check_point.mgmt.cp_mgmt_check_threat_ioc_feed module – Check if a target can reach or parse a threat IOC feed; can work with an existing feed object or with a new one (by providing all relevant feed parameters).
Note
This module is part of the check_point.mgmt collection (version 5.1.1).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install check_point.mgmt.
To use it in a playbook, specify: check_point.mgmt.cp_mgmt_check_threat_ioc_feed.
New in check_point.mgmt 3.0.0
Synopsis
Check if a target can reach or parse a threat IOC feed; can work with an existing feed object or with a new one (by providing all relevant feed parameters).
All operations are performed over Web Services API.
Parameters
Parameter |
Comments |
|---|---|
Publish the current session if changes have been performed after task completes. Choices:
|
|
threat ioc feed parameters. |
|
The feed indicator’s action. Choices:
|
|
Certificate SHA-1 fingerprint to access the feed. |
|
Custom IOC feed - the column number of comment. |
|
Custom IOC feed - the column number of confidence. |
|
Custom HTTP headers. |
|
The name of the HTTP header we wish to add. |
|
The name of the HTTP value we wish to add. |
|
Custom IOC feed - the column number of name. |
|
Custom IOC feed - the column number of severity. |
|
Custom IOC feed - the column number of type in case a specific type is not chosen. |
|
Custom IOC feed - the column number of value in case a specific type is chosen. |
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. Choices:
|
|
Sets whether this indicator feed is enabled. Choices:
|
|
Feed type to be enforced. Choices:
|
|
URL of the feed. URL should be written as http or https. |
|
The delimiter that separates between the columns in the feed. |
|
Apply changes ignoring errors. You won’t be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. Choices:
|
|
A prefix that will determine which lines to ignore. |
|
Apply changes ignoring warnings. Choices:
|
|
Object name. |
|
password for authenticating with the URL. |
|
Set in order to configure a custom indicator feed. Choices:
|
|
Use the gateway’s proxy for retrieving the feed. Choices:
|
|
username for authenticating with the URL. |
|
On what targets to execute this command. Targets may be identified by their name, or object unique identifier. |
|
Version of checkpoint. If not given one, the latest version taken. |
|
Wait for the task to end. Such as publish task. Choices:
|
|
How many minutes to wait until throwing a timeout error. Default: |
Examples
- name: check-threat-ioc-feed
cp_mgmt_check_threat_ioc_feed:
ioc_feed:
name: existing_feed
targets: corporate-gateway
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The checkpoint check-threat-ioc-feed output. Returned: always. |