diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..8d9bb70 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,5 @@ +--- +profile: production + +exclude_paths: + - changelogs/changelog.yaml diff --git a/.config/dictionary.txt b/.config/dictionary.txt new file mode 100644 index 0000000..ee8d051 --- /dev/null +++ b/.config/dictionary.txt @@ -0,0 +1,29 @@ +antsichaut +argspec +astimezone +autoupdate +basepython +cdcp +cidrblock +cmds +dataclass +KB-perByte +devel +endgroup +envname +envtmpdir +etime +extraheader +fileh +isoformat +nolabel +notesdir +passenv +returncode +setenv +setuptools +suboptions +tmpvtm +toxfile +toxinidir +tracebackhide diff --git a/.darglint b/.darglint new file mode 100644 index 0000000..8e68aa3 --- /dev/null +++ b/.darglint @@ -0,0 +1,7 @@ +[darglint] +# NOTE: All `darglint` styles except for `sphinx` hit ridiculously low +# NOTE: performance on some of the in-project Python modules. +# Refs: +# * https://github.com/terrencepreilly/darglint/issues/186 +docstring_style = sphinx +strictness = full diff --git a/.flake8 b/.flake8 new file mode 100644 index 0000000..4795515 --- /dev/null +++ b/.flake8 @@ -0,0 +1,72 @@ +[flake8] + +builtins = _ + +# Print the total number of errors: +count = true + +# Don't even try to analyze these: +extend-exclude = + # No need to traverse egg info dir + *.egg-info, + # tool cache dirs + *_cache + # project env vars + .env, + # GitHub configs + .github, + # Cache files of MyPy + .mypy_cache, + # Cache files of pytest + .pytest_cache, + # Temp dir of pytest-testmon + .tmontmp, + # Occasional virtualenv dir + .venv + # VS Code + .vscode, + # Temporary build dir + build, + # This contains sdists and wheels of ansible-navigator that we don't want to check + dist, + # Metadata of `pip wheel` cmd is autogenerated + pip-wheel-metadata, + # adjacent venv + venv + # ansible won't let me + __init__.py + +# IMPORTANT: avoid using ignore option, always use extend-ignore instead +# Completely and unconditionally ignore the following errors: +extend-ignore = + # Safeguard neutering of flake8-quotes : https://github.com/zheller/flake8-quotes/issues/105 + Q, + # annoy black by allowing white space before : https://github.com/psf/black/issues/315 + E203, + # duplicate of pylint W0611 (unused-import) + F401, + # duplicate of pylint E0602 (undefined-variable) + F821, + # duplicate of pylint W0612 (unused-variable) + F841, + +# Accessibility/large fonts and PEP8 unfriendly: +max-line-length = 100 + +# Allow certain violations in certain files: +# Please keep both sections of this list sorted, as it will be easier for others to find and add entries in the future +per-file-ignores = + # The following ignores have been researched and should be considered permanent + # each should be preceeded with an explanation of each of the error codes + # If other ignores are added for a specific file in the section following this, + # these will need to be added to that line as well. + + + # S101: Allow the use of assert within the tests directory, since tests require it. + tests/**.py: S101 + + # The following were present during the initial implementation. + # They are expected to be fixed and unignored over time. + +# Count the number of occurrences of each error/warning code and print a report: +statistics = true diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..e69de29 diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..5b32d4c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +--- +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: daily + labels: + - "skip-changelog" diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..e3e5966 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,3 @@ +--- +# see https://github.com/ansible-community/devtools +_extends: ansible-community/devtools diff --git a/.github/workflows/ack.yml b/.github/workflows/ack.yml new file mode 100644 index 0000000..fda595d --- /dev/null +++ b/.github/workflows/ack.yml @@ -0,0 +1,15 @@ +--- +# See https://github.com/ansible-community/devtools/blob/main/.github/workflows/ack.yml +name: ack + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +on: # yamllint disable-line rule:truthy + pull_request_target: + types: [opened, labeled, unlabeled, synchronize] + +jobs: + ack: + uses: ansible/devtools/.github/workflows/ack.yml@main diff --git a/.github/workflows/codecoverage.yml b/.github/workflows/codecoverage.yml new file mode 100644 index 0000000..c2a7ad6 --- /dev/null +++ b/.github/workflows/codecoverage.yml @@ -0,0 +1,15 @@ +--- +name: code_coverage + +on: # yamllint disable-line rule:truthy + push: + pull_request: + branches: [ main ] + +jobs: + codecoverage: + uses: ansible-network/github_actions/.github/workflows/coverage_network_devices.yml@main + with: + collection_pre_install: >- + git+https://github.com/ansible-collections/ansible.utils.git + git+https://github.com/ansible-collections/ansible.netcommon.git diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..853e4b6 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,12 @@ +--- +name: ansible-lint +on: # yamllint disable-line rule:truthy + pull_request: + branches: ["main"] +jobs: + build: + name: Ansible Lint + runs-on: ubuntu-latest + steps: + - name: Run ansible-lint + uses: ansible/ansible-lint@main diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml new file mode 100644 index 0000000..3bf1a82 --- /dev/null +++ b/.github/workflows/push.yml @@ -0,0 +1,27 @@ +--- +# push workflow is shared and expected to perform actions after a merge happens +# on a maintenance branch (default or release). For example updating the +# draft release-notes. +# based on great work from +# https://github.com/T-Systems-MMS/ansible-collection-icinga-director +name: push + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +on: # yamllint disable-line rule:truthy + workflow_dispatch: + +env: + NAMESPACE: trendmicro + COLLECTION_NAME: deepsec + ANSIBLE_COLLECTIONS_PATHS: ./ + +jobs: + update_release_draft: + uses: ansible/devtools/.github/workflows/push_network.yml@main + with: + repo: ansible-collections/trendmicro.deepsec + secrets: + BOT_PAT: ${{ secrets.BOT_PAT }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..eb04259 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,14 @@ +--- +name: release +on: # yamllint disable-line rule:truthy + release: + types: [published] + +jobs: + release: + uses: ansible/devtools/.github/workflows/release_collection.yml@main + with: + environment: release + secrets: + ah_token: ${{ secrets.AH_TOKEN }} + ansible_galaxy_api_key: ${{ secrets.ANSIBLE_GALAXY_API_KEY }} diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..0fb4cc0 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,46 @@ +--- +name: test_collection + +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +on: # yamllint disable-line rule:truthy + pull_request: + branches: [main] + workflow_dispatch: + schedule: + - cron: '0 0 * * *' + + +jobs: + changelog: + uses: ansible-network/github_actions/.github/workflows/changelog.yml@main + if: github.event_name != 'schedule' + sanity: + uses: ansible-network/github_actions/.github/workflows/sanity.yml@main + unit-galaxy: + uses: ansible-network/github_actions/.github/workflows/unit_galaxy.yml@main + unit-source: + uses: ansible-network/github_actions/.github/workflows/unit_source.yml@main + with: + collection_pre_install: >- + git+https://github.com/ansible-collections/ansible.utils.git + git+https://github.com/ansible-collections/ansible.netcommon.git + all_green: + if: ${{ always() && (github.event_name != 'schedule') }} + needs: + - changelog + - sanity + - unit-galaxy + - unit-source + runs-on: ubuntu-latest + steps: + - run: >- + python -c "assert 'failure' not in + set([ + '${{ needs.changelog.result }}', + '${{ needs.sanity.result }}', + '${{ needs.unit-galaxy.result }}', + '${{ needs.unit-source.result }}' + ])" diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1f9858c --- /dev/null +++ b/.gitignore @@ -0,0 +1,118 @@ +# CML/virl lab cache +.virl/ + +# A collection directory, resulting from the use of the pytest-ansible-units plugin +collections/ + + +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ + +# ide +*.code-workspace +.vscode/ +.DS_Store + +changelogs/.plugin-cache.yaml diff --git a/.isort.cfg b/.isort.cfg new file mode 100644 index 0000000..4b9db23 --- /dev/null +++ b/.isort.cfg @@ -0,0 +1,6 @@ +[settings] +known_first_party=ansible_collections.trendmicro.deepsec +line_length=100 +lines_after_imports=2 +lines_between_types=1 +profile=black diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..8fdbd4b --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,46 @@ +--- +repos: + - repo: https://github.com/ansible-network/collection_prep + rev: 1.1.1 + hooks: + # - id: autoversion # removed as being handled by GHA push and release drafter + - id: update-docs + + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: check-merge-conflict + - id: check-symlinks + - id: debug-statements + - id: end-of-file-fixer + - id: no-commit-to-branch + args: [--branch, main] + - id: trailing-whitespace + + - repo: https://github.com/asottile/add-trailing-comma + rev: v3.1.0 + hooks: + - id: add-trailing-comma + + - repo: https://github.com/pre-commit/mirrors-prettier + rev: "v3.0.3" + hooks: + - id: prettier + entry: env CI=1 bash -c "prettier --list-different . || ec=$? && prettier --loglevel=error --write . && exit $ec" + pass_filenames: false + args: [] + additional_dependencies: + - prettier + - prettier-plugin-toml + + - repo: https://github.com/PyCQA/isort + rev: 5.12.0 + hooks: + - id: isort + name: Sort import statements using isort + args: ["--filter-files"] + + - repo: https://github.com/psf/black + rev: 23.9.1 + hooks: + - id: black diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..110b795 --- /dev/null +++ b/.prettierignore @@ -0,0 +1,19 @@ +# Stuff we don't want priettier to ever to look into +.*/ + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# A linked collection directory created by pytest-ansible-units + +collections/ + +# Tracked but not manually edited + +# Tracked but manually formatted diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..3adaf90 --- /dev/null +++ b/.yamllint @@ -0,0 +1,15 @@ +--- +extends: default + +ignore: | + .tox + changelogs/* + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable diff --git a/CHANGELOG.rst b/CHANGELOG.rst new file mode 100644 index 0000000..e49c152 --- /dev/null +++ b/CHANGELOG.rst @@ -0,0 +1,92 @@ +================================================ +TrendMicro DeepSecurity Collection Release Notes +================================================ + +.. contents:: Topics + + +v2.0.0 +====== + +Major Changes +------------- + +- Minimum required ansible.netcommon version is 2.5.1. +- Updated base plugin references to ansible.netcommon. + +Documentation Changes +--------------------- + +- Update module doc + +v1.2.0 +====== + +Minor Changes +------------- + +- Add AntiMalware rules resource module. +- Add Firewall rules resource module. +- Add Log Inspection rules resource module. +- Add new Integrity Monitoring rules module (https://github.com/ansible-collections/trendmicro.deepsec/pull/24). +- Add new RM states to Intrusion prevention rules module (https://github.com/ansible-collections/trendmicro.deepsec/pull/25). + +Documentation Changes +--------------------- + +- To update comments to get included TM collection under Ansible (https://github.com/ansible-collections/ansible-inclusion/discussions/27#discussioncomment-1016085). + +New Modules +----------- + +Private +~~~~~~~ + +var.folders._0.m716s5gx1g3d5j1dw_s2w1ph0000gn.T.antsibull-changeloghfeb6_9p.collections.ansible_collections.trendmicro.deepsec.plugins.modules +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- deepsec_anti_malwares - Manages AntiMalware Rule resource module +- deepsec_firewall_rules - Manages Firewall Rule resource module +- deepsec_integrity_monitoring_rules - Manages Integrity Monitoring Rule resource module +- deepsec_intrusion_prevention_rules - Intrusion Prevention Rule resource module. +- deepsec_log_inspection_rules - Manages Log Inspection Rule resource module + +v1.1.0 +====== + +Minor Changes +------------- + +- Add deepsec_apikey config module. +- Add deepsec_system_settings config module. + +New Modules +----------- + +- deepsec_apikey - Create a new and manage API Keys. +- deepsec_system_settings - Modify the system settings for TrendMicro Deep Security. + +v1.0.0 +====== + +Minor Changes +------------- + +- Add deepsec_anti_malware config module. +- Add deepsec_firewallrules config module. +- Add deepsec_hosts_info config module. +- Add deepsec_log_inspectionrules module. +- Add deepsec_syslog module. + +Bugfixes +-------- + +- Fix no log issues for private_key for deepsec_syslog_config module. + +New Modules +----------- + +- deepsec_anti_malware - Create a new antimalware under TrendMicro Deep Security Policy +- deepsec_firewallrules - Create a new firewall rule. +- deepsec_hosts_info - Obtain information about one or many Hosts defined by TrendMicro Deep Security +- deepsec_log_inspectionrules - Create a new log inspection rule. diff --git a/README.md b/README.md index e798296..dbad971 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ The Ansible TrendMicro DeepSecurity collection includes a variety of Ansible con ## Ansible version compatibility -This collection has been tested against following Ansible versions: **>=2.9.10,<2.11**. +This collection has been tested against following Ansible versions: **>=2.9.10**. Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions. @@ -25,13 +25,28 @@ The TrendMicro DeepSecurity collection supports ``httpapi`` connections. ## Included content -### httpapi plugins +### Httpapi plugins Name | Description --- | --- +[trendmicro.deepsec.deepsec](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_httpapi.rst)|HttpApi Plugin for Trend Micro Deep Security ### Modules Name | Description --- | --- +[trendmicro.deepsec.deepsec_anti_malware](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_anti_malware_module.rst)|Create a new antimalware under TrendMicro Deep Security Policy +[trendmicro.deepsec.deepsec_anti_malwares](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_anti_malwares_module.rst)|Manages AntiMalware Rule resource module +[trendmicro.deepsec.deepsec_apikey](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_apikey_module.rst)|Create a new and manage API Keys. +[trendmicro.deepsec.deepsec_firewall_rules](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_firewall_rules_module.rst)|Manages Firewall Rule resource module +[trendmicro.deepsec.deepsec_firewallrules](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_firewallrules_module.rst)|Create a new firewall rule. +[trendmicro.deepsec.deepsec_hosts_info](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_hosts_info_module.rst)|Obtain information about one or many Hosts defined by TrendMicro