Try SpotterManage security profile
Authors: Luke Weighall (@lweighall), Andrew Welsh (@Ghilli3), Jim Huber (@p4r4n0y1ng)
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1Manage security profile groups for FortiManager objects
- name: DELETE Profile
fmgr_secprof_av:
name: "Ansible_AV_Profile"
mode: "delete"
- name: CREATE Profile
fmgr_secprof_av:
name: "Ansible_AV_Profile"
comment: "Created by Ansible Module TEST"
mode: "set"
inspection_mode: "proxy"
ftgd_analytics: "everything"
av_block_log: "enable"
av_virus_log: "enable"
scan_mode: "full"
mobile_malware_db: "enable"
ftp_archive_block: "encrypted"
ftp_outbreak_prevention: "files"
ftp_archive_log: "timeout"
ftp_emulator: "disable"
ftp_options: "scan"
ftp:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
smb:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
adom:
default: root
description:
- The ADOM the configuration should belong to.
required: false
http:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
imap:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
mapi:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
mode:
choices:
- add
- set
- delete
- update
default: add
description:
- Sets one of three modes for managing the object.
- Allows use of soft-adds instead of overwriting existing values
required: false
name:
description:
- Profile name.
required: false
nntp:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
pop3:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
smtp:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
comment:
description:
- Comment.
required: false
nac_quar:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
scan_mode:
choices:
- quick
- full
description:
- Choose between full scan mode and quick scan mode.
required: false
ftp_options:
choices:
- scan
- quarantine
- avmonitor
description:
- Enable/disable FTP AntiVirus scanning, monitoring, and quarantine.
- FLAG Based Options. Specify multiple in list form.
required: false
smb_options:
choices:
- scan
- quarantine
- avmonitor
description:
- Enable/disable SMB AntiVirus scanning, monitoring, and quarantine.
- FLAG Based Options. Specify multiple in list form.
required: false
analytics_db:
choices:
- disable
- enable
description:
- Enable/disable using the FortiSandbox signature database to supplement the AV signature
databases.
required: false
av_block_log:
choices:
- disable
- enable
description:
- Enable/disable logging for AntiVirus file blocking.
required: false
av_virus_log:
choices:
- disable
- enable
description:
- Enable/disable AntiVirus logging.
required: false
extended_log:
choices:
- disable
- enable
description:
- Enable/disable extended logging for antivirus.
required: false
ftp_emulator:
choices:
- disable
- enable
description:
- Enable/disable the virus emulator.
required: false
http_options:
choices:
- scan
- quarantine
- avmonitor
description:
- Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine.
- FLAG Based Options. Specify multiple in list form.
required: false
imap_options:
choices:
- scan
- quarantine
- avmonitor
description:
- Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine.
- FLAG Based Options. Specify multiple in list form.
required: false
mapi_options:
choices:
- scan
- quarantine
- avmonitor
description:
- Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine.
- FLAG Based Options. Specify multiple in list form.
required: false
nac_quar_log:
choices:
- disable
- enable
description:
- Enable/disable AntiVirus quarantine logging.
required: false
nntp_options:
choices:
- scan
- quarantine
- avmonitor
description:
- Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine.
- FLAG Based Options. Specify multiple in list form.
required: false
pop3_options:
choices:
- scan
- quarantine
- avmonitor
description:
- Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine.
- FLAG Based Options. Specify multiple in list form.
required: false
smb_emulator:
choices:
- disable
- enable
description:
- Enable/disable the virus emulator.
required: false
smtp_options:
choices:
- scan
- quarantine
- avmonitor
description:
- Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine.
