def delete_module_api_config(argspec, module, deepsec_request):
if module.params and module.params.get("api_keys"):
deleted_key = []
for each in module.params["api_keys"]:
key_name = each["key_name"]
want = map_params_to_obj(each, key_transform)
search_by_id = search_for_pre_existing_key(want, deepsec_request)
if "id" in search_by_id:
delete_return = delete_config_with_id(
module,
deepsec_request,
api_object.split("/")[2],
search_by_id["id"],
api_return,
)
if delete_return.get("message"):
error_msg = "Delete for ApiKey with key_name: {0}, failed with error: {1}".format(
key_name, delete_return["message"])
module.fail_json(msg=error_msg)
deleted_key.append(key_name)
if deleted_key:
module.exit_json(
msg="{0} with name: {1} deleted successfully!".format(
api_return, deleted_key),
changed=True,
)
else:
module.exit_json(changed=False)
def main():
argspec = dict(
state=dict(choices=["present", "absent"], default="present"),
name=dict(required=True, type="str"),
description=dict(type="str"),
scan_type=dict(type="str", choices=["real-time", "on-demand"]),
document_exploit_protection_enabled=dict(type="bool"),
document_exploit_protection=dict(
type="str", choices=["critical-only", "critical-and-heuristic"]),
document_exploit_heuristic_level=dict(
type="str", choices=["default", "default-and-agressive"]),
machine_learning_enabled=dict(type="bool"),
behavior_monitoring_enabled=dict(type="bool"),
document_recovery_enabled=dict(type="bool"),
intelli_trap_enabled=dict(type="bool"),
memory_scan_enabled=dict(type="bool"),
spyware_enabled=dict(type="bool"),
alert_enabled=dict(type="bool"),
directories_to_scan=dict(type="str",
choices=["all-directories",
"directory-list"]),
directory_list_id=dict(type="int"),
files_to_scan=dict(
type="str",
choices=[
"all-files",
"intelliscan-file-types",
"file-extension-list",
],
),
file_extension_list_id=dict(type="int"),
excluded_directory_list_id=dict(type="int"),
excluded_file_list_id=dict(type="int"),
excluded_file_extension_list_id=dict(type="int"),
excluded_process_image_file_list_id=dict(type="int"),
real_time_scan=dict(type="str",
choices=["read-only", "write-only", "read-write"]),
scan_compressed_enabled=dict(type="bool"),
scan_compressed_maximum_size=dict(type="int"),
scan_compressed_maximum_levels=dict(type="int"),
scan_compressed_maximum_files=dict(type="int"),
microsoft_office_enabled=dict(type="bool"),
microsoft_office_layers=dict(type="int"),
network_directories_enabled=dict(type="bool"),
custom_remediation_actions_enabled=dict(type="bool"),
custom_scan_actions_enabled=dict(type="bool"),
scan_action_for_virus=dict(
type="str",
choices=["pass", "delete", "quarantine", "clean", "deny-access"],
),
scan_action_for_trojans=dict(
type="str",
choices=["pass", "delete", "quarantine", "deny-access"]),
scan_action_for_packer=dict(
type="str",
choices=["pass", "delete", "quarantine", "deny-access"]),
scan_action_for_spyware=dict(
type="str",
choices=["pass", "delete", "quarantine", "deny-access"]),
scan_action_for_other_threats=dict(
type="str",
choices=["pass", "delete", "quarantine", "clean", "deny-access"],
),
scan_action_for_cookies=dict(type="str", choices=["pass", "delete"]),
scan_action_for_cve=dict(
type="str",
choices=["pass", "delete", "quarantine", "deny-access"]),
scan_action_for_heuristics=dict(
type="str",
choices=["pass", "delete", "quarantine", "deny-access"]),
scan_action_for_possible_malware=dict(
type="str",
choices=[
"active-action",
"pass",
"delete",
"quarantine",
"deny-access",
],
),
cpu_usage=dict(type="str", choices=["low", "medium", "high"]),
)
module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
deepsec_request = DeepSecurityRequest(module)
