cisco.meraki.meraki_mx_intrusion_prevention – Manage intrustion prevention in the Meraki cloud
Note
This plugin is part of the cisco.meraki collection (version 2.5.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.meraki
.
To use it in a playbook, specify: cisco.meraki.meraki_mx_intrusion_prevention
.
Parameters
Parameter |
Comments |
---|---|
List of IDs related to rules which are allowed for the organization. |
|
ID of rule as defined by Snort. |
|
Description of rule. This is overwritten by the API. Formerly |
|
Authentication key provided by the dashboard. Required if environmental variable |
|
Hostname for Meraki dashboard. Can be used to access regional Meraki environments, such as China. Default: “api.meraki.com” |
|
Ruleset complexity setting. Choices:
|
|
Number of seconds to retry if server returns an internal server error. Default: 60 |
|
Operational mode of Intrusion Prevention system. Choices:
|
|
ID number of a network. |
|
Name of a network. |
|
ID of organization. |
|
Name of organization. |
|
Instructs module whether response keys should be snake case (ex. Choices:
|
|
Set amount of debug output during module execution. Choices:
|
|
Set included/excluded networks for Intrusion Prevention. |
|
List of network IP ranges to exclude from scanning. |
|
List of network IP ranges to include in scanning. |
|
Whether to use special IPv4 addresses per RFC 5735. Choices:
|
|
Number of seconds to retry if rate limiter is triggered. Default: 165 |
|
Create or modify an organization. Choices:
|
|
Time to timeout for HTTP requests. Default: 30 |
|
If Only useful for internal Meraki developers. Choices:
|
|
If Choices:
|
|
Whether to validate HTTP certificates. Choices:
|
Notes
Note
More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
Some of the options are likely only used for developers within Meraki.
As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the
ANSIBLE_MERAKI_FORMAT
environment variable tocamelcase
.Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.
Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change.
Examples
- name: Set whitelist for organization
meraki_intrusion_prevention:
auth_key: '{{auth_key}}'
state: present
org_id: '{{test_org_id}}'
allowed_rules:
- rule_id: "meraki:intrusion/snort/GID/01/SID/5805"
rule_message: Test rule
delegate_to: localhost
- name: Query IPS info for organization
meraki_intrusion_prevention:
auth_key: '{{auth_key}}'
state: query
org_name: '{{test_org_name}}'
delegate_to: localhost
register: query_org
- name: Set full ruleset with check mode
meraki_intrusion_prevention:
auth_key: '{{auth_key}}'
state: present
org_name: '{{test_org_name}}'
net_name: '{{test_net_name}} - IPS'
mode: prevention
ids_rulesets: security
protected_networks:
use_default: true
included_cidr:
- 192.0.1.0/24
excluded_cidr:
- 10.0.1.0/24
delegate_to: localhost
- name: Clear rules from organization
meraki_intrusion_prevention:
auth_key: '{{auth_key}}'
state: absent
org_name: '{{test_org_name}}'
allowed_rules: []
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Information about the Threat Protection settings. Returned: success |
|
Setting of selected ruleset. Returned: success, when network is queried or modified Sample: “balanced” |
|
Enabled setting of intrusion prevention. Returned: success, when network is queried or modified Sample: “enabled” |
|
Networks protected by IPS. Returned: success, when network is queried or modified |
|
List of CIDR notiation networks to exclude from protection. Returned: success, when network is queried or modified Sample: “192.0.1.0/24” |
|
List of CIDR notiation networks to protect. Returned: success, when network is queried or modified Sample: “192.0.1.0/24” |
|
Whether to use special IPv4 addresses. Returned: success, when network is queried or modified Sample: true |
|
List of whitelisted IPS rules. Returned: success, when organization is queried or modified |
|
Description of rule. Returned: success, when organization is queried or modified Sample: “MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines” |
|
A rule identifier for an IPS rule. Returned: success, when organization is queried or modified Sample: “meraki:intrusion/snort/GID/01/SID/5805” |
Authors
Kevin Breit (@kbreit)