Try SpotterManages THREAT LAYERS resource module
| "added in version" 5.0.0 of check_point.mgmt"
Authors: Ansible Security Automation Team (@justjais) <https://github.com/ansible-security>-
This plugin has a corresponding action plugin.
Install with ansible-galaxy collection install check_point.mgmt:==5.2.3
collections:
- name: check_point.mgmt
version: 5.2.3This resource module allows for addition, deletion, or modification of CP Threat Layers.
This resource module also takes care of gathering Threat Layers config facts
# Using MERGED state
# -------------------
- name: To Add Merge Threat-Layers config
cp_mgmt_threat_layers:
state: merged
config:
name: New Layer 1
add_default_rule: true
tags:
- test_threat_layer
color: turquoise
comments: test description
ignore_warnings: false
ignore_errors: false
round_trip: true
# RUN output:
# -----------
# mgmt_threat_layers:
# after:
# color: turquoise
# comments: test description
# icon: ApplicationFirewall/rulebase
# ips-layer: false
# name: New Layer 1
# tags:
# - test_threat_layer
# before: {}
# Using REPLACED state
# --------------------
- name: Replace Threat-layer config
cp_mgmt_threat_layers:
state: replaced
config:
name: New Layer 1
add_default_rule: true
tags:
- test_threat_layer_replaced
color: cyan
comments: REPLACED description
ignore_warnings: false
ignore_errors: false
round_trip: true
# RUN output:
# -----------
# mgmt_threat_layers:
# after:
# color: cyan
# comments: REPLACED description
# icon: ApplicationFirewall/rulebase
# ips-layer: false
# name: New Layer 1
# tags:
# - test_threat_layer_replaced
# before:
# color: turquoise
# comments: test description
# icon: ApplicationFirewall/rulebase
# ips-layer: false
# name: New Layer 1
# tags:
# - test_threat_layer
# Using GATHERED state
# --------------------
# 1. With Round Trip set to True
- name: To Gather threat-layer by Name
cp_mgmt_threat_layers:
config:
name: New Layer 1
round_trip: true
state: gathered
# RUN output:
# -----------
# gathered:
# color: turquoise
# comments: test description
# domain: SMC User
# icon: ApplicationFirewall/rulebase
# ips-layer: false
# name: New Layer 1
# read-only: false
# tags:
# - test_threat_layer
# uid: 4dc060e2-0ed6-48c5-9b0f-3d2fbeb552ba
# 2. With Round Trip set to False which is the default behaviour
- name: To Gather threat-layer by Name
cp_mgmt_threat_layers:
config:
name: New Layer 1
state: gathered
# RUN output:
# -----------
# gathered:
# color: turquoise
# comments: test description
# domain:
# domain-type: domain
# name: SMC User
# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
# icon: ApplicationFirewall/rulebase
# ips-layer: false
# meta-info:
# creation-time:
# iso-8601: 2022-11-21T07:30+0000
# posix: 1669015820472
# creator: admin
# last-modifier: admin
# last-modify-time:
# iso-8601: 2022-11-21T07:30+0000
# posix: 1669015821024
# lock: unlocked
# validation-state: ok
# name: New Layer 1
# read-only: false
# tags:
# - domain:
# domain-type: domain
# name: SMC User
# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
# name: test_threat_layer
# type: tag
# uid: 59f23149-ed5e-439f-9012-0cdf222a1c97
# type: threat-layer
# uid: ca196a80-fdc4-4e7b-8b25-e3eed125a25f
# 3. Gather ALL threat-layer config with DESC order filter
- name: To Gather ALL threat-layer and order by Name
cp_mgmt_threat_layers:
config:
order:
- DESC: name
state: gathered
# RUN output:
# -----------
# gathered:
# - color: black
# comments: ''
# domain:
# domain-type: domain
# name: SMC User
# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
# icon: ApplicationFirewall/sharedrulebase
# ips-layer: true
# meta-info:
# creation-time:
# iso-8601: 2020-01-20T09:43+0000
# posix: 1579513387322
# creator: System
# last-modifier: System
# last-modify-time:
# iso-8601: 2020-01-20T09:43+0000
# posix: 1579513387377
# lock: unlocked
# validation-state: ok
# name: IPS
# read-only: false
# tags: []
# type: threat-layer
# uid: 90678011-1bcb-4296-8154-fa58c23ecf3b
# - color: black
# comments: ''
# domain:
# domain-type: domain
# name: SMC User
# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