Deep Security +[trendmicro.deepsec.deepsec_integrity_monitoring_rules](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_integrity_monitoring_rules_module.rst)|Manages Integrity Monitoring Rule resource module +[trendmicro.deepsec.deepsec_integrity_monitoringrules](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_integrity_monitoringrules_module.rst)|Create/Configure Integrity Monitoring Rules. +[trendmicro.deepsec.deepsec_intrusion_prevention_rules](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_intrusion_prevention_rules_module.rst)|Intrusion Prevention Rule resource module. +[trendmicro.deepsec.deepsec_intrusion_preventionrules](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_intrusion_preventionrules_module.rst)|Create a new intrusion prevention rule. +[trendmicro.deepsec.deepsec_log_inspection_rules](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_log_inspection_rules_module.rst)|Manages Log Inspection Rule resource module +[trendmicro.deepsec.deepsec_log_inspectionrules](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_log_inspectionrules_module.rst)|Create a new log inspection rule. +[trendmicro.deepsec.deepsec_syslog](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_syslog_module.rst)|Configure or create a syslog configuration for TrendMicro Deep Security +[trendmicro.deepsec.deepsec_system_settings](https://github.com/ansible-collections/trendmicro.deepsec/blob/main/docs/trendmicro.deepsec.deepsec_system_settings_module.rst)|Modify the system settings for TrendMicro Deep Security. @@ -57,11 +72,26 @@ An example for using this collection to manage a TM deepsecurity policy resource is as follows: `inventory.ini` (Note the password should be managed by a [Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) for a production environment. +Trend Micro Deep security currently supports two ways as to how their REST API can be interacted with, and for each of the respective cases, the Ansible inventory will be changed slightly as mentioned below: +1. In case of the [newer REST APIs](https://automation.deepsecurity.trendmicro.com/article/fr/api-reference/) the Ansible inventory will work with the network OS `trendmicro.deepsec.deepsec`, a Trend Micro `api-secret-key` and `api-version` key: ``` -[trendmicro] -host_tm.example.com +[deepsec] +host_deepsec.example.com -[trendmicro:vars] +[deepsec:vars] +ansible_network_os=trendmicro.deepsec.deepsec +ansible_httpapi_use_ssl=true +ansible_httpapi_validate_certs=false +ansible_connection=httpapi +ansible_python_interpreter=/usr/bin/python +ansible_httpapi_session_key={'api-secret-key': 'secret-key', 'api-version': 'v1'} +``` +2. In case of APIs using the [legacy REST APIs](https://automation.deepsecurity.trendmicro.com/legacy-rest/12_5/index.html?env=onprem#overview), the Ansible inventory will also require the network OS `trendmicro.deepsec.deepsec`, but uses a `username` and a `password`. +``` +[deepsec] +host_deepsec.example.com + +[deepsec:vars] ansible_user=admin ansible_httpapi_pass=password ansible_httpapi_use_ssl=true @@ -85,30 +115,19 @@ You can either call modules by their Fully Qualified Collection Namespace (FQCN) - trendmicro.deepsec tasks: - - name: Create and Config new policy - trendmicro.deepsec.policies_config: - name: test_ansible_pol - description: TM pol via Ansible + - name: Create/Config a new Firewall Rule Config + trendmicro.deepsec.deepsec_firewallrules: state: present - policy_settings: - firewall_setting_engine_option_connections_cleanup_max: - value: 100 - recommendation_scan_mode: ongoing - anti_malware: - state: off - real_time_scan_configuration_id: 0 - firewall: - state: off - global_stateful_configuration_id: 1 - rule_id: - - 1 - - 2 - intrusion_prevention: - state: prevent - rule_id: - - 1 - - 2 - application_type_id: [1, 2] + name: test_firewallrule config + description: test firewall description + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: incoming + protocol: tcp + tcpflags: + - syn ``` ## Contributing to this collection @@ -117,7 +136,7 @@ We welcome community contributions to this collection. If you find problems, ple You can also join us on: -- Freenode IRC - ``#ansible-security`` Freenode channel +- IRC - the ``#ansible-security`` [irc.libera.chat](https://libera.chat/) channel See the [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html) for details on contributing to Ansible. @@ -145,4 +164,4 @@ Release notes are available [here](https://github.com/ansible-collections/trendm GNU General Public License v3.0 or later. -See [LICENSE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text. \ No newline at end of file +See [LICENSE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text. diff --git a/bindep.txt b/bindep.txt new file mode 100644 index 0000000..ba9c980 --- /dev/null +++ b/bindep.txt @@ -0,0 +1,6 @@ +# This is a cross-platform list tracking distribution packages needed by tests; +# see https://docs.openstack.org/infra/bindep/ for additional information. + +gcc-c++ [doc test platform:rpm] +python3-devel [test platform:rpm] +python3 [test platform:rpm] diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml new file mode 100644 index 0000000..88f9aa1 --- /dev/null +++ b/changelogs/changelog.yaml @@ -0,0 +1,105 @@ +ancestor: null +releases: + 1.0.0: + changes: + bugfixes: + - Fix no log issues for private_key for deepsec_syslog_config module. + minor_changes: + - Add deepsec_anti_malware config module. + - Add deepsec_firewallrules config module. + - Add deepsec_hosts_info config module. + - Add deepsec_log_inspectionrules module. + - Add deepsec_syslog module. + fragments: + - anti_malware_config.yml + - fix_sanity_no_log_issue.yaml + modules: + - description: Create a new antimalware under TrendMicro Deep Security Policy + name: deepsec_anti_malware + namespace: "" + - description: Create a new firewall rule. + name: deepsec_firewallrules + namespace: "" + - description: + Obtain information about one or many Hosts defined by TrendMicro + Deep Security + name: deepsec_hosts_info + namespace: "" + - description: Create a new log inspection rule. + name: deepsec_log_inspectionrules + namespace: "" + - description: Configure or create a syslog configuration for TrendMicro Deep Security + name: deepsec_syslog + release_date: "2021-06-23" + 1.1.0: + changes: + minor_changes: + - Add deepsec_apikey config module. + - Add deepsec_system_settings config module. + fragments: + - add_api_key_module.yaml + - add_system_settings_module.yaml + modules: + - description: Create a new and manage API Keys. + name: deepsec_apikey + namespace: "" + - description: Modify the system settings for TrendMicro Deep Security. + name: deepsec_system_settings + namespace: "" + release_date: "2021-06-24" + 1.2.0: + changes: + doc_changes: + - To update comments to get included TM collection under Ansible + (https://github.com/ansible-collections/ansible-inclusion/discussions/27#discussioncomment-1016085). + minor_changes: + - Add AntiMalware rules resource module. + - Add Firewall rules resource module. + - Add Log Inspection rules resource module. + - Add new Integrity Monitoring rules module (https://github.com/ansible-collections/trendmicro.deepsec/pull/24). + - Add new RM states to Intrusion prevention rules module (https://github.com/ansible-collections/trendmicro.deepsec/pull/25). + fragments: + - 23_add_intrusion_prevention_rules_module.yaml + - 24_add_integrity_monitoring_rules_mosule.yaml + - Add_antimalware_rules.yaml + - Add_firewall_rules_resource_module.yaml + - Add_integrity_monitoring_rules_resource_module.yaml + - Add_log_inspection_rules_resource_module.yaml + - fix_comments_for_getting_tm_to_get_included_to_ansible.yaml + - reinstate_ipr_legacy_module.yaml + - support_rm_states_for_ipr_module.yaml + modules: + - description: Manages AntiMalware Rule resource module + name: deepsec_anti_malwares + namespace: private.var.folders._0.m716s5gx1g3d5j1dw_s2w1ph0000gn. + T.antsibull-changeloghfeb6_9p.collections.ansible_collections.trendmicro.deepsec.plugins.modules + - description: Manages Firewall Rule resource module + name: deepsec_firewall_rules + namespace: private.var.folders._0.m716s5gx1g3d5j1dw_s2w1ph0000gn. + T.antsibull-changeloghfeb6_9p.collections.ansible_collections.trendmicro.deepsec.plugins.modules + - description: Manages Integrity Monitoring Rule resource module + name: deepsec_integrity_monitoring_rules + namespace: private.var.folders._0.m716s5gx1g3d5j1dw_s2w1ph0000gn. + T.antsibull-changeloghfeb6_9p.collections.ansible_collections.trendmicro.deepsec.plugins.modules + - description: Intrusion Prevention Rule resource module. + name: deepsec_intrusion_prevention_rules + namespace: private.var.folders._0.m716s5gx1g3d5j1dw_s2w1ph0000gn. + T.antsibull-changeloghfeb6_9p.collections.ansible_collections.trendmicro.deepsec.plugins.modules + - description: Manages Log Inspection Rule resource module + name: deepsec_log_inspection_rules + namespace: private.var.folders._0.m716s5gx1g3d5j1dw_s2w1ph0000gn. + T.antsibull-changeloghfeb6_9p.collections.ansible_collections.trendmicro.deepsec.plugins.modules + release_date: "2021-12-13" + 2.0.0: + changes: + doc_changes: + - Update module doc + major_changes: + - Minimum required ansible.netcommon version is 2.5.1. + - Updated base plugin references to ansible.netcommon. + fragments: + - 0-ignore.yml + - 1.2.0_release_prep.yaml + - bindep_update.yaml + - netcommon_ref_update.yaml + release_date: "2022-04-29" diff --git a/changelogs/config.yaml b/changelogs/config.yaml new file mode 100644 index 0000000..1b83081 --- /dev/null +++ b/changelogs/config.yaml @@ -0,0 +1,33 @@ +--- +changelog_filename_template: CHANGELOG.rst +changelog_filename_version_depth: 0 +changes_file: changelog.yaml +changes_format: combined +keep_fragments: false +mention_ancestor: true +new_plugins_after_name: removed_features +notesdir: fragments +prelude_section_name: release_summary +prelude_section_title: Release Summary +flatmap: true +sections: + - - major_changes + - Major Changes + - - minor_changes + - Minor Changes + - - breaking_changes + - Breaking Changes / Porting Guide + - - deprecated_features + - Deprecated Features + - - removed_features + - Removed Features (previously deprecated) + - - security_fixes + - Security Fixes + - - bugfixes + - Bugfixes + - - known_issues + - Known Issues + - - doc_changes + - Documentation Changes +title: TrendMicro DeepSecurity Collection +trivial_section_name: trivial diff --git a/changelogs/fragments/docs_update_tm_deepsec_modules.yaml b/changelogs/fragments/docs_update_tm_deepsec_modules.yaml new file mode 100644 index 0000000..196bfe7 --- /dev/null +++ b/changelogs/fragments/docs_update_tm_deepsec_modules.yaml @@ -0,0 +1,3 @@ +--- +doc_changes: + - To add run output to the docs of all of the existing TM deepsec resource modules. diff --git a/changelogs/fragments/log_inspection_rule_log_file_param_issue.yaml b/changelogs/fragments/log_inspection_rule_log_file_param_issue.yaml new file mode 100644 index 0000000..4b0a1c8 --- /dev/null +++ b/changelogs/fragments/log_inspection_rule_log_file_param_issue.yaml @@ -0,0 +1,3 @@ +--- +bugfixes: + - To fix the Log inspection rules module bug, where log_files param was not parsed as expected in idempotent play output. diff --git a/changelogs/fragments/maintenance_pr.yaml b/changelogs/fragments/maintenance_pr.yaml new file mode 100644 index 0000000..e4897d1 --- /dev/null +++ b/changelogs/fragments/maintenance_pr.yaml @@ -0,0 +1,4 @@ +--- +trivial: + - Add github action and enable precommit. + - Fix lint issues. diff --git a/changelogs/fragments/utc_deepsec_anti_malwares.yaml b/changelogs/fragments/utc_deepsec_anti_malwares.yaml new file mode 100644 index 0000000..e21f1ec --- /dev/null +++ b/changelogs/fragments/utc_deepsec_anti_malwares.yaml @@ -0,0 +1,3 @@ +--- +minor_changes: + - To add unit test case for deepsec_anti_malwares module diff --git a/changelogs/fragments/utc_deepsec_firewall_rules.yaml b/changelogs/fragments/utc_deepsec_firewall_rules.yaml new file mode 100644 index 0000000..fefb365 --- /dev/null +++ b/changelogs/fragments/utc_deepsec_firewall_rules.yaml @@ -0,0 +1,3 @@ +--- +minor_changes: + - To add unit test case for deepsec_firewall_rules module diff --git a/changelogs/fragments/utc_for_tm_deepsec_rm.yaml b/changelogs/fragments/utc_for_tm_deepsec_rm.yaml new file mode 100644 index 0000000..0efdfdf --- /dev/null +++ b/changelogs/fragments/utc_for_tm_deepsec_rm.yaml @@ -0,0 +1,3 @@ +--- +minor_changes: + - To add unit test case for deepsec_integrity_monitoring_rules, deepsec_intrusion_prevention_rules, and deepsec_log_inspection_rules module diff --git a/codecov.yml b/codecov.yml new file mode 100644 index 0000000..c77c91a --- /dev/null +++ b/codecov.yml @@ -0,0 +1,15 @@ +--- +codecov: + require_ci_to_pass: true +comment: + layout: " diff, flags, files" + behavior: default + require_changes: false + require_base: false + require_head: true +coverage: + status: + patch: false + project: + default: + threshold: 0.3% diff --git a/cspell.config.yaml b/cspell.config.yaml new file mode 100644 index 0000000..20e7d88 --- /dev/null +++ b/cspell.config.yaml @@ -0,0 +1,37 @@ +--- +dictionaryDefinitions: + - name: words + path: .config/dictionary.txt + addWords: true +dictionaries: + - bash + - networking-terms + - python + - words + - "!aws" + - "!backwards-compatibility" + - "!cryptocurrencies" + - "!cpp" +ignorePaths: + # All dot files in the root + - \.* + # This file + - cspell.config.yaml + # Generated rst files in the docs directory + - docs/*.rst + # The mypy configuration file + - mypy.ini + # The shared file for tool configuration + - pyproject.toml + # requirements.txt + - requirements.txt + # test-requirements.txt + - test-requirements.txt + # the bindep file + - bindep.txt + # The tox configuration file + - tox.ini + +languageSettings: + - languageId: python + allowCompoundWords: false diff --git a/docs/trendmicro.deepsec.deepsec_anti_malware_module.rst b/docs/trendmicro.deepsec.deepsec_anti_malware_module.rst new file mode 100644 index 0000000..d97f695 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_anti_malware_module.rst @@ -0,0 +1,856 @@ +.. _trendmicro.deepsec.deepsec_anti_malware_module: + + +*************************************** +trendmicro.deepsec.deepsec_anti_malware +*************************************** + +**Create a new antimalware under TrendMicro Deep Security Policy** + + +Version added: 1.0.0 + +.. contents:: + :local: + :depth: 1 + +DEPRECATED +---------- +:Removed in collection release after 2023-12-01 +:Why: Newer and updated modules released with more functionality +:Alternative: deepsec_anti_malwares + + + +Synopsis +-------- +- This module creates a new antimalware under TrendMicro Deep Security + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ alert_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to create an alert when the Malware Scan Configuration logs an event. Set to true to enable the alert.
