors: description: - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. type: bool wait_for_task: default: true description: - Wait for the task to end. Such as publish task. type: bool use_indicators: description: - Indicates whether the profile should make use of indicators. type: bool ignore_warnings: description: - Apply changes ignoring warnings. type: bool threat_emulation: description: - Is Threat Emulation blade activated. type: bool indicator_overrides: description: - Indicators whose action will be overridden in this profile. elements: dict suboptions: action: choices: - Inactive - Ask - Prevent - Detect description: - The indicator's action in this profile. type: str indicator: description: - The indicator whose action is to be overridden. type: str type: list auto_publish_session: default: false description: - Publish the current session if changes have been performed after task completes. type: bool confidence_level_low: choices: - Inactive - Ask - Prevent - Detect description: - Action for protections with low confidence level. type: str confidence_level_high: choices: - Inactive - Ask - Prevent - Detect description: - Action for protections with high confidence level. type: str wait_for_task_timeout: default: 30 description: - How many minutes to wait until throwing a timeout error. type: int confidence_level_medium: choices: - Inactive - Ask - Prevent - Detect description: - Action for protections with medium confidence level. type: str use_extended_attributes: description: - Whether to activate/deactivate IPS protections according to the extended attributes. type: bool active_protections_severity: choices: - Critical - High - Medium or above - Low or above description: - Protections with this severity only will be activated in the profile. type: str malicious_mail_policy_settings: description: - Malicious Mail Policy for MTA Gateways. suboptions: add_customized_text_to_email_body: description: - Add customized text to the malicious email body. type: bool add_email_subject_prefix: description: - Add a prefix to the malicious email subject. type: bool add_x_header_to_email: description: - Add an X-Header to the malicious email. type: bool email_action: choices: - allow - block description: - Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and links, add x-header, etc...). type: str email_body_customized_text: description: - Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict. type: str email_subject_prefix_text: description: - Prefix for the malicious email subject. type: str failed_to_scan_attachments_text: description: - Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file. type: str malicious_attachments_text: description: - Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file. type: str malicious_links_text: description: - Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link. type: str remove_attachments_and_links: description: - Remove attachments and links from the malicious email. type: bool send_copy: description: - Send a copy of the malicious email to the recipient list. type: bool send_copy_list: description: - Recipient list to send a copy of the malicious email. elements: str type: list type: dict active_protections_performance_impact: choices: - high - medium - low - very_low description: - Protections with this performance impact only will be activated in the profile. type: str activate_protections_by_extended_attributes: description: - Activate protections by these extended attributes. elements: dict suboptions: category: description: - IPS tag category name. type: str name: description: - IPS tag name. type: str type: list deactivate_protections_by_extended_attributes: description: - Deactivate protections by these extended attributes. elements: dict suboptions: category: description: - IPS tag category name. type: str name: description: - IPS tag name. type: str type: list
cp_mgmt_threat_profile: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict