W3cubDocs

cp_mgmt_threat_profile – Manages threat-profile objects on Check Point over Web Services API

New in version 2.9.

Synopsis
Parameters
Examples
Return Values
Status

Synopsis

Manages threat-profile objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.

Parameters

Parameter		Choices/Defaults	Comments
activate_protections_by_extended_attributes list			Activate protections by these extended attributes.
	category string		IPS tag category name.
	name string		IPS tag name.
active_protections_performance_impact string		Choices: high medium low very_low	Protections with this performance impact only will be activated in the profile.
active_protections_severity string		Choices: Critical High Medium or above Low or above	Protections with this severity only will be activated in the profile.
anti_bot boolean		Choices: no yes	Is Anti-Bot blade activated.
anti_virus boolean		Choices: no yes	Is Anti-Virus blade activated.
auto_publish_session boolean		Choices: no yes	Publish the current session if changes have been performed after task completes.
color string		Choices: aquamarine black blue crete blue burlywood cyan dark green khaki orchid dark orange dark sea green pink turquoise dark blue firebrick brown forest green gold dark gold gray dark gray light green lemon chiffon coral sea green sky blue magenta purple slate blue violet red navy blue olive orange red sienna yellow	Color of the object. Should be one of existing colors.
comments string			Comments string.
confidence_level_high string		Choices: Inactive Ask Prevent Detect	Action for protections with high confidence level.
confidence_level_low string		Choices: Inactive Ask Prevent Detect	Action for protections with low confidence level.
confidence_level_medium string		Choices: Inactive Ask Prevent Detect	Action for protections with medium confidence level.
deactivate_protections_by_extended_attributes list			Deactivate protections by these extended attributes.
	category string		IPS tag category name.
	name string		IPS tag name.
details_level string		Choices: uid standard full	The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
ignore_errors boolean		Choices: no yes	Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignore_warnings boolean		Choices: no yes	Apply changes ignoring warnings.
indicator_overrides list			Indicators whose action will be overridden in this profile.
	action string	Choices: Inactive Ask Prevent Detect	The indicator's action in this profile.
	indicator string		The indicator whose action is to be overridden.
ips boolean		Choices: no yes	Is IPS blade activated.
ips_settings dictionary			IPS blade settings.
	exclude_protection_with_performance_impact boolean	Choices: no yes	Whether to exclude protections depending on their level of performance impact.
	exclude_protection_with_performance_impact_mode string	Choices: very low low or lower medium or lower high or lower	Exclude protections with this level of performance impact.
	exclude_protection_with_severity boolean	Choices: no yes	Whether to exclude protections depending on their level of severity.
	exclude_protection_with_severity_mode string	Choices: low or above medium or above high or above critical	Exclude protections with this level of severity.
	newly_updated_protections string	Choices: active inactive staging	Activation of newly updated protections.
malicious_mail_policy_settings dictionary			Malicious Mail Policy for MTA Gateways.
	add_customized_text_to_email_body boolean	Choices: no yes	Add customized text to the malicious email body.
	add_email_subject_prefix boolean	Choices: no yes	Add a prefix to the malicious email subject.
	add_x_header_to_email boolean	Choices: no yes	Add an X-Header to the malicious email.
	email_action string	Choices: allow block	Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and links, add x-header, etc...).
	email_body_customized_text string		Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict.
	email_subject_prefix_text string		Prefix for the malicious email subject.
	failed_to_scan_attachments_text string		Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file.
	malicious_attachments_text string		Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file.
	malicious_links_text string		Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link.
	remove_attachments_and_links boolean	Choices: no yes	Remove attachments and links from the malicious email.
	send_copy boolean	Choices: no yes	Send a copy of the malicious email to the recipient list.
	send_copy_list list		Recipient list to send a copy of the malicious email.
name string / required			Object name.
overrides list			Overrides per profile for this protection.
	action string	Choices: Threat Cloud: Inactive Detect Prevent <br> Core: Drop Inactive Accept	Protection action.
	capture_packets boolean	Choices: no yes	Capture packets.
	protection string		IPS protection identified by name or UID.
	track string	Choices: none log alert mail snmp trap user alert user alert 1 user alert 2	Tracking method for protection.
state string		Choices: present ← absent	State of the access rule (present or absent). Defaults to present.
tags list			Collection of tag identifiers.
threat_emulation boolean		Choices: no yes	Is Threat Emulation blade activated.
use_extended_attributes boolean		Choices: no yes	Whether to activate/deactivate IPS protections according to the extended attributes.
use_indicators boolean		Choices: no yes	Indicates whether the profile should make use of indicators.
version string			Version of checkpoint. If not given one, the latest version taken.
wait_for_task boolean		Choices: no yes ←	Wait for the task to end. Such as publish task.

Examples

- name: add-threat-profile
  cp_mgmt_threat_profile:
    active_protections_performance_impact: low
    active_protections_severity: low or above
    anti_bot: true
    anti_virus: true
    confidence_level_high: prevent
    confidence_level_medium: prevent
    ips: true
    ips_settings:
      exclude_protection_with_performance_impact: true
      exclude_protection_with_performance_impact_mode: high or lower
      newly_updated_protections: staging
    name: New Profile 1
    state: present
    threat_emulation: true

- name: set-threat-profile
  cp_mgmt_threat_profile:
    active_protections_performance_impact: low
    active_protections_severity: low or above
    anti_bot: true
    anti_virus: false
    comments: update recommended profile
    confidence_level_high: prevent
    confidence_level_low: prevent
    confidence_level_medium: prevent
    ips: false
    ips_settings:
      exclude_protection_with_performance_impact: true
      exclude_protection_with_performance_impact_mode: high or lower
      newly_updated_protections: active
    name: New Profile 1
    state: present
    threat_emulation: true

- name: delete-threat-profile
  cp_mgmt_threat_profile:
    name: New Profile 1
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
cp_mgmt_threat_profile dictionary	always, except when deleting the object.	The checkpoint object created or updated.

Status

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors

Or Soffer (@chkp-orso)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/cp_mgmt_threat_profile_module.html