check_point.mgmt.cp_mgmt_threat_profile module – Manages threat-profile objects on Check Point over Web Services API
Note
This module is part of the check_point.mgmt collection (version 2.3.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install check_point.mgmt
.
To use it in a playbook, specify: check_point.mgmt.cp_mgmt_threat_profile
.
New in version 2.9: of check_point.mgmt
Synopsis
Manages threat-profile objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.
Parameters
Parameter |
Comments |
---|---|
Activate protections by these extended attributes. |
|
IPS tag category name. |
|
IPS tag name. |
|
Protections with this performance impact only will be activated in the profile. Choices:
|
|
Protections with this severity only will be activated in the profile. Choices:
|
|
Is Anti-Bot blade activated. Choices:
|
|
Is Anti-Virus blade activated. Choices:
|
|
Publish the current session if changes have been performed after task completes. Choices:
|
|
Color of the object. Should be one of existing colors. Choices:
|
|
Comments string. |
|
Action for protections with high confidence level. Choices:
|
|
Action for protections with low confidence level. Choices:
|
|
Action for protections with medium confidence level. Choices:
|
|
Deactivate protections by these extended attributes. |
|
IPS tag category name. |
|
IPS tag name. |
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. Choices:
|
|
Apply changes ignoring errors. You won’t be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. Choices:
|
|
Apply changes ignoring warnings. Choices:
|
|
Indicators whose action will be overridden in this profile. |
|
The indicator’s action in this profile. Choices:
|
|
The indicator whose action is to be overridden. |
|
Is IPS blade activated. Choices:
|
|
IPS blade settings. |
|
Whether to exclude protections depending on their level of performance impact. Choices:
|
|
Exclude protections with this level of performance impact. Choices:
|
|
Whether to exclude protections depending on their level of severity. Choices:
|
|
Exclude protections with this level of severity. Choices:
|
|
Activation of newly updated protections. Choices:
|
|
Malicious Mail Policy for MTA Gateways. |
|
Add customized text to the malicious email body. Choices:
|
|
Add a prefix to the malicious email subject. Choices:
|
|
Add an X-Header to the malicious email. Choices:
|
|
Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and links, add x-header, etc…). Choices:
|
|
Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict. |
|
Prefix for the malicious email subject. |
|
Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file. |
|
Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file. |
|
Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link. |
|
Remove attachments and links from the malicious email. Choices:
|
|
Send a copy of the malicious email to the recipient list. Choices:
|
|
Recipient list to send a copy of the malicious email. |
|
Object name. |
|
Overrides per profile for this protection. |
|
Protection action. Choices:
|
|
Capture packets. Choices:
|
|
IPS protection identified by name or UID. |
|
Tracking method for protection. Choices:
|
|
State of the access rule (present or absent). Defaults to present. Choices:
|
|
Collection of tag identifiers. |
|
Is Threat Emulation blade activated. Choices:
|
|
Whether to activate/deactivate IPS protections according to the extended attributes. Choices:
|
|
Indicates whether the profile should make use of indicators. Choices:
|
|
Version of checkpoint. If not given one, the latest version taken. |
|
Wait for the task to end. Such as publish task. Choices:
|
|
How many minutes to wait until throwing a timeout error. Default: 30 |
Examples
- name: add-threat-profile
cp_mgmt_threat_profile:
active_protections_performance_impact: low
active_protections_severity: low or above
anti_bot: true
anti_virus: true
confidence_level_high: prevent
confidence_level_medium: prevent
ips: true
ips_settings:
exclude_protection_with_performance_impact: true
exclude_protection_with_performance_impact_mode: high or lower
newly_updated_protections: staging
name: New Profile 1
state: present
threat_emulation: true
- name: set-threat-profile
cp_mgmt_threat_profile:
active_protections_performance_impact: low
active_protections_severity: low or above
anti_bot: true
anti_virus: false
comments: update recommended profile
confidence_level_high: prevent
confidence_level_low: prevent
confidence_level_medium: prevent
ips: false
ips_settings:
exclude_protection_with_performance_impact: true
exclude_protection_with_performance_impact_mode: high or lower
newly_updated_protections: active
name: New Profile 1
state: present
threat_emulation: true
- name: delete-threat-profile
cp_mgmt_threat_profile:
name: New Profile 1
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The checkpoint object created or updated. Returned: always, except when deleting the object. |
Authors
Or Soffer (@chkp-orso)