Try SpotterManaging IPS security profiles in FortiManager
Authors: Luke Weighall (@lweighall), Andrew Welsh (@Ghilli3), Jim Huber (@p4r4n0y1ng)
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1Managing IPS security profiles in FortiManager
- name: DELETE Profile
fmgr_secprof_ips:
name: "Ansible_IPS_Profile"
comment: "Created by Ansible Module TEST"
mode: "delete"
- name: CREATE Profile
fmgr_secprof_ips:
name: "Ansible_IPS_Profile"
comment: "Created by Ansible Module TEST"
mode: "set"
block_malicious_url: "enable"
entries: [{severity: "high", action: "block", log-packet: "enable"}, {severity: "medium", action: "pass"}]
adom:
default: root
description:
- The ADOM the configuration should belong to.
required: false
mode:
choices:
- add
- set
- delete
- update
default: add
description:
- Sets one of three modes for managing the object.
- Allows use of soft-adds instead of overwriting existing values
required: false
name:
description:
- Sensor name.
required: false
filter:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
comment:
description:
- Comment.
required: false
entries:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
override:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
filter_os:
description:
- Vulnerable OS filter.
required: false
entries_os:
description:
- Operating systems to be protected. all includes all operating systems. other includes
all unlisted operating systems.
required: false
filter_log:
choices:
- disable
- enable
description:
- Enable/disable logging of selected rules.
required: false
entries_log:
choices:
- disable
- enable
description:
- Enable/disable logging of signatures included in filter.
required: false
filter_name:
description:
- Filter name.
required: false
entries_rule:
description:
- Identifies the predefined or custom IPS signatures to add to the sensor.
required: false
extended_log:
choices:
- disable
- enable
description:
- Enable/disable extended logging.
required: false
override_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
required: false
filter_action:
choices:
- pass
- block
- default
- reset
description:
- Action of selected rules.
required: false
filter_status:
choices:
- disable
- enable
- default
description:
- Selected rules status.
required: false
entries_action:
choices:
- pass
- block
- reset
- default
description:
- Action taken with traffic in which signatures are detected.
required: false
entries_status:
choices:
- disable
- enable
- default
description:
- Status of the signatures included in filter. default enables the filter and only
use filters with default status of enable. Filters with default status of disable
will not be used.
required: false
filter_location:
description:
- Vulnerability location filter.
required: false
filter_protocol:
description:
- Vulnerable protocol filter.
required: false
filter_severity:
description:
- Vulnerability severity filter.
required: false
override_action:
choices:
- pass
- block
- reset
description:
- Action of override rule.
required: false
override_status:
choices:
- disable
- enable
description:
- Enable/disable status of override rule.
required: false
entries_location:
description:
- Protect client or server traffic.
required: false
entries_protocol:
description:
- Protocols to be examined. set protocol ? lists available protocols. all includes
all protocols. other includes all unlisted protocols.
required: false
entries_severity:
description:
- Relative severity of the signature, from info to critical. Log messages generated
by the signature include the severity.
required: false
override_rule_id:
description:
- Override rule ID.
required: false
replacemsg_group:
description:
- Replacement message group.
required: false
entries_rate_mode:
choices:
- periodical
- continuous
description:
- Rate limit mode.
required: false
filter_log_packet:
choices:
- disable
- enable
description:
- Enable/disable packet logging of selected rules.
required: false
filter_quarantine:
choices:
- none
- attacker
description:
- Quarantine IP or interface.
required: false
entries_log_packet:
choices:
- disable
- enable
description:
- Enable/disable packet logging. Enable to save the packet that triggers the filter.
You can download the packets in pcap format for diagnostic use.
required: false
entries_quarantine:
choices:
- none
- attacker
description:
- Quarantine method.
required: false
entries_rate_count:
description:
- Count of the rate.
required: false
entries_rate_track:
choices:
- none
- src-ip
- dest-ip
- dhcp-client-mac
- dns-domain
description:
- Track the packet protocol field.
required: false
filter_application:
description:
- Vulnerable application filter.
required: false
block_malicious_url:
choices:
- disable
- enable
description:
- Enable/disable malicious URL blocking.
required: false
entries_application:
description:
- Applications to be protected. set application ? lists available applications. all
includes all applications. other includes all unlisted applications.
required: false
override_log_packet:
choices:
- disable
- enable
description:
- Enable/disable packet logging.
required: false
override_quarantine:
choices:
- none
- attacker
description:
- Quarantine IP or interface.
required: false
entries_rate_duration:
description:
- Duration (sec) of the rate.
required: false
filter_quarantine_log:
choices:
- disable
- enable
description:
- Enable/disable logging of selected quarantine.
required: false
entries_quarantine_log:
choices:
- disable
- enable
description:
- Enable/disable quarantine logging.
required: false
override_quarantine_log:
choices:
- disable
- enable
description:
- Enable/disable logging of selected quarantine.
required: false
entries_exempt_ip_dst_ip:
description:
- Destination IP address and netmask.
required: false
entries_exempt_ip_src_ip:
description:
- Source IP address and netmask.
required: false
filter_quarantine_expiry:
description:
- Duration of quarantine in minute.
required: false
entries_quarantine_expiry:
description:
- Duration of quarantine.
required: false
override_exempt_ip_dst_ip:
description:
- Destination IP address and netmask.
required: false
override_exempt_ip_src_ip:
description:
- Source IP address and netmask.
required: false
entries_log_attack_context:
choices:
- disable
- enable
description:
- Enable/disable logging of attack context| URL buffer, header buffer, body buffer,
packet buffer.
required: false
override_quarantine_expiry:
description:
- Duration of quarantine in minute.
required: false
api_result: description: full API response, includes status code and message returned: always type: str