want = map_params_to_obj(remove_empties(module.params))
# Search for existing Anti Malware config via Get call
search_existing_anti_malware_config = check_if_config_exists(
deepsec_request,
want["name"],
"antimalwareconfigurations",
"antiMalwareConfigurations",
)
if ("ID" in search_existing_anti_malware_config
and module.params["state"] == "absent"):
delete_config_with_id(
module,
deepsec_request,
"antimalwareconfigurations",
search_existing_anti_malware_config["ID"],
"antiMalwareConfigurations",
handle_return=True,
)
elif ("ID" not in search_existing_anti_malware_config
and module.params["state"] == "absent"):
module.exit_json(changed=False)
else:
anti_malware_config = deepsec_request.post(
"/api/antimalwareconfigurations", data=want)
if "ID" in search_existing_anti_malware_config:
module.exit_json(
anti_malware_config=search_existing_anti_malware_config,
changed=False,
)
elif anti_malware_config.get("message"):
module.fail_json(msg=anti_malware_config["message"])
else:
module.exit_json(anti_malware_config=anti_malware_config,
changed=True)
module.exit_json(changed=False)
def main():
argspec = dict(
state=dict(choices=["present", "absent"], required=True),
name=dict(required=True, type="str"),
description=dict(type="str", required=False),
action=dict(
type="str",
choices=["log-only", "allow", "deny", "force-allow", "bypass"],
required=False,
),
priority=dict(type="str",
choices=["0", "1", "2", "3", "4"],
required=False),
direction=dict(type="str",
choices=["incoming", "outgoing"],
required=False),
frame_type=dict(
type="str",
choices=["any", "ip", "arp", "revarp", "ipv4", "ipv6", "other"],
required=False,
),
frame_number=dict(type="int", required=False),
frame_not=dict(type="bool", required=False),
protocol=dict(
type="str",
choices=[
"any",
"icmp",
"igmp",
"ggp",
"tcp",
"pup",
"udp",
"idp",
"nd",
"raw",
"tcp-udp",
"icmp6",
"other",
],
required=False,
),
protocol_number=dict(type="int", required=False),
protocol_not=dict(type="bool", required=False),
source_iptype=dict(
type="str",
choices=[
"any",
"masked-ip",
"range",
"ip-list",
"single",
"multiple",
],
required=False,
),
source_ipvalue=dict(type="str", required=False),
source_ipmask=dict(type="str", required=False),
source_iprange_from=dict(type="str", required=False),
source_iprange_to=dict(type="str", required=False),
source_ipmultiple=dict(type="list", elements="str", required=False),
source_iplist_id=dict(type="int", required=False),
source_ipnot=dict(type="bool", required=False),
source_mactype=dict(
type="str",
choices=["any", "single", "mac-list", "multiple"],
required=False,
),
source_macvalue=dict(type="str", required=False),
source_macmultiple=dict(type="list", elements="str", required=False),
source_maclist_id=dict(type="int", required=False),
source_macnot=dict(type="bool", required=False),
source_port_type=dict(
type="str",
choices=["any", "multiple", "port-list"],
required=False,
),
source_port_multiple=dict(type="list", elements="str", required=False),
source_port_list_id=dict(type="int", required=False),
source_port_not=dict(type="bool", required=False),
destination_iptype=dict(
type="str",
choices=[
"any",
"masked-ip",
"range",
"ip-list",
"single",
"multiple",
],
required=False,
),
destination_ipvalue=dict(type="str", required=False),
destination_ipmask=dict(type="str", required=False),
destination_iprange_from=dict(type="str", required=False),
destination_iprange_to=dict(type="str", required=False),
destination_ipmultiple=dict(type="list",
elements="str",
required=False),
destination_iplist_id=dict(type="int", required=False),
destination_ipnot=dict(type="bool", required=False),
destination_mactype=dict(