+
+
+ behavior_monitoring_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to detect suspicious activity and unauthorized changes (including ransomware). Set to true to detect.
+
+
+ cpu_usage + +
+ string +
+ 		+
    Choices: +
  • low
    • +
  • medium
    • +
  • high
    • +
+ 		+
CPU usage.
+
+
+ custom_remediation_actions_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to use the action ActiveActions recommends when malware is detected. Set to true to use the action ActiveAction recommends.
+
+
+ custom_scan_actions_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to use custom actions. Use true to enable custom actions.
+
+
+ description + +
+ string +
+ 		+ +
Description of the anti-malware configuration.
+
+
+ directories_to_scan + +
+ string +
+ 		+
    Choices: +
  • all-directories
    • +
  • directory-list
    • +
+ 		+
Specify if the scan will be peformed on all the directories or on a subset.
+
+
+ directory_list_id + +
+ integer +
+ 		+ +
ID of the directory list to scan.
+
+
+ document_exploit_heuristic_level + +
+ string +
+ 		+
    Choices: +
  • default
    • +
  • default-and-agressive
    • +
+ 		+
Controls whether to scan for exploits of known critical vulnerabilites as well as aggessively detect suspicious behaviour that could be an unknown exploit.
+
+
+ document_exploit_protection + +
+ string +
+ 		+
    Choices: +
  • critical-only
    • +
  • critical-and-heuristic
    • +
+ 		+
Scan for exploits against known critical vulnerabilities only.
+
+
+ document_exploit_protection_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to scan for known critical vulnerabilities. Use true to enable scan.
+
+
+ document_recovery_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to back up ransomware-encrypted files. Set to true to back up.
+
+
+ excluded_directory_list_id + +
+ integer +
+ 		+ +
ID of the directory list to exclude from the scan.
+
+
+ excluded_file_extension_list_id + +
+ integer +
+ 		+ +
ID of the file extension list to exclude from the scan.
+
+
+ excluded_file_list_id + +
+ integer +
+ 		+ +
ID of the file list to exclude from the scan.
+
+
+ excluded_process_image_file_list_id + +
+ integer +
+ 		+ +
ID of the process image file list to exclude from the scan.
+
+
+ file_extension_list_id + +
+ integer +
+ 		+ +
ID of the file extension list to scan.
+
+
+ files_to_scan + +
+ string +
+ 		+
    Choices: +
  • all-files
    • +
  • intelliscan-file-types
    • +
  • file-extension-list
    • +
+ 		+
Specify if scan will be performed on all files, a subset or by using IntelliScan.
+
+
+ intelli_trap_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether IntelliTrap is enabled. Set to true to enable.
+
+
+ machine_learning_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether predictive machine learning is enabled. Set to true to enable.
+
+
+ memory_scan_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to scan process memory for malware. Use true to enable scan.
+
+
+ microsoft_office_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to scan Embedded Microsoft Office Objects. Use true to enable scan.
+
+
+ microsoft_office_layers + +
+ integer +
+ 		+ +
Number of Microsoft Object Linking and Embedding (OLE) Layers to scan.
+
+
+ name + +
+ string + / required +
+ 		+ +
Name of the anti-malware configuration.
+
+
+ network_directories_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to scan network directories. Set to true to enable.
+
+
+ real_time_scan + +
+ string +
+ 		+
    Choices: +
  • read-only
    • +
  • write-only
    • +
  • read-write
    • +
+ 		+
Specify when to perform the real-time scan.
+
+
+ scan_action_for_cookies + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
+ 		+
The action to take when cookies are detected.
+
+
+ scan_action_for_cve + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • deny-access
    • +
+ 		+
The action to take when a CVE exploit is detected.
+
+
+ scan_action_for_heuristics + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • deny-access
    • +
+ 		+
The action to take when malware identified with heuristics are detected.
+
+
+ scan_action_for_other_threats + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • clean
    • +
  • deny-access
    • +
+ 		+
The action to take when other threats are detected.
+
+
+ scan_action_for_packer + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • deny-access
    • +
+ 		+
The action to perform when a packer is detected.
+
+
+ scan_action_for_possible_malware + +
+ string +
+ 		+
    Choices: +
  • active-action
    • +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • deny-access
    • +
+ 		+
The action to take when possible malware is detected.
+
+
+ scan_action_for_spyware + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • deny-access
    • +
+ 		+
The action to perform when spyware is detected.
+
+
+ scan_action_for_trojans + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • deny-access
    • +
+ 		+
The action to perform when a trojan is detected.
+
+
+ scan_action_for_virus + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • clean
    • +
  • deny-access
    • +
+ 		+
The action to perform when a virus is detected.
+
+
+ scan_compressed_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to scan compressed files. Use true to enable scan.
+
+
+ scan_compressed_maximum_files + +
+ integer +
+ 		+ +
Maximum number of files to extract.
+
+
+ scan_compressed_maximum_levels + +
+ integer +
+ 		+ +
The maximum number of levels of compression to scan.
+
+
+ scan_compressed_maximum_size + +
+ integer +
+ 		+ +
Maximum size of compressed files to scan, in MB.
+
+
+ scan_type + +
+ string +
+ 		+
    Choices: +
  • real-time
    • +
  • on-demand
    • +
+ 		+
The type of malware scan configuration.
