community / community.network / 0.1.0 / module / fmgr_secprof_ips Managing IPS security profiles in FortiManager Authors: Luke Weighall (@lweighall), Andrew Welsh (@Ghilli3), Jim Huber (@p4r4n0y1ng)community.network.fmgr_secprof_ips (0.1.0) — module
Install with ansible-galaxy collection install community.network:==0.1.0
collections: - name: community.network version: 0.1.0
Managing IPS security profiles in FortiManager
- name: DELETE Profile fmgr_secprof_ips: name: "Ansible_IPS_Profile" comment: "Created by Ansible Module TEST" mode: "delete"
- name: CREATE Profile fmgr_secprof_ips: name: "Ansible_IPS_Profile" comment: "Created by Ansible Module TEST" mode: "set" block_malicious_url: "enable" entries: [{severity: "high", action: "block", log-packet: "enable"}, {severity: "medium", action: "pass"}]
adom: default: root description: - The ADOM the configuration should belong to. required: false mode: choices: - add - set - delete - update default: add description: - Sets one of three modes for managing the object. - Allows use of soft-adds instead of overwriting existing values required: false name: description: - Sensor name. required: false filter: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false comment: description: - Comment. required: false entries: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false override: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false filter_os: description: - Vulnerable OS filter. required: false entries_os: description: - Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems. required: false filter_log: choices: - disable - enable description: - Enable/disable logging of selected rules. required: false entries_log: choices: - disable - enable description: - Enable/disable logging of signatures included in filter. required: false filter_name: description: - Filter name. required: false entries_rule: description: - Identifies the predefined or custom IPS signatures to add to the sensor. required: false extended_log: choices: - disable - enable description: - Enable/disable extended logging. required: false override_log: choices: - disable - enable description: - Enable/disable logging. required: false filter_action: choices: - pass - block - default - reset description: - Action of selected rules. required: false filter_status: choices: - disable - enable - default description: - Selected rules status. required: false entries_action: choices: - pass - block - reset - default description: - Action taken with traffic in which signatures are detected. required: false entries_status: choices: - disable - enable - default description: - Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used. required: false filter_location: description: - Vulnerability location filter. required: false filter_protocol: description: - Vulnerable protocol filter. required: false filter_severity: description: - Vulnerability severity filter. required: false override_action: choices: - pass - block - reset description: - Action of override rule. required: false override_status: choices: - disable - enable description: - Enable/disable status of override rule. required: false entries_location: description: - Protect client or server traffic. required: false entries_protocol: description: - Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols. required: false entries_severity: description: - Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. required: false override_rule_id: description: - Override rule ID. required: false replacemsg_group: description: - Replacement message group. required: false entries_rate_mode: choices: - periodical - continuous description: - Rate limit mode. required: false filter_log_packet: choices: - disable - enable description: - Enable/disable packet logging of selected rules. required: false filter_quarantine: choices: - none - attacker description: - Quarantine IP or interface. required: false entries_log_packet: choices: - disable - enable description: - Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use. required: false entries_quarantine: choices: - none - attacker description: - Quarantine method. required: false entries_rate_count: description: - Count of the rate. required: false entries_rate_track: choices: - none - src-ip - dest-ip - dhcp-client-mac - dns-domain description: - Track the packet protocol field. required: false filter_application: description: - Vulnerable application filter. required: false block_malicious_url: choices: - disable - enable description: - Enable/disable malicious URL blocking. required: false entries_application: description: - Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications. required: false override_log_packet: choices: - disable - enable description: - Enable/disable packet logging. required: false override_quarantine: choices: - none - attacker description: - Quarantine IP or interface. required: false entries_rate_duration: description: - Duration (sec) of the rate. required: false filter_quarantine_log: choices: - disable - enable description: - Enable/disable logging of selected quarantine. required: false entries_quarantine_log: choices: - disable - enable description: - Enable/disable quarantine logging. required: false override_quarantine_log: choices: - disable - enable description: - Enable/disable logging of selected quarantine. required: false entries_exempt_ip_dst_ip: description: - Destination IP address and netmask. required: false entries_exempt_ip_src_ip: description: - Source IP address and netmask. required: false filter_quarantine_expiry: description: - Duration of quarantine in minute. required: false entries_quarantine_expiry: description: - Duration of quarantine. required: false override_exempt_ip_dst_ip: description: - Destination IP address and netmask. required: false override_exempt_ip_src_ip: description: - Source IP address and netmask. required: false entries_log_attack_context: choices: - disable - enable description: - Enable/disable logging of attack context| URL buffer, header buffer, body buffer, packet buffer. required: false override_quarantine_expiry: description: - Duration of quarantine in minute. required: false
api_result: description: full API response, includes status code and message returned: always type: str