Try SpotterConfigure CASB user activity.
| "added in version" 2.3.0 of fortinet.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections:
- name: fortinet.fortimanager
version: 2.4.0This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure CASB user activity.
fortinet.fortimanager.fmgr_casb_useractivity:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
state: present # <value in [present, absent]>
casb_useractivity:
application: <string>
casb_name: <string>
category: <value in [activity-control, tenant-control, domain-control, ...]>
control_options:
-
name: <string>
operations:
-
action: <value in [append, prepend, replace, ...]>
case_sensitive: <value in [disable, enable]>
direction: <value in [request]>
header_name: <string>
name: <string>
search_key: <string>
search_pattern: <value in [simple, substr, regexp]>
target: <value in [header, path]>
value_from_input: <value in [disable, enable]>
values: <list or string>
status: <value in [disable, enable]>
description: <string>
match:
-
id: <integer>
rules:
-
case_sensitive: <value in [disable, enable]>
domains: <list or string>
header_name: <string>
id: <integer>
match_pattern: <value in [simple, substr, regexp]>
match_value: <string>
methods: <list or string>
negate: <value in [disable, enable]>
type: <value in [domains, host, path, ...]>
strategy: <value in [or, and]>
match_strategy: <value in [or, and]>
name: <string>
type: <value in [built-in, customized]>
uuid: <string>
status: <value in [disable, enable]>
adom:
description: The parameter (adom) in requested url.
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
type: bool
access_token:
description: The token to access FortiManager without using username and password.
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
type: bool
casb_useractivity:
description: The top level parameters set.
required: false
suboptions:
application:
description: CASB SaaS application name.
type: str
casb-name:
description: Deprecated, please rename it to casb_name. CASB user activity signature
name.
type: str
category:
choices:
- activity-control
- tenant-control
- domain-control
- safe-search-control
- other
description: CASB user activity category.
type: str
control-options:
description: Deprecated, please rename it to control_options.
elements: dict
suboptions:
name:
description: CASB control option name.
type: str
operations:
description: No description.
elements: dict
suboptions:
action:
choices:
- append
- prepend
- replace
- new
- new-on-not-found
- delete
description: CASB operation action.
type: str
case-sensitive:
choices:
- disable
- enable
description: Deprecated, please rename it to case_sensitive. CASB operation
search case sensitive.
type: str
direction:
choices:
- request
description: CASB operation direction.
type: str
header-name:
description: Deprecated, please rename it to header_name. CASB operation
header name to search.
type: str
name:
description: CASB control option operation name.
type: str
search-key:
description: Deprecated, please rename it to search_key. CASB operation
key to search.
type: str
search-pattern:
choices:
- simple
- substr
- regexp
description: Deprecated, please rename it to search_pattern. CASB operation
search pattern.
type: str
target:
choices:
- header
- path
description: CASB operation target.
type: str
value-from-input:
choices:
- disable
- enable
description: Deprecated, please rename it to value_from_input. Enable/disable
value from user input.
type: str
values:
description: No description.
elements: str
type: list
type: list
status:
choices:
- disable
- enable
description: CASB control option status.
type: str
type: list
description:
description: CASB user activity description.
type: str
match:
description: No description.
elements: dict
suboptions:
id:
description: CASB user activity match rules ID.
type: int
rules:
description: No description.
elements: dict
suboptions:
case-sensitive:
choices:
- disable
- enable
description: Deprecated, please rename it to case_sensitive. CASB user
activity match case sensitive.
type: str
domains:
description: No description.
elements: str
type: list
header-name:
description: Deprecated, please rename it to header_name. CASB user activity
rule header name.
type: str
id:
description: CASB user activity rule ID.
type: int
match-pattern:
choices:
- simple
- substr
- regexp
description: Deprecated, please rename it to match_pattern. CASB user
activity rule match pattern.
type: str
match-value:
description: Deprecated, please rename it to match_value. CASB user activity
rule match value.
type: str
methods:
description: No description.
elements: str
type: list
negate:
choices:
- disable
- enable
description: Enable/disable what the matching strategy must not be.
type: str
type:
choices:
- domains
- host
- path
- header
- header-value
- method
description: CASB user activity rule type.
type: str
type: list
strategy:
choices:
- or
- and
description: CASB user activity rules strategy.
type: str
type: list
match-strategy:
choices:
- or
- and
description: Deprecated, please rename it to match_strategy. CASB user activity
match strategy.
type: str
name:
description: CASB user activity name.
required: true
type: str
status:
choices:
- disable
- enable
description: CASB user activity status.
type: str
type:
choices:
- built-in
- customized
description: CASB user activity type.
type: str
uuid:
description: Universally Unique Identifier
type: str
type: dict
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list