+
+
+ spyware_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to enable spyware/grayware protection. Set to true to enable.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • present ←
    • +
  • absent
    • +
+ 		+
The state the configuration should be left in
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + - name: Create/Config a new Anti Malware config + trendmicro.deepsec.deepsec_anti_malware: + name: test_malware + description: test malware config + scan_action_for_virus: pass + alert_enabled: true + scan_type: real-time + real_time_scan: read-write + cpu_usage: low + state: present + - name: Delete/Remove the existing Anti Malware Config + trendmicro.deepsec.deepsec_anti_malware: + state: absent + name: test_malware + + + + +Status +------ + + +- This module will be removed in a release after 2023-12-01. *[deprecated]* +- For more information see `DEPRECATED`_. + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@justjais) " diff --git a/docs/trendmicro.deepsec.deepsec_anti_malwares_module.rst b/docs/trendmicro.deepsec.deepsec_anti_malwares_module.rst new file mode 100644 index 0000000..862dfbb --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_anti_malwares_module.rst @@ -0,0 +1,1330 @@ +.. _trendmicro.deepsec.deepsec_anti_malwares_module: + + +**************************************** +trendmicro.deepsec.deepsec_anti_malwares +**************************************** + +**Manages AntiMalware Rule resource module** + + +Version added: 1.2.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Configure protection against malware, viruses, trojans and spyware. + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ config + +
+ list + / elements=dictionary +
+ 		+ +
A dictionary of AntiMalware Rule Rules options
+
+
+ alert_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to create an alert when the Malware Scan Configuration logs an event. Set to true to enable the alert. Searchable as Boolean.
+
+
+ amsi_scan_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether Windows Antimalware Scan Interface (AMSI) protection is enabled. Set to true to enable.
+
+
+ behavior_monitoring_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to detect suspicious activity and unauthorized changes (including ransomware). Set to true to detect.
+
+
+ cpu_usage + +
+ string +
+ 		+
    Choices: +
  • low
    • +
  • medium
    • +
  • high
    • +
+ 		+
CPU usage
+
+
+ custom_remediation_actions_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to use the action ActiveActions recommends when malware is detected. Set to true to use the action ActiveAction recommends.
+
+
+ custom_scan_actions_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to use custom actions. Use true to enable custom actions. Available when 'customRemediationActionsEnabled' is true.
+
+
+ description + +
+ string +
+ 		+ +
Description of the anti-malware configuration. Searchable as String.
+
+
+ directories_to_scan + +
+ string +
+ 		+
    Choices: +
  • all-directories
    • +
  • directory-list
    • +
+ 		+
Specify if the scan will be peformed on all the directories or on a subset. Searchable as Choice.
+
+
+ directory_list_id + +
+ integer +
+ 		+ +
ID of the directory list to scan. Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ document_exploit_heuristic_level + +
+ string +
+ 		+
    Choices: +
  • default
    • +
  • default-and-agressive
    • +
  • LEVEL_THREE
    • +
  • LEVEL_FOUR
    • +
+ 		+
Controls whether to scan for exploits of known critical vulnerabilites as well as aggessively detect suspicious behaviour that could be an unknown exploit. Searchable as Choice.
+
+
+ document_exploit_protection + +
+ string +
+ 		+
    Choices: +
  • critical-only
    • +
  • critical-and-heuristic
    • +
+ 		+
Scan for exploits against known critical vulnerabilities only. Searchable as Choice.
+
+
+ document_exploit_protection_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to scan for known critical vulnerabilities. Use true to enable scan.
+
+
+ document_recovery_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to back up ransomware-encrypted files. Set to true to back up. Searchable as Boolean.
+
+
+ excluded_directory_list_id + +
+ integer +
+ 		+ +
ID of the directory list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ excluded_file_extension_list_id + +
+ integer +
+ 		+ +
ID of the file extension list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ excluded_file_list_id + +
+ integer +
+ 		+ +
ID of the file list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ excluded_process_image_file_list_id + +
+ integer +
+ 		+ +
ID of the process image file list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ file_extension_list_id + +
+ integer +
+ 		+ +
ID of the file extension list to scan. Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ files_to_scan + +
+ string +
+ 		+
    Choices: +
  • all-files
    • +
  • intelliscan-file-types
    • +
  • file-extension-list
    • +
+ 		+
Specify if scan will be performed on all files, a subset or by using IntelliScan. Searchable as Choice.
+
+
+ id + +
+ integer +
+ 		+ +
ID of the anti-malware configuration. This ID is set automatically. Searchable as ID.
+
+
+ intelli_trap_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether IntelliTrap is enabled. Set to true to enable. Searchable as Boolean.
+
+
+ machine_learning_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether predictive machine learning is enabled. Set to true to enable. Searchable as Boolean.
+
+
+ memory_scan_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to scan process memory for malware. Use true to enable scan. Searchable as Boolean.
+
+
+ microsoft_office_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to scan Embedded Microsoft Office Objects. Use true to enable scan. Searchable as Boolean.
+
+
+ microsoft_office_layers + +
+ integer +
+ 		+ +
Number of Microsoft Object Linking and Embedding (OLE) Layers to scan. Searchable as Numeric.
+
+
+ name + +
+ string +
+ 		+ +
Name of the anti-malware configuration. Searchable as String.
+
+
+ network_directories_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to scan network directories. Set to true to enable. Searchable as Boolean.
+
+
+ real_time_scan + +
+ string +
+ 		+
    Choices: +
  • read-only
    • +
  • write-only
    • +
  • read-write
    • +
+ 		+
Specify when to perform the real-time scan. Searchable as Choice.
+
+
+ scan_action_for_behavior_monitoring + +
+ string +
+ 		+
    Choices: +
  • active-action
    • +
  • pass
    • +
+ 		+
The action to take when suspicious activity and unauthorized changes are detected. Searchable as Choice. Available when 'behaviorMonitoringEnabled' is true.
+
+
+ scan_action_for_cookies + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
+ 		+
The action to take when cookies are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.
+
+
+ scan_action_for_cve + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • deny-access
    • +
+ 		+
The action to take when a CVE exploit is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.
+
+
+ scan_action_for_heuristics + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • deny-access
    • +
+ 		+
The action to take when malware identified with heuristics are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.
+
+
+ scan_action_for_machine_learning + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
+ 		+
The action to take when malware identified with machine learning is detected. Searchable as Choice. Available when 'machineLearningEnabled' is true.
+
+
+ scan_action_for_other_threats + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • clean
    • +
  • deny-access
    • +
+ 		+
The action to take when other threats are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.
+
+
+ scan_action_for_packer + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • deny-access
    • +
+ 		+
The action to perform when a packer is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.
+
+
+ scan_action_for_possible_malware + +
+ string +
+ 		+
    Choices: +
  • active-action
    • +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • deny-access
    • +
+ 		+
The action to take when possible malware is detected. Searchable as Choice. Available when 'customRemediationActionsEnabled' is true.
+
+
+ scan_action_for_spyware + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • deny-access
    • +
+ 		+
The action to perform when spyware is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.
+
+
+ scan_action_for_trojans + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • deny-access
    • +
+ 		+
The action to perform when a trojan is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.
