cp_mgmt_threat_profile – Manages threat-profile objects on Check Point over Web Services API
New in version 2.9.
Synopsis
- Manages threat-profile objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
Parameters
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
activate_protections_by_extended_attributes
list
|
Activate protections by these extended attributes.
|
||
category
string
|
IPS tag category name.
|
||
name
string
|
IPS tag name.
|
||
active_protections_performance_impact
string
|
|
Protections with this performance impact only will be activated in the profile.
|
|
active_protections_severity
string
|
|
Protections with this severity only will be activated in the profile.
|
|
anti_bot
boolean
|
|
Is Anti-Bot blade activated.
|
|
anti_virus
boolean
|
|
Is Anti-Virus blade activated.
|
|
auto_publish_session
boolean
|
|
Publish the current session if changes have been performed after task completes.
|
|
color
string
|
|
Color of the object. Should be one of existing colors.
|
|
comments
string
|
Comments string.
|
||
confidence_level_high
string
|
|
Action for protections with high confidence level.
|
|
confidence_level_low
string
|
|
Action for protections with low confidence level.
|
|
confidence_level_medium
string
|
|
Action for protections with medium confidence level.
|
|
deactivate_protections_by_extended_attributes
list
|
Deactivate protections by these extended attributes.
|
||
category
string
|
IPS tag category name.
|
||
name
string
|
IPS tag name.
|
||
details_level
string
|
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
|
|
ignore_errors
boolean
|
|
Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
|
ignore_warnings
boolean
|
|
Apply changes ignoring warnings.
|
|
indicator_overrides
list
|
Indicators whose action will be overridden in this profile.
|
||
action
string
|
|
The indicator's action in this profile.
|
|
indicator
string
|
The indicator whose action is to be overridden.
|
||
ips
boolean
|
|
Is IPS blade activated.
|
|
ips_settings
dictionary
|
IPS blade settings.
|
||
exclude_protection_with_performance_impact
boolean
|
|
Whether to exclude protections depending on their level of performance impact.
|
|
exclude_protection_with_performance_impact_mode
string
|
|
Exclude protections with this level of performance impact.
|
|
exclude_protection_with_severity
boolean
|
|
Whether to exclude protections depending on their level of severity.
|
|
exclude_protection_with_severity_mode
string
|
|
Exclude protections with this level of severity.
|
|
newly_updated_protections
string
|
|
Activation of newly updated protections.
|
|
malicious_mail_policy_settings
dictionary
|
Malicious Mail Policy for MTA Gateways.
|
||
add_customized_text_to_email_body
boolean
|
|
Add customized text to the malicious email body.
|
|
add_email_subject_prefix
boolean
|
|
Add a prefix to the malicious email subject.
|
|
add_x_header_to_email
boolean
|
|
Add an X-Header to the malicious email.
|
|
email_action
string
|
|
Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and links, add x-header, etc...).
|
|
email_body_customized_text
string
|
Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict.
|
||
email_subject_prefix_text
string
|
Prefix for the malicious email subject.
|
||
failed_to_scan_attachments_text
string
|
Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file.
|
||
malicious_attachments_text
string
|
Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file.
|
||
malicious_links_text
string
|
Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link.
|
||
remove_attachments_and_links
boolean
|
|
Remove attachments and links from the malicious email.
|
|
send_copy
boolean
|
|
Send a copy of the malicious email to the recipient list.
|
|
send_copy_list
list
|
Recipient list to send a copy of the malicious email.
|
||
name
string /
required
|
Object name.
|
||
overrides
list
|
Overrides per profile for this protection.
|
||
action
string
|
|
Protection action.
|
|
capture_packets
boolean
|
|
Capture packets.
|
|
protection
string
|
IPS protection identified by name or UID.
|
||
track
string
|
|
Tracking method for protection.
|
|
state
string
|
|
State of the access rule (present or absent). Defaults to present.
|
|
tags
list
|
Collection of tag identifiers.
|
||
threat_emulation
boolean
|
|
Is Threat Emulation blade activated.
|
|
use_extended_attributes
boolean
|
|
Whether to activate/deactivate IPS protections according to the extended attributes.
|
|
use_indicators
boolean
|
|
Indicates whether the profile should make use of indicators.
|
|
version
string
|
Version of checkpoint. If not given one, the latest version taken.
|
||
wait_for_task
boolean
|
|
Wait for the task to end. Such as publish task.
|
Examples
- name: add-threat-profile cp_mgmt_threat_profile: active_protections_performance_impact: low active_protections_severity: low or above anti_bot: true anti_virus: true confidence_level_high: prevent confidence_level_medium: prevent ips: true ips_settings: exclude_protection_with_performance_impact: true exclude_protection_with_performance_impact_mode: high or lower newly_updated_protections: staging name: New Profile 1 state: present threat_emulation: true - name: set-threat-profile cp_mgmt_threat_profile: active_protections_performance_impact: low active_protections_severity: low or above anti_bot: true anti_virus: false comments: update recommended profile confidence_level_high: prevent confidence_level_low: prevent confidence_level_medium: prevent ips: false ips_settings: exclude_protection_with_performance_impact: true exclude_protection_with_performance_impact_mode: high or lower newly_updated_protections: active name: New Profile 1 state: present threat_emulation: true - name: delete-threat-profile cp_mgmt_threat_profile: name: New Profile 1 state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
cp_mgmt_threat_profile
dictionary
|
always, except when deleting the object. |
The checkpoint object created or updated.
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Or Soffer (@chkp-orso)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/cp_mgmt_threat_profile_module.html