- FLAG Based Options. Specify multiple in list form.
required: false
http_emulator:
choices:
- disable
- enable
description:
- Enable/disable the virus emulator.
required: false
imap_emulator:
choices:
- disable
- enable
description:
- Enable/disable the virus emulator.
required: false
mapi_emulator:
choices:
- disable
- enable
description:
- Enable/disable the virus emulator.
required: false
nntp_emulator:
choices:
- disable
- enable
description:
- Enable/disable the virus emulator.
required: false
pop3_emulator:
choices:
- disable
- enable
description:
- Enable/disable the virus emulator.
required: false
smtp_emulator:
choices:
- disable
- enable
description:
- Enable/disable the virus emulator.
required: false
content_disarm:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
ftgd_analytics:
choices:
- disable
- suspicious
- everything
description:
- Settings to control which files are uploaded to FortiSandbox.
required: false
ftp_archive_log:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to log.
- FLAG Based Options. Specify multiple in list form.
required: false
inspection_mode:
choices:
- proxy
- flow-based
description:
- Inspection mode.
required: false
nac_quar_expiry:
description:
- Duration of quarantine.
required: false
smb_archive_log:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to log.
- FLAG Based Options. Specify multiple in list form.
required: false
http_archive_log:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to log.
- FLAG Based Options. Specify multiple in list form.
required: false
imap_archive_log:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to log.
- FLAG Based Options. Specify multiple in list form.
required: false
imap_executables:
choices:
- default
- virus
description:
- Treat Windows executable files as viruses for the purpose of blocking or monitoring.
required: false
mapi_archive_log:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to log.
- FLAG Based Options. Specify multiple in list form.
required: false
mapi_executables:
choices:
- default
- virus
description:
- Treat Windows executable files as viruses for the purpose of blocking or monitoring.
required: false
nntp_archive_log:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to log.
- FLAG Based Options. Specify multiple in list form.
required: false
pop3_archive_log:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to log.
- FLAG Based Options. Specify multiple in list form.
required: false
pop3_executables:
choices:
- default
- virus
description:
- Treat Windows executable files as viruses for the purpose of blocking or monitoring.
required: false
replacemsg_group:
description:
- Replacement message group customized for this profile.
required: false
smtp_archive_log:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to log.
- FLAG Based Options. Specify multiple in list form.
required: false
smtp_executables:
choices:
- default
- virus
description:
- Treat Windows executable files as viruses for the purpose of blocking or monitoring.
required: false
ftp_archive_block:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to block.
- FLAG Based Options. Specify multiple in list form.
required: false
mobile_malware_db:
choices:
- disable
- enable
description:
- Enable/disable using the mobile malware signature database.
required: false
nac_quar_infected:
choices:
- none
- quar-src-ip
description:
- Enable/Disable quarantining infected hosts to the banned user list.
required: false
smb_archive_block:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to block.
- FLAG Based Options. Specify multiple in list form.
required: false
http_archive_block:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to block.
- FLAG Based Options. Specify multiple in list form.
required: false
imap_archive_block:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to block.
- FLAG Based Options. Specify multiple in list form.
required: false
mapi_archive_block:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to block.
- FLAG Based Options. Specify multiple in list form.
required: false
nntp_archive_block:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to block.
- FLAG Based Options. Specify multiple in list form.
required: false
pop3_archive_block:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to block.
- FLAG Based Options. Specify multiple in list form.
required: false
smtp_archive_block:
choices:
- encrypted
- corrupted
- multipart
- nested
- mailbomb
- unhandled
- partiallycorrupted
- fileslimit
- timeout
description:
- Select the archive types to block.
- FLAG Based Options. Specify multiple in list form.
required: false
http_content_disarm:
choices:
- disable
- enable
description:
- Enable Content Disarm and Reconstruction for this protocol.
required: false
imap_content_disarm:
choices:
- disable
- enable
description:
- Enable Content Disarm and Reconstruction for this protocol.
required: false
pop3_content_disarm:
choices:
- disable
- enable
description:
- Enable Content Disarm and Reconstruction for this protocol.
required: false
smtp_content_disarm:
choices:
- disable
- enable
description:
- Enable Content Disarm and Reconstruction for this protocol.
required: false
analytics_max_upload:
description:
- Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes, default
= 10).
