check_point.mgmt.cp_mgmt_threat_profile – Manages threat-profile objects on Check Point over Web Services API
Note
This plugin is part of the check_point.mgmt collection (version 2.1.1).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install check_point.mgmt.
To use it in a playbook, specify: check_point.mgmt.cp_mgmt_threat_profile.
New in version 2.9: of check_point.mgmt
Synopsis
- Manages threat-profile objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
Parameters
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| activate_protections_by_extended_attributes
list / elements=string
|
Activate protections by these extended attributes.
|
||
| category
string
|
IPS tag category name.
|
||
| name
string
|
IPS tag name.
|
||
| active_protections_performance_impact
string
|
|
Protections with this performance impact only will be activated in the profile.
|
|
| active_protections_severity
string
|
|
Protections with this severity only will be activated in the profile.
|
|
| anti_bot
boolean
|
|
Is Anti-Bot blade activated.
|
|
| anti_virus
boolean
|
|
Is Anti-Virus blade activated.
|
|
| auto_publish_session
boolean
|
|
Publish the current session if changes have been performed after task completes.
|
|
| color
string
|
|
Color of the object. Should be one of existing colors.
|
|
| comments
string
|
Comments string.
|
||
| confidence_level_high
string
|
|
Action for protections with high confidence level.
|
|
| confidence_level_low
string
|
|
Action for protections with low confidence level.
|
|
| confidence_level_medium
string
|
|
Action for protections with medium confidence level.
|
|
| deactivate_protections_by_extended_attributes
list / elements=string
|
Deactivate protections by these extended attributes.
|
||
| category
string
|
IPS tag category name.
|
||
| name
string
|
IPS tag name.
|
||
| details_level
string
|
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
|
|
| ignore_errors
boolean
|
|
Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
|
| ignore_warnings
boolean
|
|
Apply changes ignoring warnings.
|
|
| indicator_overrides
list / elements=string
|
Indicators whose action will be overridden in this profile.
|
||
| action
string
|
|
The indicator's action in this profile.
|
|
| indicator
string
|
The indicator whose action is to be overridden.
|
||
| ips
boolean
|
|
Is IPS blade activated.
|
|
| ips_settings
dictionary
|
IPS blade settings.
|
||
| exclude_protection_with_performance_impact
boolean
|
|
Whether to exclude protections depending on their level of performance impact.
|
|
| exclude_protection_with_performance_impact_mode
string
|
|
Exclude protections with this level of performance impact.
|
|
| exclude_protection_with_severity
boolean
|
|
Whether to exclude protections depending on their level of severity.
|
|
| exclude_protection_with_severity_mode
string
|
|
Exclude protections with this level of severity.
|
|
| newly_updated_protections
string
|
|
Activation of newly updated protections.
|
|
| malicious_mail_policy_settings
dictionary
|
Malicious Mail Policy for MTA Gateways.
|
||
| add_customized_text_to_email_body
boolean
|
|
Add customized text to the malicious email body.
|
|
| add_email_subject_prefix
boolean
|
|
Add a prefix to the malicious email subject.
|
|
| add_x_header_to_email
boolean
|
|
Add an X-Header to the malicious email.
|
|
| email_action
string
|
|
Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and links, add x-header, etc...).
|
|
| email_body_customized_text
string
|
Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict.
|
||
| email_subject_prefix_text
string
|
Prefix for the malicious email subject.
|
||
| failed_to_scan_attachments_text
string
|
Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file.
|
||
| malicious_attachments_text
string
|
Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file.
|
||
| malicious_links_text
string
|
Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link.
|
||
| remove_attachments_and_links
boolean
|
|
Remove attachments and links from the malicious email.
|
|
| send_copy
boolean
|
|
Send a copy of the malicious email to the recipient list.
|
|
| send_copy_list
list / elements=string
|
Recipient list to send a copy of the malicious email.
|
||
| name
string / required
|
Object name.
|
||
| overrides
list / elements=string
|
Overrides per profile for this protection.
|
||
| action
string
|
|
Protection action.
|
|
| capture_packets
boolean
|
|
Capture packets.
|
|
| protection
string
|
IPS protection identified by name or UID.
|
||
| track
string
|
|
Tracking method for protection.
|
|
| state
string
|
|
State of the access rule (present or absent). Defaults to present.
|
|
| tags
list / elements=string
|
Collection of tag identifiers.
|
||
| threat_emulation
boolean
|
|
Is Threat Emulation blade activated.
|
|
| use_extended_attributes
boolean
|
|
Whether to activate/deactivate IPS protections according to the extended attributes.
|
|
| use_indicators
boolean
|
|
Indicates whether the profile should make use of indicators.
|
|
| version
string
|
Version of checkpoint. If not given one, the latest version taken.
|
||
| wait_for_task
boolean
|
|
Wait for the task to end. Such as publish task.
|
|
| wait_for_task_timeout
integer
|
Default:
30
|
How many minutes to wait until throwing a timeout error.
|
|
Examples
- name: add-threat-profile
cp_mgmt_threat_profile:
active_protections_performance_impact: low
active_protections_severity: low or above
anti_bot: true
anti_virus: true
confidence_level_high: prevent
confidence_level_medium: prevent
ips: true
ips_settings:
exclude_protection_with_performance_impact: true
exclude_protection_with_performance_impact_mode: high or lower
newly_updated_protections: staging
name: New Profile 1
state: present
threat_emulation: true
- name: set-threat-profile
cp_mgmt_threat_profile:
active_protections_performance_impact: low
active_protections_severity: low or above
anti_bot: true
anti_virus: false
comments: update recommended profile
confidence_level_high: prevent
confidence_level_low: prevent
confidence_level_medium: prevent
ips: false
ips_settings:
exclude_protection_with_performance_impact: true
exclude_protection_with_performance_impact_mode: high or lower
newly_updated_protections: active
name: New Profile 1
state: present
threat_emulation: true
- name: delete-threat-profile
cp_mgmt_threat_profile:
name: New Profile 1
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| cp_mgmt_threat_profile
dictionary
|
always, except when deleting the object. |
The checkpoint object created or updated.
|
Authors
- Or Soffer (@chkp-orso)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/cp_mgmt_threat_profile_module.html