cisco / cisco.meraki / 2.9.0 / module / meraki_mx_intrusion_prevention Manage intrustion prevention in the Meraki cloud Authors: Kevin Breit (@kbreit) preview | supported by communitycisco.meraki.meraki_mx_intrusion_prevention (2.9.0) — module
Install with ansible-galaxy collection install cisco.meraki:==2.9.0
collections: - name: cisco.meraki version: 2.9.0
Allows for management of intrusion prevention rules networks within Meraki MX networks.
- name: Set whitelist for organization meraki_intrusion_prevention: auth_key: '{{auth_key}}' state: present org_id: '{{test_org_id}}' allowed_rules: - rule_id: "meraki:intrusion/snort/GID/01/SID/5805" rule_message: Test rule delegate_to: localhost
- name: Query IPS info for organization meraki_intrusion_prevention: auth_key: '{{auth_key}}' state: query org_name: '{{test_org_name}}' delegate_to: localhost register: query_org
- name: Set full ruleset with check mode meraki_intrusion_prevention: auth_key: '{{auth_key}}' state: present org_name: '{{test_org_name}}' net_name: '{{test_net_name}} - IPS' mode: prevention ids_rulesets: security protected_networks: use_default: true included_cidr: - 192.0.1.0/24 excluded_cidr: - 10.0.1.0/24 delegate_to: localhost
- name: Clear rules from organization meraki_intrusion_prevention: auth_key: '{{auth_key}}' state: absent org_name: '{{test_org_name}}' allowed_rules: [] delegate_to: localhost
host: default: api.meraki.com description: - Hostname for Meraki dashboard. - Can be used to access regional Meraki environments, such as China. type: str mode: choices: - detection - disabled - prevention description: - Operational mode of Intrusion Prevention system. type: str state: choices: - absent - present - query default: present description: - Create or modify an organization. type: str net_id: description: - ID number of a network. type: str org_id: description: - ID of organization. type: str timeout: default: 30 description: - Time to timeout for HTTP requests. type: int auth_key: description: - Authentication key provided by the dashboard. Required if environmental variable C(MERAKI_KEY) is not set. required: true type: str net_name: aliases: - name - network description: - Name of a network. type: str org_name: aliases: - organization description: - Name of organization. type: str use_https: default: true description: - If C(no), it will use HTTP. Otherwise it will use HTTPS. - Only useful for internal Meraki developers. type: bool use_proxy: default: false description: - If C(no), it will not use a proxy, even if one is defined in an environment variable on the target hosts. type: bool ids_rulesets: choices: - connectivity - balanced - security description: - Ruleset complexity setting. type: str output_level: choices: - debug - normal default: normal description: - Set amount of debug output during module execution. type: str allowed_rules: description: - List of IDs related to rules which are allowed for the organization. elements: dict suboptions: rule_id: description: - ID of rule as defined by Snort. type: str rule_message: aliases: - message description: - Description of rule. - This is overwritten by the API. - Formerly C(message) which was deprecated but still maintained as an alias. type: str version_added: 2.3.0 version_added_collection: cisco.meraki type: list output_format: choices: - snakecase - camelcase default: snakecase description: - Instructs module whether response keys should be snake case (ex. C(net_id)) or camel case (ex. C(netId)). type: str validate_certs: default: true description: - Whether to validate HTTP certificates. type: bool protected_networks: description: - Set included/excluded networks for Intrusion Prevention. suboptions: excluded_cidr: description: - List of network IP ranges to exclude from scanning. elements: str type: list included_cidr: description: - List of network IP ranges to include in scanning. elements: str type: list use_default: description: - Whether to use special IPv4 addresses per RFC 5735. type: bool type: dict rate_limit_retry_time: default: 165 description: - Number of seconds to retry if rate limiter is triggered. type: int internal_error_retry_time: default: 60 description: - Number of seconds to retry if server returns an internal server error. type: int
data: contains: idsRulesets: description: Setting of selected ruleset. returned: success, when network is queried or modified sample: balanced type: str mode: description: Enabled setting of intrusion prevention. returned: success, when network is queried or modified sample: enabled type: str protectedNetworks: contains: excludedCidr: description: List of CIDR notiation networks to exclude from protection. returned: success, when network is queried or modified sample: 192.0.1.0/24 type: str includedCidr: description: List of CIDR notiation networks to protect. returned: success, when network is queried or modified sample: 192.0.1.0/24 type: str useDefault: description: Whether to use special IPv4 addresses. returned: success, when network is queried or modified sample: true type: bool description: Networks protected by IPS. returned: success, when network is queried or modified type: complex whitelistedRules: contains: ruleId: description: A rule identifier for an IPS rule. returned: success, when organization is queried or modified sample: meraki:intrusion/snort/GID/01/SID/5805 type: str rule_message: description: Description of rule. returned: success, when organization is queried or modified sample: MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines type: str description: List of whitelisted IPS rules. returned: success, when organization is queried or modified type: complex description: Information about the Threat Protection settings. returned: success type: complex