required: false
analytics_bl_filetype:
description:
- Only submit files matching this DLP file-pattern to FortiSandbox.
required: false
analytics_wl_filetype:
description:
- Do not submit files matching this DLP file-pattern to FortiSandbox.
required: false
ftp_outbreak_prevention:
choices:
- disabled
- files
- full-archive
description:
- Enable FortiGuard Virus Outbreak Prevention service.
required: false
smb_outbreak_prevention:
choices:
- disabled
- files
- full-archive
description:
- Enable FortiGuard Virus Outbreak Prevention service.
required: false
http_outbreak_prevention:
choices:
- disabled
- files
- full-archive
description:
- Enable FortiGuard Virus Outbreak Prevention service.
required: false
imap_outbreak_prevention:
choices:
- disabled
- files
- full-archive
description:
- Enable FortiGuard Virus Outbreak Prevention service.
required: false
mapi_outbreak_prevention:
choices:
- disabled
- files
- full-archive
description:
- Enable FortiGuard Virus Outbreak Prevention service.
required: false
nntp_outbreak_prevention:
choices:
- disabled
- files
- full-archive
description:
- Enable FortiGuard Virus Outbreak Prevention service.
required: false
pop3_outbreak_prevention:
choices:
- disabled
- files
- full-archive
description:
- Enable FortiGuard Virus Outbreak Prevention service.
required: false
smtp_outbreak_prevention:
choices:
- disabled
- files
- full-archive
description:
- Enable FortiGuard Virus Outbreak Prevention service.
required: false
content_disarm_cover_page:
choices:
- disable
- enable
description:
- Enable/disable inserting a cover page into the disarmed document.
required: false
content_disarm_detect_only:
choices:
- disable
- enable
description:
- Enable/disable only detect disarmable files, do not alter content.
required: false
content_disarm_office_embed:
choices:
- disable
- enable
description:
- Enable/disable stripping of embedded objects in Microsoft Office documents.
required: false
content_disarm_office_macro:
choices:
- disable
- enable
description:
- Enable/disable stripping of macros in Microsoft Office documents.
required: false
content_disarm_pdf_act_form:
choices:
- disable
- enable
description:
- Enable/disable stripping of actions that submit data to other targets in PDF documents.
required: false
content_disarm_pdf_act_java:
choices:
- disable
- enable
description:
- Enable/disable stripping of actions that execute JavaScript code in PDF documents.
required: false
content_disarm_pdf_javacode:
choices:
- disable
- enable
description:
- Enable/disable stripping of JavaScript code in PDF documents.
required: false
content_disarm_office_hylink:
choices:
- disable
- enable
description:
- Enable/disable stripping of hyperlinks in Microsoft Office documents.
required: false
content_disarm_office_linked:
choices:
- disable
- enable
description:
- Enable/disable stripping of linked objects in Microsoft Office documents.
required: false
content_disarm_pdf_act_gotor:
choices:
- disable
- enable
description:
- Enable/disable stripping of links to other PDFs in PDF documents.
required: false
content_disarm_pdf_act_movie:
choices:
- disable
- enable
description:
- Enable/disable stripping of embedded movies in PDF documents.
required: false
content_disarm_pdf_act_sound:
choices:
- disable
- enable
description:
- Enable/disable stripping of embedded sound files in PDF documents.
required: false
content_disarm_pdf_embedfile:
choices:
- disable
- enable
description:
- Enable/disable stripping of embedded files in PDF documents.
required: false
content_disarm_pdf_hyperlink:
choices:
- disable
- enable
description:
- Enable/disable stripping of hyperlinks from PDF documents.
required: false
content_disarm_pdf_act_launch:
choices:
- disable
- enable
description:
- Enable/disable stripping of links to external applications in PDF documents.
required: false
content_disarm_original_file_destination:
choices:
- fortisandbox
- quarantine
- discard
description:
- Destination to send original file if active content is removed.
required: false
api_result: description: full API response, includes status code and message returned: always type: str