Try SpotterAdmin profile.
| "added in version" 1.0.0 of fortinet.fortianalyzer"
Authors: Xinwei Du (@dux-fortinet), Link Zheng (@chillancezen), Jie Xue (@JieX19), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortianalyzer:==1.4.0
collections:
- name: fortinet.fortianalyzer
version: 1.4.0This module is able to configure a FortiAnalyzer device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook
connection: httpapi
hosts: fortianalyzers
tasks:
- name: Admin profile.
fortinet.fortianalyzer.faz_cli_system_admin_profile:
cli_system_admin_profile:
allow_to_install: disable
change_password: disable
datamask: disable
profileid: 1
state: present
vars:
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
state:
choices:
- present
- absent
description: The directive to create, update or delete an object
required: true
type: str
log_path:
default: /tmp/fortianalyzer.ansible.log
description:
- The path to save log. Used if enable_log is true.
- Please use absolute path instead of relative path.
- If the log_path setting is incorrect, the log will be saved in /tmp/fortianalyzer.ansible.log
required: false
type: str
rc_failed:
description: the rc codes list with which the conditions to fail will be overriden
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: the rc codes list with which the conditions to succeed will be overriden
elements: int
required: false
type: list
proposed_method:
choices:
- set
- update
- add
description: The overridden method for the underlying Json RPC request
required: false
type: str
bypass_validation:
default: false
description: only set to True when module schema diffs with FortiAnalyzer API structure,
module continues to execute without validating parameters
required: false
type: bool
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
cli_system_admin_profile:
description: The top level parameters set.
required: false
suboptions:
adom-lock:
choices:
- none
- read
- read-write
description:
- ADOM locking
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
adom-switch:
choices:
- none
- read
- read-write
description:
- Administrator domain.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
allow-to-install:
choices:
- disable
- enable
description:
- Enable/disable the restricted user to install objects to the devices.
- disable - Disable setting.
- enable - Enable setting.
type: str
change-password:
choices:
- disable
- enable
description:
- Enable/disable the user to change self password.
- disable - Disable setting.
- enable - Enable setting.
type: str
datamask:
choices:
- disable
- enable
description:
- Enable/disable data masking.
- disable - Disable data masking.
- enable - Enable data masking.
type: str
datamask-custom-fields:
description: no description
elements: dict
suboptions:
field-category:
choices:
- log
- fortiview
- alert
- ueba
- all
description: no description
elements: str
type: list
field-name:
description: Field name.
type: str
field-status:
choices:
- disable
- enable
description:
- Field status.
- disable - Disable field.
- enable - Enable field.
type: str
field-type:
choices:
- string
- ip
- mac
- email
- unknown
description:
- Field type.
- string - String.
- ip - IP.
- mac - MAC address.
- email - Email address.
- unknown - Unknown.
type: str
type: list
datamask-custom-priority:
choices:
- disable
- enable
description:
- Prioritize custom fields.
- disable - Disable custom field search priority.
- enable - Enable custom field search priority.
type: str
datamask-fields:
choices:
- user
- srcip
- srcname
- srcmac
- dstip
- dstname
- email
- message
- domain
description: no description
elements: str
type: list
datamask-key:
description: no description
type: str
datamask-unmasked-time:
description: Time in days without data masking.
type: int
description:
description: Description.
type: str
device-ap:
choices:
- none
- read
- read-write
description:
- Manage AP.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-forticlient:
choices:
- none
- read
- read-write
description:
- Manage FortiClient.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-fortiextender:
choices:
- none
- read
- read-write
description:
- Manage FortiExtender.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-fortiswitch:
choices:
- none
- read
- read-write
description:
- Manage FortiSwitch.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-manager:
choices:
- none
- read
- read-write
description:
- Device manager.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-op:
choices:
- none
- read
- read-write
description:
- Device add/delete/edit.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-policy-package-lock:
choices:
- none
- read
- read-write
description:
- Device/Policy Package locking
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-wan-link-load-balance:
choices:
- none
- read
- read-write
description:
- Manage WAN link load balance.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
event-management:
choices:
- none
- read
- read-write
description:
- Event management.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
execute-playbook:
choices:
- none
- read
- read-write
description:
- Execute playbook.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
extension-access:
choices:
- none
- read
- read-write
description:
- Manage extension access.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
fabric-viewer:
choices:
- none
- read
- read-write
description:
- Fabric viewer.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
fgt-gui-proxy:
choices:
- disable
- enable
description:
- FortiGate GUI proxy.
