cisco.meraki.meraki_mx_intrusion_prevention – Manage intrustion prevention in the Meraki cloud
Note
This plugin is part of the cisco.meraki collection (version 2.5.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install cisco.meraki.
To use it in a playbook, specify: cisco.meraki.meraki_mx_intrusion_prevention.
Synopsis
- Allows for management of intrusion prevention rules networks within Meraki MX networks.
Parameters
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| allowed_rules
list / elements=dictionary
|
List of IDs related to rules which are allowed for the organization.
|
||
| rule_id
string
|
ID of rule as defined by Snort.
|
||
| rule_message
string
added in 2.3.0 of cisco.meraki
|
Description of rule.
This is overwritten by the API.
Formerly
message which was deprecated but still maintained as an alias.
aliases: message |
||
| auth_key
string / required
|
Authentication key provided by the dashboard. Required if environmental variable MERAKI_KEY is not set.
|
||
| host
string
|
Default:
"api.meraki.com"
|
Hostname for Meraki dashboard.
Can be used to access regional Meraki environments, such as China.
|
|
| ids_rulesets
string
|
|
Ruleset complexity setting.
|
|
| internal_error_retry_time
integer
|
Default:
60
|
Number of seconds to retry if server returns an internal server error.
|
|
| mode
string
|
|
Operational mode of Intrusion Prevention system.
|
|
| net_id
string
|
ID number of a network.
|
||
| net_name
string
|
Name of a network.
aliases: name, network |
||
| org_id
string
|
ID of organization.
|
||
| org_name
string
|
Name of organization.
aliases: organization |
||
| output_format
string
|
|
Instructs module whether response keys should be snake case (ex. net_id) or camel case (ex. netId).
|
|
| output_level
string
|
|
Set amount of debug output during module execution.
|
|
| protected_networks
dictionary
|
Set included/excluded networks for Intrusion Prevention.
|
||
| excluded_cidr
list / elements=string
|
List of network IP ranges to exclude from scanning.
|
||
| included_cidr
list / elements=string
|
List of network IP ranges to include in scanning.
|
||
| use_default
boolean
|
|
Whether to use special IPv4 addresses per RFC 5735.
|
|
| rate_limit_retry_time
integer
|
Default:
165
|
Number of seconds to retry if rate limiter is triggered.
|
|
| state
string
|
|
Create or modify an organization.
|
|
| timeout
integer
|
Default:
30
|
Time to timeout for HTTP requests.
|
|
| use_https
boolean
|
|
If
no, it will use HTTP. Otherwise it will use HTTPS.
Only useful for internal Meraki developers.
|
|
| use_proxy
boolean
|
|
If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
|
|
| validate_certs
boolean
|
|
Whether to validate HTTP certificates.
|
|
Notes
Note
- More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
- Some of the options are likely only used for developers within Meraki.
- As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the
ANSIBLE_MERAKI_FORMATenvironment variable tocamelcase. - Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.
- Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change.
Examples
- name: Set whitelist for organization
meraki_intrusion_prevention:
auth_key: '{{auth_key}}'
state: present
org_id: '{{test_org_id}}'
allowed_rules:
- rule_id: "meraki:intrusion/snort/GID/01/SID/5805"
rule_message: Test rule
delegate_to: localhost
- name: Query IPS info for organization
meraki_intrusion_prevention:
auth_key: '{{auth_key}}'
state: query
org_name: '{{test_org_name}}'
delegate_to: localhost
register: query_org
- name: Set full ruleset with check mode
meraki_intrusion_prevention:
auth_key: '{{auth_key}}'
state: present
org_name: '{{test_org_name}}'
net_name: '{{test_net_name}} - IPS'
mode: prevention
ids_rulesets: security
protected_networks:
use_default: true
included_cidr:
- 192.0.1.0/24
excluded_cidr:
- 10.0.1.0/24
delegate_to: localhost
- name: Clear rules from organization
meraki_intrusion_prevention:
auth_key: '{{auth_key}}'
state: absent
org_name: '{{test_org_name}}'
allowed_rules: []
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | ||
|---|---|---|---|---|
| data
complex
|
success |
Information about the Threat Protection settings.
|
||
| idsRulesets
string
|
success, when network is queried or modified |
Setting of selected ruleset.
Sample:
balanced
|
||
| mode
string
|
success, when network is queried or modified |
Enabled setting of intrusion prevention.
Sample:
enabled
|
||
| protectedNetworks
complex
|
success, when network is queried or modified |
Networks protected by IPS.
|
||
| excludedCidr
string
|
success, when network is queried or modified |
List of CIDR notiation networks to exclude from protection.
Sample:
192.0.1.0/24
|
||
| includedCidr
string
|
success, when network is queried or modified |
List of CIDR notiation networks to protect.
Sample:
192.0.1.0/24
|
||
| useDefault
boolean
|
success, when network is queried or modified |
Whether to use special IPv4 addresses.
Sample:
True
|
||
| whitelistedRules
complex
|
success, when organization is queried or modified |
List of whitelisted IPS rules.
|
||
| rule_message
string
|
success, when organization is queried or modified |
Description of rule.
Sample:
MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines
|
||
| ruleId
string
|
success, when organization is queried or modified |
A rule identifier for an IPS rule.
Sample:
meraki:intrusion/snort/GID/01/SID/5805
|
||
Authors
- Kevin Breit (@kbreit)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/cisco/meraki/meraki_mx_intrusion_prevention_module.html