fortinet.fortios.fortios_log_threat_weight – Configure threat weight settings in Fortinet’s FortiOS and FortiGate.
Note
This plugin is part of the fortinet.fortios collection (version 2.1.2).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortios.
To use it in a playbook, specify: fortinet.fortios.fortios_log_threat_weight.
New in version 2.10: of fortinet.fortios
Synopsis
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log feature and threat_weight category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| access_token string | Token-based authentication. Generated from GUI of Fortigate. | |||
| enable_log boolean |
| Enable/Disable logging for task. | ||
| log_threat_weight dictionary | Configure threat weight settings. | |||
| application list / elements=string | Application-control threat weight settings. | |||
| category integer | Application category. | |||
| id integer / required | Entry ID. | |||
| level string |
| Threat weight score for Application events. | ||
| blocked_connection string |
| Threat weight score for blocked connections. | ||
| botnet_connection_detected string |
| Threat weight score for detected botnet connections. | ||
| failed_connection string |
| Threat weight score for failed connections. | ||
| geolocation list / elements=string | Geolocation-based threat weight settings. | |||
| country string | Country code. | |||
| id integer / required | Entry ID. | |||
| level string |
| Threat weight score for Geolocation-based events. | ||
| ips dictionary | IPS threat weight settings. | |||
| critical_severity string |
| Threat weight score for IPS critical severity events. | ||
| high_severity string |
| Threat weight score for IPS high severity events. | ||
| info_severity string |
| Threat weight score for IPS info severity events. | ||
| low_severity string |
| Threat weight score for IPS low severity events. | ||
| medium_severity string |
| Threat weight score for IPS medium severity events. | ||
| level dictionary | Score mapping for threat weight levels. | |||
| critical integer | Critical level score value (1 - 100). | |||
| high integer | High level score value (1 - 100). | |||
| low integer | Low level score value (1 - 100). | |||
| medium integer | Medium level score value (1 - 100). | |||
| malware dictionary | Anti-virus malware threat weight settings. | |||
| botnet_connection string |
| Threat weight score for detected botnet connections. | ||
| command_blocked string |
| Threat weight score for blocked command detected. | ||
| content_disarm string |
| Threat weight score for virus (content disarm) detected. | ||
| ems_threat_feed string |
| Threat weight score for virus (EMS threat feed) detected. | ||
| file_blocked string |
| Threat weight score for blocked file detected. | ||
| fsa_high_risk string |
| Threat weight score for FortiSandbox high risk malware detected. | ||
| fsa_malicious string |
| Threat weight score for FortiSandbox malicious malware detected. | ||
| fsa_medium_risk string |
| Threat weight score for FortiSandbox medium risk malware detected. | ||
| malware_list string |
| Threat weight score for virus (malware list) detected. | ||
| mimefragmented string |
| Threat weight score for mimefragmented detected. | ||
| oversized string |
| Threat weight score for oversized file detected. | ||
| switch_proto string |
| Threat weight score for switch proto detected. | ||
| virus_blocked string |
| Threat weight score for virus (blocked) detected. | ||
| virus_file_type_executable string |
| Threat weight score for virus (filetype executable) detected. | ||
| virus_infected string |
| Threat weight score for virus (infected) detected. | ||
| virus_outbreak_prevention string |
| Threat weight score for virus (outbreak prevention) event. | ||
| virus_scan_error string |
| Threat weight score for virus (scan error) detected. | ||
| status string |
| Enable/disable the threat weight feature. | ||
| url_block_detected string |
| Threat weight score for URL blocking. | ||
| web list / elements=string | Web filtering threat weight settings. | |||
| category integer | Threat weight score for web category filtering matches. | |||
| id integer / required | Entry ID. | |||
| level string |
| Threat weight score for web category filtering matches. | ||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | ||
Notes
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
Examples
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure threat weight settings.
fortios_log_threat_weight:
vdom: "{{ vdom }}"
log_threat_weight:
application:
-
category: "4"
id: "5"
level: "disable"
blocked_connection: "disable"
botnet_connection_detected: "disable"
failed_connection: "disable"
geolocation:
-
country: "<your_own_value>"
id: "12"
level: "disable"
ips:
critical_severity: "disable"
high_severity: "disable"
info_severity: "disable"
low_severity: "disable"
medium_severity: "disable"
level:
critical: "21"
high: "22"
low: "23"
medium: "24"
malware:
botnet_connection: "disable"
command_blocked: "disable"
content_disarm: "disable"
ems_threat_feed: "disable"
file_blocked: "disable"
fsa_high_risk: "disable"
fsa_malicious: "disable"
fsa_medium_risk: "disable"
malware_list: "disable"
mimefragmented: "disable"
oversized: "disable"
switch_proto: "disable"
virus_blocked: "disable"
virus_file_type_executable: "disable"
virus_infected: "disable"
virus_outbreak_prevention: "disable"
virus_scan_error: "disable"
status: "enable"
url_block_detected: "disable"
web:
-
category: "46"
id: "47"
level: "disable"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_log_threat_weight_module.html