fortinet.fortios.fortios_log_threat_weight – Configure threat weight settings in Fortinet’s FortiOS and FortiGate.
Note
This plugin is part of the fortinet.fortios collection (version 1.1.8).
To install it use: ansible-galaxy collection install fortinet.fortios.
To use it in a playbook, specify: fortinet.fortios.fortios_log_threat_weight.
New in version 2.8: of fortinet.fortios
Synopsis
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log feature and threat_weight category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| access_token string | Token-based authentication. Generated from GUI of Fortigate. | |||
| log_threat_weight dictionary | Configure threat weight settings. | |||
| application list / elements=string | Application-control threat weight settings. | |||
| category integer | Application category. | |||
| id integer / required | Entry ID. | |||
| level string |
| Threat weight score for Application events. | ||
| blocked_connection string |
| Threat weight score for blocked connections. | ||
| botnet_connection_detected string |
| Threat weight score for detected botnet connections. | ||
| failed_connection string |
| Threat weight score for failed connections. | ||
| geolocation list / elements=string | Geolocation-based threat weight settings. | |||
| country string | Country code. | |||
| id integer / required | Entry ID. | |||
| level string |
| Threat weight score for Geolocation-based events. | ||
| ips dictionary | IPS threat weight settings. | |||
| critical_severity string |
| Threat weight score for IPS critical severity events. | ||
| high_severity string |
| Threat weight score for IPS high severity events. | ||
| info_severity string |
| Threat weight score for IPS info severity events. | ||
| low_severity string |
| Threat weight score for IPS low severity events. | ||
| medium_severity string |
| Threat weight score for IPS medium severity events. | ||
| level dictionary | Score mapping for threat weight levels. | |||
| critical integer | Critical level score value (1 - 100). | |||
| high integer | High level score value (1 - 100). | |||
| low integer | Low level score value (1 - 100). | |||
| medium integer | Medium level score value (1 - 100). | |||
| malware_detected string |
| Threat weight score for detected malware. | ||
| status string |
| Enable/disable the threat weight feature. | ||
| url_block_detected string |
| Threat weight score for URL blocking. | ||
| web list / elements=string | Web filtering threat weight settings. | |||
| category integer | Threat weight score for web category filtering matches. | |||
| id integer / required | Entry ID. | |||
| level string |
| Threat weight score for web category filtering matches. | ||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | ||
Notes
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
Examples
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure threat weight settings.
fortios_log_threat_weight:
vdom: "{{ vdom }}"
log_threat_weight:
application:
-
category: "4"
id: "5"
level: "disable"
blocked_connection: "disable"
botnet_connection_detected: "disable"
failed_connection: "disable"
geolocation:
-
country: "<your_own_value>"
id: "12"
level: "disable"
ips:
critical_severity: "disable"
high_severity: "disable"
info_severity: "disable"
low_severity: "disable"
medium_severity: "disable"
level:
critical: "21"
high: "22"
low: "23"
medium: "24"
malware_detected: "disable"
status: "enable"
url_block_detected: "disable"
web:
-
category: "29"
id: "30"
level: "disable"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortios/fortios_log_threat_weight_module.html