check_point.mgmt.cp_mgmt_threat_indicator – Manages threat-indicator objects on Check Point over Web Services API

Note

This plugin is part of the check_point.mgmt collection (version 2.0.0).

To install it use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_threat_indicator.

New in version 2.9: of check_point.mgmt

Synopsis
Parameters
Examples
Return Values

Synopsis

Manages threat-indicator objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.

Parameters

Parameter		Choices/Defaults	Comments
action string		Choices: Inactive Ask Prevent Detect	The indicator's action.
auto_publish_session boolean		Choices: no yes	Publish the current session if changes have been performed after task completes.
color string		Choices: aquamarine black blue crete blue burlywood cyan dark green khaki orchid dark orange dark sea green pink turquoise dark blue firebrick brown forest green gold dark gold gray dark gray light green lemon chiffon coral sea green sky blue magenta purple slate blue violet red navy blue olive orange red sienna yellow	Color of the object. Should be one of existing colors.
comments string			Comments string.
details_level string		Choices: uid standard full	The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
ignore_errors boolean		Choices: no yes	Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignore_warnings boolean		Choices: no yes	Apply changes ignoring warnings.
name string / required			Object name.
observables list / elements=string			The indicator's observables.
	comments string		Comments string.
	confidence string	Choices: low medium high critical	The confidence level the indicator has that a real threat has been uncovered.
	domain string		The name of a domain.
	ignore_errors boolean	Choices: no yes	Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
	ignore_warnings boolean	Choices: no yes	Apply changes ignoring warnings.
	ip_address string		A valid IP-Address.
	ip_address_first string		A valid IP-Address, the beginning of the range. If you configure this parameter with a value, you must also configure the value of the 'ip-address-last' parameter.
	ip_address_last string		A valid IP-Address, the end of the range. If you configure this parameter with a value, you must also configure the value of the 'ip-address-first' parameter.
	mail_cc string		A valid E-Mail address, cc field.
	mail_from string		A valid E-Mail address, sender field.
	mail_reply_to string		A valid E-Mail address, reply-to field.
	mail_subject string		Subject of E-Mail.
	mail_to string		A valid E-Mail address, recipient filed.
	md5 string		A valid MD5 sequence.
	name string		Object name. Should be unique in the domain.
	product string	Choices: AV AB	The software blade that processes the observable, AV - AntiVirus, AB - AntiBot.
	severity string	Choices: low medium high critical	The severity level of the threat.
	url string		A valid URL.
observables_raw_data string			The contents of a file containing the indicator's observables.
profile_overrides list / elements=string			Profiles in which to override the indicator's default action.
	action string	Choices: Inactive Ask Prevent Detect	The indicator's action in this profile.
	profile string		The profile in which to override the indicator's action.
state string		Choices: present ← absent	State of the access rule (present or absent). Defaults to present.
tags list / elements=string			Collection of tag identifiers.
version string			Version of checkpoint. If not given one, the latest version taken.
wait_for_task boolean		Choices: no yes ←	Wait for the task to end. Such as publish task.
wait_for_task_timeout integer		Default: 30	How many minutes to wait until throwing a timeout error.

Examples

- name: add-threat-indicator
  cp_mgmt_threat_indicator:
    action: ask
    ignore_warnings: true
    name: My_Indicator
    observables:
    - confidence: medium
      mail_to: [email protected]
      name: My_Observable
      product: AV
      severity: low
    profile_overrides:
    - action: detect
      profile: My_Profile
    state: present

- name: set-threat-indicator
  cp_mgmt_threat_indicator:
    action: prevent
    ignore_warnings: true
    name: My_Indicator
    state: present

- name: delete-threat-indicator
  cp_mgmt_threat_indicator:
    name: My_Indicator
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
cp_mgmt_threat_indicator dictionary	always, except when deleting the object.	The checkpoint object created or updated.

Authors

Or Soffer (@chkp-orso)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/check_point/mgmt/cp_mgmt_threat_indicator_module.html