- disable - No permission.
- enable - With permission.
type: str
fortirecorder-setting:
choices:
- none
- read
- read-write
description:
- FortiRecorder settings.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
ips-baseline-ovrd:
choices:
- disable
- enable
description:
- Enable/disable override baseline ips sensor.
- disable - Disable setting.
- enable - Enable setting.
type: str
ips-lock:
choices:
- none
- read
- read-write
description:
- IPS locking
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
ipv6_trusthost1:
description: Admin user trusted host IPv6, default ::/0 for all.
type: str
ipv6_trusthost10:
description: Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
for none.
type: str
ipv6_trusthost2:
description: Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
for none.
type: str
ipv6_trusthost3:
description: Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
for none.
type: str
ipv6_trusthost4:
description: Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
for none.
type: str
ipv6_trusthost5:
description: Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
for none.
type: str
ipv6_trusthost6:
description: Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
for none.
type: str
ipv6_trusthost7:
description: Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
for none.
type: str
ipv6_trusthost8:
description: Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
for none.
type: str
ipv6_trusthost9:
description: Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
for none.
type: str
log-viewer:
choices:
- none
- read
- read-write
description:
- Log viewer.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
profileid:
description: Profile ID.
type: str
realtime-monitor:
choices:
- none
- read
- read-write
description:
- Realtime monitor.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
report-viewer:
choices:
- none
- read
- read-write
description:
- Report viewer.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
rpc-permit:
choices:
- read-write
- none
- read
description:
- Set none/read/read-write rpc-permission
- read-write - Read-write permission.
- none - No permission.
- read - Read-only permission.
type: str
run-report:
choices:
- none
- read
- read-write
description:
- Run reports.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
scope:
choices:
- global
- adom
description:
- Scope.
- global - Global scope.
- adom - ADOM scope.
type: str
script-access:
choices:
- none
- read
- read-write
description:
- Script access.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
super-user-profile:
choices:
- disable
- enable
description:
- Enable/disable super user profile
- disable - Disable super user profile
- enable - Enable super user profile
type: str
system-setting:
choices:
- none
- read
- read-write
description:
- System setting.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
triage-events:
choices:
- none
- read
- read-write
description:
- Triage events.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
trusthost1:
description: Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
type: str
trusthost10:
description: Admin user trusted host IP, default 255.255.255.255 255.255.255.255
for none.
type: str
trusthost2:
description: Admin user trusted host IP, default 255.255.255.255 255.255.255.255
for none.
type: str
trusthost3:
description: Admin user trusted host IP, default 255.255.255.255 255.255.255.255
for none.
type: str
trusthost4:
description: Admin user trusted host IP, default 255.255.255.255 255.255.255.255
for none.
type: str
trusthost5:
description: Admin user trusted host IP, default 255.255.255.255 255.255.255.255
for none.
type: str
trusthost6:
description: Admin user trusted host IP, default 255.255.255.255 255.255.255.255
for none.
type: str
trusthost7:
description: Admin user trusted host IP, default 255.255.255.255 255.255.255.255
for none.
type: str
trusthost8:
description: Admin user trusted host IP, default 255.255.255.255 255.255.255.255
for none.
type: str
trusthost9:
description: Admin user trusted host IP, default 255.255.255.255 255.255.255.255
for none.
type: str
update-incidents:
choices:
- none
- read
- read-write
description:
- Create/update incidents.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
write-passwd-access:
choices:
- all
- specify-by-user
- specify-by-profile
description:
- set all/specify-by-user/specify-by-profile write password access mode.
- all - All except super users.
- specify-by-user - Specify by user.
- specify-by-profile - Specify by profile.
type: str
write-passwd-profiles:
description: no description
elements: dict
suboptions:
profileid:
description: Profile ID.
type: str
type: list
write-passwd-user-list:
description: no description
elements: dict
suboptions:
userid:
description: User ID.
type: str
type: list
type: dict
meta:
contains:
request_url:
description: The full url requested
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request
returned: always
sample: 0
type: int
response_data:
description: The api response
returned: always
type: list
response_message:
description: The descriptive message of the api response
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current fortianalyzer version.
returned: complex
type: list