type="str",
choices=["any", "single", "mac-list", "multiple"],
required=False,
),
destination_macvalue=dict(type="str", required=False),
destination_macmultiple=dict(type="list",
elements="str",
required=False),
destination_maclist_id=dict(type="int", required=False),
destination_macnot=dict(type="bool", required=False),
destination_port_type=dict(
type="str",
choices=["any", "multiple", "port-list"],
required=False,
),
destination_port_multiple=dict(type="list",
elements="str",
required=False),
destination_port_list_id=dict(type="int", required=False),
destination_port_not=dict(type="bool", elements="int", required=False),
any_flags=dict(type="bool", required=False),
log_disabled=dict(type="bool", required=False),
include_packet_data=dict(type="bool", required=False),
alert_enabled=dict(type="bool", required=False),
context_id=dict(type="int", required=False),
tcpflags=dict(
type="list",
elements="str",
choices=["fin", "syn", "rst", "psh", "ack", "urg"],
required=False,
),
tcpnot=dict(type="bool", required=False),
icmptype=dict(type="int", required=False),
icmpcode=dict(type="int", required=False),
icmpnot=dict(type="bool", required=False),
)
api_object = "/api/firewallrules"
api_return = "firewallRules"
module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
deepsec_request = DeepSecurityRequest(module)
want = map_params_to_obj(remove_empties(module.params))
search_existing_firewallrules = check_if_config_exists(
deepsec_request, want["name"],
api_object.split("/")[2], api_return)
if ("ID" in search_existing_firewallrules
and module.params["state"] == "absent"):
delete_config_with_id(
module,
deepsec_request,
api_object.split("/")[2],
search_existing_firewallrules["ID"],
api_return,
)
elif ("ID" not in search_existing_firewallrules
and module.params["state"] == "absent"):
module.exit_json(changed=False)
else:
firewallrules = deepsec_request.post("{0}".format(api_object),
data=want)
if "ID" in search_existing_firewallrules:
module.exit_json(firewallrules=search_existing_firewallrules,
changed=False)
elif firewallrules.get("message"):
module.fail_json(msg=firewallrules["message"])
else:
module.exit_json(firewallrules=firewallrules, changed=True)
module.exit_json(changed=False)
def main():
log_files_spec_list = {
"location":
dict(type="str"),
"format":
dict(
type="str",
choices=[
"syslog",
"snort-full",
"snort-fast",
"apache",
"iis",
"squid",
"nmapg",
"mysql-log",
"postgresql-log",
"dbj-multilog",
"eventlog",
"single-line-text-log",
],
),
}
log_files_spec = {
"log_files":
dict(type="list", elements="dict", options=log_files_spec_list)
}
argspec = dict(
state=dict(choices=["present", "absent"], default="present"),
name=dict(required=True, type="str"),
description=dict(type="str"),
minimum_agent_version=dict(type="str"),
minimum_manager_version=dict(type="str"),
type=dict(type="str"),
original_issue=dict(type="int"),
last_updated=dict(type="int"),
identifier=dict(type="str"),
template=dict(type="str", choices=["basic-rule", "custom"]),
rule_id=dict(type="int"),
level=dict(type="int"),
groups=dict(type="list", elements="str"),
rule_description=dict(type="str"),
pattern=dict(type="str"),
pattern_type=dict(type="str", choices=["string", "regex"]),
dependency=dict(type="str", choices=["none", "rule", "group"]),
dependency_rule_id=dict(type="int"),
dependency_group=dict(type="str"),
frequency=dict(type="int"),
time_frame=dict(type="int"),
rule_xml=dict(type="str"),
log_files=dict(type="dict", options=log_files_spec),
alert_enabled=dict(type="bool"),
alert_minimum_severity=dict(type="int"),
recommendations_mode=dict(
type="str", choices=["enabled", "ignored", "unknown", "disabled"]),
