The Ansible TrendMicro DeepSecurity collection includes a variety of Ansible content to help automate the management of TrendMicro DeepSecurity Endpoint Security solutions.
This collection has been tested against following Ansible versions: >=2.15.0.
For collections that support Ansible 2.9, please ensure you update your network_os to use the
fully qualified collection name (for example, cisco.ios.ios).
Plugins and modules within a collection may be tested with only specific Ansible versions.
A collection may contain metadata that identifies these versions.
PEP440 is the schema used to describe the versions of Ansible.
This collection has been tested against TrendMicro DeepSecurity with version 12.5.855.
The TrendMicro DeepSecurity collection supports httpapi connections.
| Name | Description |
|---|---|
| trendmicro.deepsec.deepsec | HttpApi Plugin for Trend Micro Deep Security |
| Name | Description |
|---|---|
| trendmicro.deepsec.deepsec_anti_malware | Create a new antimalware under TrendMicro Deep Security Policy |
| trendmicro.deepsec.deepsec_anti_malwares | Manages AntiMalware Rule resource module |
| trendmicro.deepsec.deepsec_apikey | Create a new and manage API Keys. |
| trendmicro.deepsec.deepsec_firewall_rules | Manages Firewall Rule resource module |
| trendmicro.deepsec.deepsec_firewallrules | Create a new firewall rule. |
| trendmicro.deepsec.deepsec_hosts_info | Obtain information about one or many Hosts defined by TrendMicro Deep Security |
| trendmicro.deepsec.deepsec_integrity_monitoring_rules | Manages Integrity Monitoring Rule resource module |
| trendmicro.deepsec.deepsec_integrity_monitoringrules | Create/Configure Integrity Monitoring Rules. |
| trendmicro.deepsec.deepsec_intrusion_prevention_rules | Intrusion Prevention Rule resource module. |
| trendmicro.deepsec.deepsec_intrusion_preventionrules | Create a new intrusion prevention rule. |
| trendmicro.deepsec.deepsec_log_inspection_rules | Manages Log Inspection Rule resource module |
| trendmicro.deepsec.deepsec_log_inspectionrules | Create a new log inspection rule. |
| trendmicro.deepsec.deepsec_syslog | Configure or create a syslog configuration for TrendMicro Deep Security |
| trendmicro.deepsec.deepsec_system_settings | Modify the system settings for TrendMicro Deep Security. |
You can install the TrendMicro DeepSecurity collection with the Ansible Galaxy CLI:
ansible-galaxy collection install trendmicro.deepsec
You can also include it in a requirements.yml file and install it with ansible-galaxy collection install -r requirements.yml, using the format:
---
collections:
- name: trendmicro.deepsecAn example for using this collection to manage a TM deepsecurity policy resource TM DeepSecurity Polcies is as follows:
inventory.ini (Note the password should be managed by a Vault for a production environment.
Trend Micro Deep security currently supports two ways as to how their REST API can be interacted with, and for each of the respective cases, the Ansible inventory will be changed slightly as mentioned below:
- In case of the newer REST APIs the Ansible inventory will work with the network OS
trendmicro.deepsec.deepsec, a Trend Microapi-secret-keyandapi-versionkey:
[deepsec]
host_deepsec.example.com
[deepsec:vars]
ansible_network_os=trendmicro.deepsec.deepsec
ansible_httpapi_use_ssl=true
ansible_httpapi_validate_certs=false
ansible_connection=httpapi
ansible_python_interpreter=/usr/bin/python
ansible_httpapi_session_key={'api-secret-key': 'secret-key', 'api-version': 'v1'}
- In case of APIs using the legacy REST APIs, the Ansible inventory will also require the network OS
trendmicro.deepsec.deepsec, but uses ausernameand apassword.
[deepsec]
host_deepsec.example.com
[deepsec:vars]
ansible_user=admin
ansible_httpapi_pass=password
ansible_httpapi_use_ssl=true
ansible_httpapi_validate_certs=false
ansible_connection=ansible.netcommon.httpapi
ansible_network_os=trendmicro.deepsec.deepsec
ansible_python_interpreter=python
You can either call modules by their Fully Qualified Collection Namespace (FQCN), like trendmicro.deepsec.deepsec, or you can call modules by their short name if you list the trendmicro.deepsec collection in the playbook's collections, as follows:
---
- hosts: trendmicro
gather_facts: false
connection: httpapi
collections:
- trendmicro.deepsec
tasks:
- name: Create/Config a new Firewall Rule Config
trendmicro.deepsec.deepsec_firewallrules:
state: present
name: test_firewallrule config
description: test firewall description
action: deny
priority: 0
source_iptype: any
destination_iptype: any
direction: incoming
protocol: tcp
tcpflags:
- synWe welcome community contributions to this collection. If you find problems, please open an issue or create a PR against the TrendMicro DeepSecurity collection repository. See Contributing to Ansible-maintained collections for complete details.
You can also join us on:
- IRC - the
#ansible-securityirc.libera.chat channel
See the Ansible Community Guide for details on contributing to Ansible.
This collection follows the Ansible project's Code of Conduct. Please read and familiarize yourself with this document.
Release notes are available here.
As a Red Hat Ansible Certified Content, this collection is entitled to support through Ansible Automation Platform (AAP).
If a support case cannot be opened with Red Hat and the collection has been obtained either from Galaxy or GitHub, there is community support available at no charge.
You can join us on #network:ansible.com room or the Ansible Forum Network Working Group.
- Ansible Collection overview
- Ansible User guide
- Ansible Developer guide
- Ansible Community code of conduct
GNU General Public License v3.0 or later.
See LICENSE to see the full text.