Try SpotterCheck if a target can reach or parse a threat IOC feed; can work with an existing feed object or with a new one (by providing all relevant feed parameters).
| "added in version" 3.0.0 of check_point.mgmt"
Authors: Eden Brillant (@chkp-edenbr)
preview | supported by community
Install with ansible-galaxy collection install check_point.mgmt:==5.2.3
collections:
- name: check_point.mgmt
version: 5.2.3Check if a target can reach or parse a threat IOC feed; can work with an existing feed object or with a new one (by providing all relevant feed parameters).
All operations are performed over Web Services API.
- name: check-threat-ioc-feed
cp_mgmt_check_threat_ioc_feed:
ioc_feed:
name: existing_feed
targets: corporate-gateway
targets:
description:
- On what targets to execute this command. Targets may be identified by their name,
or object unique identifier.
elements: str
type: list
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
ioc_feed:
description:
- threat ioc feed parameters.
suboptions:
action:
choices:
- Prevent
- Detect
description:
- The feed indicator's action.
type: str
certificate_id:
description:
- Certificate SHA-1 fingerprint to access the feed.
type: str
custom_comment:
description:
- Custom IOC feed - the column number of comment.
type: int
custom_confidence:
description:
- Custom IOC feed - the column number of confidence.
type: int
custom_header:
description:
- Custom HTTP headers.
elements: dict
suboptions:
header_name:
description:
- The name of the HTTP header we wish to add.
type: str
header_value:
description:
- The name of the HTTP value we wish to add.
type: str
type: list
custom_name:
description:
- Custom IOC feed - the column number of name.
type: int
custom_severity:
description:
- Custom IOC feed - the column number of severity.
type: int
custom_type:
description:
- Custom IOC feed - the column number of type in case a specific type is not chosen.
type: int
custom_value:
description:
- Custom IOC feed - the column number of value in case a specific type is chosen.
type: int
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
enabled:
description:
- Sets whether this indicator feed is enabled.
type: bool
feed_type:
choices:
- any type
- domain
- ip address
- md5
- url
- ip range
- mail subject
- mail from
- mail to
- mail reply to
- mail cc
- sha1
- sha256
description:
- Feed type to be enforced.
type: str
feed_url:
description:
- URL of the feed. URL should be written as http or https.
type: str
fields_delimiter:
description:
- The delimiter that separates between the columns in the feed.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes.
If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
ignore_lines_that_start_with:
description:
- A prefix that will determine which lines to ignore.
type: str
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
name:
description:
- Object name.
type: str
password:
description:
- password for authenticating with the URL.
type: str
use_custom_feed_settings:
description:
- Set in order to configure a custom indicator feed.
type: bool
use_gateway_proxy:
description:
- Use the gateway's proxy for retrieving the feed.
type: bool
username:
description:
- username for authenticating with the URL.
type: str
type: dict
wait_for_task:
default: true
description:
- Wait for the task to end. Such as publish task.
type: bool
auto_publish_session:
default: false
description:
- Publish the current session if changes have been performed after task completes.
type: bool
wait_for_task_timeout:
default: 30
description:
- How many minutes to wait until throwing a timeout error.
type: int
cp_mgmt_check_threat_ioc_feed: description: The checkpoint check-threat-ioc-feed output. returned: always. type: dict