Try SpotterConfigure CASB user activity in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify casb feature and user_activity category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure CASB user activity.
fortinet.fortios.fortios_casb_user_activity:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
casb_user_activity:
application: "<your_own_value> (source casb.saas-application.name)"
casb_name: "<your_own_value>"
category: "activity-control"
control_options:
-
name: "default_name_7"
operations:
-
action: "append"
case_sensitive: "enable"
direction: "request"
header_name: "<your_own_value>"
name: "default_name_13"
search_key: "<your_own_value>"
search_pattern: "simple"
target: "header"
value_from_input: "enable"
values:
-
value: "<your_own_value>"
status: "enable"
description: "<your_own_value>"
match:
-
id: "23"
rules:
-
case_sensitive: "enable"
domains:
-
domain: "<your_own_value>"
header_name: "<your_own_value>"
id: "29"
match_pattern: "simple"
match_value: "<your_own_value>"
methods:
-
method: "<your_own_value>"
negate: "enable"
type: "domains"
strategy: "and"
match_strategy: "and"
name: "default_name_38"
status: "enable"
type: "built-in"
uuid: "<your_own_value>"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
casb_user_activity:
default: null
description:
- Configure CASB user activity.
suboptions:
application:
description:
- CASB SaaS application name. Source casb.saas-application.name.
type: str
casb_name:
description:
- CASB user activity signature name.
type: str
category:
choices:
- activity-control
- tenant-control
- domain-control
- safe-search-control
- other
description:
- CASB user activity category.
type: str
control_options:
description:
- CASB control options.
elements: dict
suboptions:
name:
description:
- CASB control option name.
required: true
type: str
operations:
description:
- CASB control option operations.
elements: dict
suboptions:
action:
choices:
- append
- prepend
- replace
- new
- new-on-not-found
- delete
description:
- CASB operation action.
type: str
case_sensitive:
choices:
- enable
- disable
description:
- CASB operation search case sensitive.
type: str
direction:
choices:
- request
description:
- CASB operation direction.
type: str
header_name:
description:
- CASB operation header name to search.
type: str
name:
description:
- CASB control option operation name.
required: true
type: str
search_key:
description:
- CASB operation key to search.
type: str
search_pattern:
choices:
- simple
- substr
- regexp
description:
- CASB operation search pattern.
type: str
target:
choices:
- header
- path
description:
- CASB operation target.
type: str
value_from_input:
choices:
- enable
- disable
description:
- Enable/disable value from user input.
type: str
values:
description:
- CASB operation new values.
elements: dict
suboptions:
value:
description:
- Operation value.
required: true
type: str
type: list
type: list
status:
choices:
- enable
- disable
description:
- CASB control option status.
type: str
type: list
description:
description:
- CASB user activity description.
type: str
match:
description:
- CASB user activity match rules.
elements: dict
suboptions:
id:
description:
- CASB user activity match rules ID. see <a href='#notes'>Notes</a>.
required: true
type: int
rules:
description:
- CASB user activity rules.
elements: dict
suboptions:
case_sensitive:
choices:
- enable
- disable
description:
- CASB user activity match case sensitive.
type: str
domains:
description:
- CASB user activity domain list.
elements: dict
suboptions:
domain:
description:
- Domain list separated by space.
required: true
type: str
type: list
header_name:
description:
- CASB user activity rule header name.
type: str
id:
description:
- CASB user activity rule ID. see <a href='#notes'>Notes</a>.
required: true
type: int
match_pattern:
choices:
- simple
- substr
- regexp
description:
- CASB user activity rule match pattern.
type: str
match_value:
description:
- CASB user activity rule match value.
type: str
methods:
description:
- CASB user activity method list.
elements: dict
suboptions:
method:
description:
- User activity method.
required: true
type: str
type: list
negate:
choices:
- enable
- disable
description:
- Enable/disable what the matching strategy must not be.
type: str
type:
choices:
- domains
- host
- path
- header
- header-value
- method
description:
- CASB user activity rule type.
type: str
type: list
strategy:
choices:
- and
- or
description:
- CASB user activity rules strategy.
type: str
type: list
match_strategy:
choices:
- and
- or
description:
- CASB user activity match strategy.
type: str
name:
description:
- CASB user activity name.
required: true
type: str
status:
choices:
- enable
- disable
description:
- CASB user activity status.
type: str
type:
choices:
- built-in
- customized
description:
- CASB user activity type.
type: str
uuid:
description:
- Universally Unique Identifier (UUID; automatically assigned but can be manually
reset).
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str