sort_order=dict(type="int"),
can_be_assigned_alone=dict(type="bool"),
depends_onrule_id=dict(type="list", elements="str"),
)
module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
deepsec_request = DeepSecurityRequest(module)
want = map_params_to_obj(remove_empties(module.params))
search_existing_log_inspection_rules = check_if_config_exists(
deepsec_request,
want["name"],
"loginspectionrules",
"logInspectionRules",
)
if ("ID" in search_existing_log_inspection_rules
and module.params["state"] == "absent"):
delete_config_with_id(
module,
deepsec_request,
"loginspectionrules",
search_existing_log_inspection_rules["ID"],
"logInspectionRules",
handle_return=True,
)
elif ("ID" not in search_existing_log_inspection_rules
and module.params["state"] == "absent"):
module.exit_json(changed=False)
else:
log_inspection_rules = deepsec_request.post("/api/loginspectionrules",
data=want)
if "ID" in search_existing_log_inspection_rules:
module.exit_json(
log_inspection_rules=search_existing_log_inspection_rules,
changed=False,
)
elif log_inspection_rules.get("message"):
module.fail_json(msg=log_inspection_rules["message"])
else:
module.exit_json(log_inspection_rules=log_inspection_rules,
changed=True)
module.exit_json(changed=False)
def main():
argspec = dict(
state=dict(
choices=["present", "absent", "gathered"], default="present"
),
id=dict(type="str"),
name=dict(type="str"),
description=dict(type="str"),
server=dict(type="str"),
port=dict(type="int", default=514),
transport=dict(
type="str", choices=["udp", "tcp", "tls"], default="udp"
),
event_format=dict(
type="str", choices=["standard", "cef", "leef"], default="cef"
),
facility=dict(
type="str",
choices=[
"kernel",
"user",
"mail",
"daemon",
"authorization",
"syslog",
"printer",
"news",
"uucp",
"clock",
"authpriv",
"ftp",
"ntp",
"log-audit",
"log-alert",
"cron",
"local0",
"local1",
"local2",
"local3",
"local4",
"local5",
"local6",
"local7",
],
default="local0",
),
certificate_chain=dict(type="list", elements="str"),
private_key=dict(type="str", no_log=True),
direct=dict(type="bool", default=False),
)
api_object = "/rest/syslog-configurations"
api_return = "syslogConfiguration"
api_get_return = "syslogConfigurations"
api_create_obj = "CreateSyslogConfigurationRequest"
module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
deepsec_request = DeepSecurityRequest(module)
# Get the configured Syslog config when state is gathered
if module.params["state"] == "gathered":
result = check_if_syslog_config_exists(
module, deepsec_request, None, api_object, api_get_return
)
module.exit_json(gathered=result, changed=False)
want = map_params_to_obj(remove_empties(module.params))
# Search for existing syslog config via Get call
search_existing_syslog_config = check_if_syslog_config_exists(
module, deepsec_request, want["name"], api_object, api_get_return
)
if (
"ID" in search_existing_syslog_config
and module.params["state"] == "absent"
):
delete_config_with_id(
module,
deepsec_request,
api_object.split("/")[2],
search_existing_syslog_config["ID"],
api_return,
False,
handle_return=True,
)
elif (
"ID" not in search_existing_syslog_config
and module.params["state"] == "absent"
):
module.exit_json(changed=False)
else:
# create legacy API request body for creating Syslog-Configurations
want = {api_create_obj: {api_return: want}}
syslog_config = deepsec_request.post(
"{0}".format(api_object), data=want
)
if "ID" in search_existing_syslog_config:
module.exit_json(
syslog_config=search_existing_syslog_config, changed=False
)
elif syslog_config.get("message"):
module.fail_json(msg=syslog_config["message"])
else:
module.exit_json(syslog_config=syslog_config, changed=True)
