cisco.meraki.meraki_mx_intrusion_prevention – Manage intrustion prevention in the Meraki cloud
Note
This plugin is part of the cisco.meraki collection (version 2.2.0).
To install it use: ansible-galaxy collection install cisco.meraki
.
To use it in a playbook, specify: cisco.meraki.meraki_mx_intrusion_prevention
.
Synopsis
- Allows for management of intrusion prevention rules networks within Meraki MX networks.
Parameters
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
allowed_rules list / elements=dictionary | List of IDs related to rules which are allowed for the organization. | ||
message string | Description of rule. This is overwritten by the API. | ||
rule_id string | ID of rule as defined by Snort. | ||
auth_key string / required | Authentication key provided by the dashboard. Required if environmental variable MERAKI_KEY is not set. | ||
host string | Default: "api.meraki.com" | Hostname for Meraki dashboard. Can be used to access regional Meraki environments, such as China. | |
ids_rulesets string |
| Ruleset complexity setting. | |
internal_error_retry_time integer | Default: 60 | Number of seconds to retry if server returns an internal server error. | |
mode string |
| Operational mode of Intrusion Prevention system. | |
net_id string | ID number of a network. | ||
net_name string | Name of a network. aliases: name, network | ||
org_id string | ID of organization. | ||
org_name string | Name of organization. aliases: organization | ||
output_format string |
| Instructs module whether response keys should be snake case (ex. net_id ) or camel case (ex. netId ). | |
output_level string |
| Set amount of debug output during module execution. | |
protected_networks dictionary | Set included/excluded networks for Intrusion Prevention. | ||
excluded_cidr list / elements=string | List of network IP ranges to exclude from scanning. | ||
included_cidr list / elements=string | List of network IP ranges to include in scanning. | ||
use_default boolean |
| Whether to use special IPv4 addresses per RFC 5735. | |
rate_limit_retry_time integer | Default: 165 | Number of seconds to retry if rate limiter is triggered. | |
state string |
| Create or modify an organization. | |
timeout integer | Default: 30 | Time to timeout for HTTP requests. | |
use_https boolean |
| If no , it will use HTTP. Otherwise it will use HTTPS.Only useful for internal Meraki developers. | |
use_proxy boolean |
| If no , it will not use a proxy, even if one is defined in an environment variable on the target hosts. | |
validate_certs boolean |
| Whether to validate HTTP certificates. |
Notes
Note
- More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
- Some of the options are likely only used for developers within Meraki.
- As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the
ANSIBLE_MERAKI_FORMAT
environment variable tocamelcase
. - Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.
- Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change.
Examples
- name: Set whitelist for organization meraki_intrusion_prevention: auth_key: '{{auth_key}}' state: present org_id: '{{test_org_id}}' allowed_rules: - rule_id: "meraki:intrusion/snort/GID/01/SID/5805" message: Test rule delegate_to: localhost - name: Query IPS info for organization meraki_intrusion_prevention: auth_key: '{{auth_key}}' state: query org_name: '{{test_org_name}}' delegate_to: localhost register: query_org - name: Set full ruleset with check mode meraki_intrusion_prevention: auth_key: '{{auth_key}}' state: present org_name: '{{test_org_name}}' net_name: '{{test_net_name}} - IPS' mode: prevention ids_rulesets: security protected_networks: use_default: true included_cidr: - 192.0.1.0/24 excluded_cidr: - 10.0.1.0/24 delegate_to: localhost - name: Clear rules from organization meraki_intrusion_prevention: auth_key: '{{auth_key}}' state: absent org_name: '{{test_org_name}}' allowed_rules: [] delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | ||
---|---|---|---|---|
data complex | success | Information about the Threat Protection settings. | ||
idsRulesets string | success, when network is queried or modified | Setting of selected ruleset. Sample: balanced | ||
mode string | success, when network is queried or modified | Enabled setting of intrusion prevention. Sample: enabled | ||
protectedNetworks complex | success, when network is queried or modified | Networks protected by IPS. | ||
excludedCidr string | success, when network is queried or modified | List of CIDR notiation networks to exclude from protection. Sample: 192.0.1.0/24 | ||
includedCidr string | success, when network is queried or modified | List of CIDR notiation networks to protect. Sample: 192.0.1.0/24 | ||
useDefault boolean | success, when network is queried or modified | Whether to use special IPv4 addresses. Sample: True | ||
whitelistedRules complex | success, when organization is queried or modified | List of whitelisted IPS rules. | ||
message string | success, when organization is queried or modified | Description of rule. Sample: MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines | ||
ruleId string | success, when organization is queried or modified | A rule identifier for an IPS rule. Sample: meraki:intrusion/snort/GID/01/SID/5805 |
Authors
- Kevin Breit (@kbreit)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/cisco/meraki/meraki_mx_intrusion_prevention_module.html