# icon: ApplicationFirewall/rulebase
# ips-layer: false
# meta-info:
# creation-time:
# iso-8601: 2020-01-20T09:43+0000
# posix: 1579513386848
# creator: System
# last-modifier: System
# last-modify-time:
# iso-8601: 2020-01-20T09:43+0000
# posix: 1579513387396
# lock: unlocked
# validation-state: ok
# name: Standard Threat Prevention
# read-only: false
# tags: []
# type: threat-layer
# uid: 0dbe7c44-6d3f-4f28-8f2b-0e6790e57f8a
# Using DELETED state
# -------------------
- name: Delete Threat-layer config by Name and Layer
cp_mgmt_threat_layers:
config:
layer: IPS
name: First threat layer
round_trip: true
state: deleted
state:
choices:
- merged
- replaced
- gathered
- deleted
description:
- The state the configuration should be left in
- The state I(gathered) will get the module API configuration from the device and
transform it into structured data in the format as per the module argspec and the
value is returned in the I(gathered) key within the result.
type: str
config:
description: A dictionary of THREAT LAYERS options
suboptions:
add_default_rule:
description: Indicates whether to include a default rule in the new layer.
type: bool
auto_publish_session:
description:
- Publish the current session if changes have been performed after task completes.
type: bool
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description: Color of the object. Should be one of existing colors.
type: str
comments:
description: Comments string.
type: str
details_level:
choices:
- uid
- standard
- full
description: The level of detail for some of the fields in the response can vary
from showing only the UID value of the object to a fully detailed representation
of the object.
type: str
ignore_errors:
description: Apply changes ignoring errors. You won't be able to publish such
a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
ignore_warnings:
description: Apply changes ignoring warnings.
type: bool
limit:
description:
- The maximal number of returned results.
- NOTE, this parameter is a valid parameter only for the GATHERED state, for config
states like, MERGED, REPLACED, and DELETED state it won't be applicable.
type: int
name:
description: Object name. Must be unique in the domain.
type: str
offset:
description:
- Number of the results to initially skip.
- NOTE, this parameter is a valid parameter only for the GATHERED state, for config
states like, MERGED, REPLACED, and DELETED state it won't be applicable.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending
order by name. This parameter is relevant only for getting few objects.
- NOTE, this parameter is a valid parameter only for the GATHERED state, for config
states like, MERGED, REPLACED, and DELETED state it won't be applicable.
elements: dict
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
DESC:
description:
- Sorts results by the given field in descending order.
type: str
type: list
round_trip:
description:
- If set to True, the round trip will filter out the module parameters from the
response param, which will enable the user to fire the config request using
the structured gathered data.
- NOTE, this parameter makes relevance only with the GATHERED state, as for config
states like, MERGED, REPLACED, and DELETED state it won't make any config updates,
as it's not a module config parameter.
tags:
description: Collection of tag identifiers.
elements: str
type: list
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
type: dict
after:
description: The resulting configuration after module execution.
returned: when changed
sample: 'This output will always be in the same format as the module argspec.
'
type: dict
before:
description: The configuration prior to the module execution.
returned: when state is I(merged), I(replaced), I(deleted)
sample: 'This output will always be in the same format as the module argspec.
'
type: dict
gathered:
description: Facts about the network resource gathered from the remote device as
structured data.
returned: when state is I(gathered)
sample: 'This output will always be in the same format as the module argspec.
'
type: dict