check_point.mgmt.cp_mgmt_threat_profile – Manages threat-profile objects on Check Point over Web Services API
Note
This plugin is part of the check_point.mgmt collection (version 2.1.1).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install check_point.mgmt
.
To use it in a playbook, specify: check_point.mgmt.cp_mgmt_threat_profile
.
New in version 2.9: of check_point.mgmt
Synopsis
- Manages threat-profile objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
Parameters
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
activate_protections_by_extended_attributes list / elements=string | Activate protections by these extended attributes. | ||
category string | IPS tag category name. | ||
name string | IPS tag name. | ||
active_protections_performance_impact string |
| Protections with this performance impact only will be activated in the profile. | |
active_protections_severity string |
| Protections with this severity only will be activated in the profile. | |
anti_bot boolean |
| Is Anti-Bot blade activated. | |
anti_virus boolean |
| Is Anti-Virus blade activated. | |
auto_publish_session boolean |
| Publish the current session if changes have been performed after task completes. | |
color string |
| Color of the object. Should be one of existing colors. | |
comments string | Comments string. | ||
confidence_level_high string |
| Action for protections with high confidence level. | |
confidence_level_low string |
| Action for protections with low confidence level. | |
confidence_level_medium string |
| Action for protections with medium confidence level. | |
deactivate_protections_by_extended_attributes list / elements=string | Deactivate protections by these extended attributes. | ||
category string | IPS tag category name. | ||
name string | IPS tag name. | ||
details_level string |
| The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. | |
ignore_errors boolean |
| Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. | |
ignore_warnings boolean |
| Apply changes ignoring warnings. | |
indicator_overrides list / elements=string | Indicators whose action will be overridden in this profile. | ||
action string |
| The indicator's action in this profile. | |
indicator string | The indicator whose action is to be overridden. | ||
ips boolean |
| Is IPS blade activated. | |
ips_settings dictionary | IPS blade settings. | ||
exclude_protection_with_performance_impact boolean |
| Whether to exclude protections depending on their level of performance impact. | |
exclude_protection_with_performance_impact_mode string |
| Exclude protections with this level of performance impact. | |
exclude_protection_with_severity boolean |
| Whether to exclude protections depending on their level of severity. | |
exclude_protection_with_severity_mode string |
| Exclude protections with this level of severity. | |
newly_updated_protections string |
| Activation of newly updated protections. | |
malicious_mail_policy_settings dictionary | Malicious Mail Policy for MTA Gateways. | ||
add_customized_text_to_email_body boolean |
| Add customized text to the malicious email body. | |
add_email_subject_prefix boolean |
| Add a prefix to the malicious email subject. | |
add_x_header_to_email boolean |
| Add an X-Header to the malicious email. | |
email_action string |
| Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and links, add x-header, etc...). | |
email_body_customized_text string | Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict. | ||
email_subject_prefix_text string | Prefix for the malicious email subject. | ||
failed_to_scan_attachments_text string | Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file. | ||
malicious_attachments_text string | Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file. | ||
malicious_links_text string | Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link. | ||
remove_attachments_and_links boolean |
| Remove attachments and links from the malicious email. | |
send_copy boolean |
| Send a copy of the malicious email to the recipient list. | |
send_copy_list list / elements=string | Recipient list to send a copy of the malicious email. | ||
name string / required | Object name. | ||
overrides list / elements=string | Overrides per profile for this protection. | ||
action string |
| Protection action. | |
capture_packets boolean |
| Capture packets. | |
protection string | IPS protection identified by name or UID. | ||
track string |
| Tracking method for protection. | |
state string |
| State of the access rule (present or absent). Defaults to present. | |
tags list / elements=string | Collection of tag identifiers. | ||
threat_emulation boolean |
| Is Threat Emulation blade activated. | |
use_extended_attributes boolean |
| Whether to activate/deactivate IPS protections according to the extended attributes. | |
use_indicators boolean |
| Indicates whether the profile should make use of indicators. | |
version string | Version of checkpoint. If not given one, the latest version taken. | ||
wait_for_task boolean |
| Wait for the task to end. Such as publish task. | |
wait_for_task_timeout integer | Default: 30 | How many minutes to wait until throwing a timeout error. |
Examples
- name: add-threat-profile cp_mgmt_threat_profile: active_protections_performance_impact: low active_protections_severity: low or above anti_bot: true anti_virus: true confidence_level_high: prevent confidence_level_medium: prevent ips: true ips_settings: exclude_protection_with_performance_impact: true exclude_protection_with_performance_impact_mode: high or lower newly_updated_protections: staging name: New Profile 1 state: present threat_emulation: true - name: set-threat-profile cp_mgmt_threat_profile: active_protections_performance_impact: low active_protections_severity: low or above anti_bot: true anti_virus: false comments: update recommended profile confidence_level_high: prevent confidence_level_low: prevent confidence_level_medium: prevent ips: false ips_settings: exclude_protection_with_performance_impact: true exclude_protection_with_performance_impact_mode: high or lower newly_updated_protections: active name: New Profile 1 state: present threat_emulation: true - name: delete-threat-profile cp_mgmt_threat_profile: name: New Profile 1 state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
cp_mgmt_threat_profile dictionary | always, except when deleting the object. | The checkpoint object created or updated. |
Authors
- Or Soffer (@chkp-orso)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/cp_mgmt_threat_profile_module.html