| Parameter |
Choices/Defaults |
Comments |
|
activate_protections_by_extended_attributes
list
/ elements=string
|
|
Activate protections by these extended attributes.
|
|
category
string
|
|
IPS tag category name.
|
|
name
string
|
|
IPS tag name.
|
|
active_protections_performance_impact
string
|
Choices:
- high
- medium
- low
- very_low
|
Protections with this performance impact only will be activated in the profile.
|
|
active_protections_severity
string
|
Choices:
- Critical
- High
- Medium or above
- Low or above
|
Protections with this severity only will be activated in the profile.
|
|
anti_bot
boolean
|
|
Is Anti-Bot blade activated.
|
|
anti_virus
boolean
|
|
Is Anti-Virus blade activated.
|
|
auto_publish_session
boolean
|
|
Publish the current session if changes have been performed after task completes.
|
|
color
string
|
Choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
|
Color of the object. Should be one of existing colors.
|
|
comments
string
|
|
Comments string.
|
|
confidence_level_high
string
|
Choices:
- Inactive
- Ask
- Prevent
- Detect
|
Action for protections with high confidence level.
|
|
confidence_level_low
string
|
Choices:
- Inactive
- Ask
- Prevent
- Detect
|
Action for protections with low confidence level.
|
|
confidence_level_medium
string
|
Choices:
- Inactive
- Ask
- Prevent
- Detect
|
Action for protections with medium confidence level.
|
|
deactivate_protections_by_extended_attributes
list
/ elements=string
|
|
Deactivate protections by these extended attributes.
|
|
category
string
|
|
IPS tag category name.
|
|
name
string
|
|
IPS tag name.
|
|
details_level
string
|
Choices:
- uid
- standard
- full
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
|
|
ignore_errors
boolean
|
|
Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
|
ignore_warnings
boolean
|
|
Apply changes ignoring warnings.
|
|
indicator_overrides
list
/ elements=string
|
|
Indicators whose action will be overridden in this profile.
|
|
action
string
|
Choices:
- Inactive
- Ask
- Prevent
- Detect
|
The indicator's action in this profile.
|
|
indicator
string
|
|
The indicator whose action is to be overridden.
|
|
ips
boolean
|
|
Is IPS blade activated.
|
|
ips_settings
dictionary
|
|
IPS blade settings.
|
|
exclude_protection_with_performance_impact
boolean
|
|
Whether to exclude protections depending on their level of performance impact.
|
|
exclude_protection_with_performance_impact_mode
string
|
Choices:
- very low
- low or lower
- medium or lower
- high or lower
|
Exclude protections with this level of performance impact.
|
|
exclude_protection_with_severity
boolean
|
|
Whether to exclude protections depending on their level of severity.
|
|
exclude_protection_with_severity_mode
string
|
Choices:
- low or above
- medium or above
- high or above
- critical
|
Exclude protections with this level of severity.
|
|
newly_updated_protections
string
|
Choices:
- active
- inactive
- staging
|
Activation of newly updated protections.
|
|
malicious_mail_policy_settings
dictionary
|
|
Malicious Mail Policy for MTA Gateways.
|
|
add_customized_text_to_email_body
boolean
|
|
Add customized text to the malicious email body.
|
|
add_email_subject_prefix
boolean
|
|
Add a prefix to the malicious email subject.
|
|
add_x_header_to_email
boolean
|
|
Add an X-Header to the malicious email.
|
|
email_action
string
|
|
Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and links, add x-header, etc...).
|
|
email_body_customized_text
string
|
|
Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict.
|
|
email_subject_prefix_text
string
|
|
Prefix for the malicious email subject.
|
|
failed_to_scan_attachments_text
string
|
|
Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file.
|
|
malicious_attachments_text
string
|
|
Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file.
|
|
malicious_links_text
string
|
|
Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link.
|
|
remove_attachments_and_links
boolean
|
|
Remove attachments and links from the malicious email.
|
|
send_copy
boolean
|
|
Send a copy of the malicious email to the recipient list.
|
|
send_copy_list
list
/ elements=string
|
|
Recipient list to send a copy of the malicious email.
|
|
name
string
/ required
|
|
Object name.
|
|
overrides
list
/ elements=string
|
|
Overrides per profile for this protection.
|
|
action
string
|
Choices:
- Threat Cloud: Inactive
- Detect
- Prevent <br> Core: Drop
- Inactive
- Accept
|
Protection action.
|
|
capture_packets
boolean
|
|
Capture packets.
|
|
protection
string
|
|
IPS protection identified by name or UID.
|
|
track
string
|
Choices:
- none
- log
- alert
- mail
- snmp trap
- user alert
- user alert 1
- user alert 2
|
Tracking method for protection.
|
|
state
string
|
Choices:
present ← - absent
|
State of the access rule (present or absent). Defaults to present.
|
|
tags
list
/ elements=string
|
|
Collection of tag identifiers.
|
|
threat_emulation
boolean
|
|
Is Threat Emulation blade activated.
|
|
use_extended_attributes
boolean
|
|
Whether to activate/deactivate IPS protections according to the extended attributes.
|
|
use_indicators
boolean
|
|
Indicates whether the profile should make use of indicators.
|
|
version
string
|
|
Version of checkpoint. If not given one, the latest version taken.
|
|
wait_for_task
boolean
|
|
Wait for the task to end. Such as publish task.
|
|
wait_for_task_timeout
integer
|
Default:
30
|
How many minutes to wait until throwing a timeout error.
|