+
+
+ scan_action_for_virus + +
+ string +
+ 		+
    Choices: +
  • pass
    • +
  • delete
    • +
  • quarantine
    • +
  • clean
    • +
  • deny-access
    • +
+ 		+
The action to perform when a virus is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.
+
+
+ scan_compressed_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to scan compressed files. Use true to enable scan. Searchable as Boolean.
+
+
+ scan_compressed_maximum_files + +
+ integer +
+ 		+ +
Maximum number of files to extract. Searchable as Numeric.
+
+
+ scan_compressed_maximum_levels + +
+ integer +
+ 		+ +
The maximum number of levels of compression to scan. Searchable as Numeric.
+
+
+ scan_compressed_maximum_size + +
+ integer +
+ 		+ +
Maximum size of compressed files to scan, in MB. Searchable as Numeric.
+
+
+ scan_type + +
+ string +
+ 		+
    Choices: +
  • real-time
    • +
  • on-demand
    • +
+ 		+
The type of malware scan configuration. Searchable as Choice.
+
+
+ spyware_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to enable spyware/grayware protection. Set to true to enable. Searchable as Boolean.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • merged
    • +
  • replaced
    • +
  • gathered
    • +
  • deleted
    • +
+ 		+
The state the configuration should be left in
+
The state gathered will get the module API configuration from the device and transform it into structured data in the format as per the module argspec and the value is returned in the gathered key within the result.
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + # Using MERGED state + # ------------------- + + - name: Create AntiMalware Rules + trendmicro.deepsec.deepsec_anti_malwares: + state: merged + config: + - name: test_malware_1 + description: test malware 1 description + scan_action_for_virus: pass + alert_enabled: true + scan_type: on-demand + real_time_scan: read-only + cpu_usage: medium + - name: test_malware_2 + description: test malware 2 description + scan_action_for_virus: pass + alert_enabled: true + scan_type: real-time + real_time_scan: read-write + cpu_usage: low + + # RUN output: + # ----------- + + # anti_malwares: + # after: + # - alert_enabled: true + # cpu_usage: medium + # custom_remediation_actions_enabled: false + # description: test malware 1 description + # directories_to_scan: all-directories + # document_exploit_heuristic_level: default + # document_exploit_protection: critical-only + # document_exploit_protection_enabled: true + # files_to_scan: all-files + # id: 49 + # microsoft_office_enabled: true + # microsoft_office_layers: 3 + # name: test_malware_1 + # scan_compressed_enabled: false + # scan_type: on-demand + # spyware_enabled: true + # - alert_enabled: true + # amsi_scan_enabled: true + # behavior_monitoring_enabled: false + # custom_remediation_actions_enabled: false + # description: test malware 2 description + # directories_to_scan: all-directories + # document_exploit_heuristic_level: default + # document_exploit_protection: critical-only + # document_exploit_protection_enabled: true + # files_to_scan: all-files + # id: 50 + # intelli_trap_enabled: false + # machine_learning_enabled: true + # memory_scan_enabled: false + # microsoft_office_enabled: true + # microsoft_office_layers: 3 + # name: test_malware_2 + # network_directories_enabled: false + # real_time_scan: read-write + # scan_action_for_machine_learning: pass + # scan_compressed_enabled: false + # scan_type: real-time + # spyware_enabled: true + # before: [] + + - name: Modify existing AntiMalware Rules + trendmicro.deepsec.deepsec_anti_malwares: + state: merged + config: + - name: test_malware_2 + description: UPDATE test malware 2 description + files_to_scan: intelliscan-file-types + + # RUN output: + # ----------- + + # anti_malwares: + # after: + # - alert_enabled: true + # amsi_scan_enabled: true + # behavior_monitoring_enabled: false + # custom_remediation_actions_enabled: false + # description: UPDATE test malware 2 description + # directories_to_scan: all-directories + # document_exploit_heuristic_level: default + # document_exploit_protection: critical-only + # document_exploit_protection_enabled: true + # files_to_scan: intelliscan-file-types + # id: 50 + # intelli_trap_enabled: false + # machine_learning_enabled: true + # memory_scan_enabled: false + # microsoft_office_enabled: true + # microsoft_office_layers: 3 + # name: test_malware_2 + # network_directories_enabled: false + # real_time_scan: read-write + # scan_action_for_machine_learning: pass + # scan_compressed_enabled: false + # scan_type: real-time + # spyware_enabled: true + # before: + # - alert_enabled: true + # amsi_scan_enabled: true + # behavior_monitoring_enabled: false + # custom_remediation_actions_enabled: false + # description: test malware 2 description + # directories_to_scan: all-directories + # document_exploit_heuristic_level: default + # document_exploit_protection: critical-only + # document_exploit_protection_enabled: true + # files_to_scan: all-files + # id: 50 + # intelli_trap_enabled: false + # machine_learning_enabled: true + # memory_scan_enabled: false + # microsoft_office_enabled: true + # microsoft_office_layers: 3 + # name: test_malware_2 + # network_directories_enabled: false + # real_time_scan: read-write + # scan_action_for_machine_learning: pass + # scan_compressed_enabled: false + # scan_type: real-time + # spyware_enabled: true + + # Using REPLACED state + # -------------------- + + - name: Replaced AntiMalware Rules + trendmicro.deepsec.deepsec_anti_malwares: + state: replaced + config: + - name: test_malware_2 + description: REPLACE test malware 2 description + scan_action_for_virus: quarantine + alert_enabled: true + files_to_scan: intelliscan-file-types + scan_type: real-time + real_time_scan: read-only + cpu_usage: medium + + # RUN output: + # ----------- + + # anti_malwares: + # after: + # - alert_enabled: true + # amsi_scan_enabled: true + # behavior_monitoring_enabled: false + # custom_remediation_actions_enabled: false + # description: REPLACE test malware 2 description + # directories_to_scan: all-directories + # document_exploit_heuristic_level: default + # document_exploit_protection: critical-only + # document_exploit_protection_enabled: true + # files_to_scan: intelliscan-file-types + # id: 51 + # intelli_trap_enabled: false + # machine_learning_enabled: true + # memory_scan_enabled: false + # microsoft_office_enabled: true + # microsoft_office_layers: 3 + # name: test_malware_2 + # network_directories_enabled: false + # real_time_scan: read-only + # scan_action_for_machine_learning: pass + # scan_compressed_enabled: false + # scan_type: real-time + # spyware_enabled: true + # before: + # - alert_enabled: true + # amsi_scan_enabled: true + # behavior_monitoring_enabled: false + # custom_remediation_actions_enabled: false + # description: UPDATE test malware 2 description + # directories_to_scan: all-directories + # document_exploit_heuristic_level: default + # document_exploit_protection: critical-only + # document_exploit_protection_enabled: true + # files_to_scan: intelliscan-file-types + # id: 50 + # intelli_trap_enabled: false + # machine_learning_enabled: true + # memory_scan_enabled: false + # microsoft_office_enabled: true + # microsoft_office_layers: 3 + # name: test_malware_2 + # network_directories_enabled: false + # real_time_scan: read-write + # scan_action_for_machine_learning: pass + # scan_compressed_enabled: false + # scan_type: real-time + # spyware_enabled: true + + # Using GATHERED state + # -------------------- + + - name: Gather AntiMalware Rules by AntiMalware names + trendmicro.deepsec.deepsec_anti_malwares: + state: gathered + config: + - name: test_malware_1 + - name: test_malware_2 + + # RUN output: + # ----------- + + # gathered: + # - alert_enabled: true + # cpu_usage: medium + # custom_remediation_actions_enabled: false + # description: test malware 1 description + # directories_to_scan: all-directories + # document_exploit_heuristic_level: default + # document_exploit_protection: critical-only + # document_exploit_protection_enabled: true + # files_to_scan: all-files + # id: 49 + # microsoft_office_enabled: true + # microsoft_office_layers: 3 + # name: test_malware_1 + # scan_compressed_enabled: false + # scan_type: on-demand + # spyware_enabled: true + # - alert_enabled: true + # amsi_scan_enabled: true + # behavior_monitoring_enabled: false + # custom_remediation_actions_enabled: false + # description: test malware 2 description + # directories_to_scan: all-directories + # document_exploit_heuristic_level: default + # document_exploit_protection: critical-only + # document_exploit_protection_enabled: true + # files_to_scan: intelliscan-file-types + # id: 51 + # intelli_trap_enabled: false + # machine_learning_enabled: true + # memory_scan_enabled: false + # microsoft_office_enabled: true + # microsoft_office_layers: 3 + # name: test_malware_2 + # network_directories_enabled: false + # real_time_scan: read-only + # scan_action_for_machine_learning: pass + # scan_compressed_enabled: false + # scan_type: real-time + # spyware_enabled: true + + - name: Gather ALL of the AntiMalware Rules + trendmicro.deepsec.deepsec_anti_malwares: + state: gathered + + # Using DELETED state + # ------------------- + + - name: Delete AntiMalware Rules + trendmicro.deepsec.deepsec_anti_malwares: + state: deleted + config: + - name: test_malware_1 + - name: test_malware_2 + + # RUN output: + # ----------- + + # anti_malwares: + # after: [] + # before: + # - alert_enabled: true + # cpu_usage: medium + # custom_remediation_actions_enabled: false + # description: test malware 1 description + # directories_to_scan: all-directories + # document_exploit_heuristic_level: default + # document_exploit_protection: critical-only + # document_exploit_protection_enabled: true + # files_to_scan: all-files + # id: 49 + # microsoft_office_enabled: true + # microsoft_office_layers: 3 + # name: test_malware_1 + # scan_compressed_enabled: false + # scan_type: on-demand + # spyware_enabled: true + # - alert_enabled: true + # amsi_scan_enabled: true + # behavior_monitoring_enabled: false + # custom_remediation_actions_enabled: false + # description: test malware 2 description + # directories_to_scan: all-directories + # document_exploit_heuristic_level: default + # document_exploit_protection: critical-only + # document_exploit_protection_enabled: true + # files_to_scan: intelliscan-file-types + # id: 51 + # intelli_trap_enabled: false + # machine_learning_enabled: true + # memory_scan_enabled: false + # microsoft_office_enabled: true + # microsoft_office_layers: 3 + # name: test_malware_2 + # network_directories_enabled: false + # real_time_scan: read-only + # scan_action_for_machine_learning: pass + # scan_compressed_enabled: false + # scan_type: real-time + # spyware_enabled: true + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ after + +
+ list +
+ 		when changed +
The configuration as structured data after module completion.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
+
+
+ before + +
+ list +
+ 		always +
The configuration as structured data prior to module invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@justjais) diff --git a/docs/trendmicro.deepsec.deepsec_apikey_module.rst b/docs/trendmicro.deepsec.deepsec_apikey_module.rst new file mode 100644 index 0000000..c5a4417 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_apikey_module.rst @@ -0,0 +1,392 @@ +.. _trendmicro.deepsec.deepsec_apikey_module: + + +********************************* +trendmicro.deepsec.deepsec_apikey +********************************* + +**Create a new and manage API Keys.** + + +Version added: 1.0.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module create and manages API key under TrendMicro Deep Security. + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ api_keys + +
+ list + / elements=dictionary +
+ 		+ +
List of API keys that needs to be configured
+
+
+ active + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
If true, the APIKey can be used to authenticate. If false, the APIKey is locked out.
+
+
+ created + +
+ integer +
+ 		+ +
Timestamp of the APIKey's creation, in milliseconds since epoch.
+
+
+ current + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
If true, generates a new secret key for the current API key.
+
Valid param only with secret_key.
+
+
+ description + +
+ string +
+ 		+ +
Description of the APIKey.
+
+
+ expiry_date + +
+ integer +
+ 		+ +
Timestamp of the APIKey's expiry date, in milliseconds since epoch.
+
+
+ id + +
+ string +
+ 		+ +
The ID number of the API key to modify. Required when modifying the API key
+
+
+ key_name + +
+ string +
+ 		+ +
Display name of the APIKey.
+
+
+ last_sign_in + +
+ integer +
+ 		+ +
Timestamp of the APIKey's last successful authentication, in milliseconds since epoch.
+
+
+ locale + +
+ string +
+ 		+
    Choices: +
  • en-US
    • +
  • ja-JP
    • +
+ 		+
Country and language for the APIKey.
+
+
+ role_id + +
+ integer +
+ 		+ +
ID of the role assigned to the APIKey.
+
+
+ secret_key + +
+ string +
+ 		+ +
Secret key used to authenticate API requests. Only returned when creating a new APIKey or regenerating the secret key.
+
With secret key generation as everytime request is fired it'll try to create a new secret key, so with secret key idempotency will not be maintained
+
+
+ service_account + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
If true, the APIKey was created by the primary tenant (T0) to authenticate API calls against other tenants' databases.
+
Valid param only with secret_key.
+
+
+ time_zone + +
+ string +
+ 		+ +
Display name of the APIKey's time zone, e.g. America/New_York.
+
+
+ unlock_time + +
+ integer +
+ 		+ +
Timestamp of when a locked out APIKey will be unlocked, in milliseconds since epoch.
+
+
+ unsuccessful_sign_in_attempts + +
+ integer +
+ 		+ +
Number of unsuccessful authentication attempts made since the last successful authentication.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • present ←
    • +
  • absent
    • +
  • gathered
    • +
+ 		+
The state the configuration should be left in
+
The state gathered will get the module API configuration from the device and transform it into structured data in the format as per the module argspec and the value is returned in the gathered key within the result.
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + - name: Create a new API key + trendmicro.deepsec.deepsec_apikey: + state: present + api_keys: + - key_name: admin_apiKeys + description: test API keys 1 + active: true + role_id: 1 + locale: en-US + - key_name: auditor_apiKeys + description: test API keys 2 + active: true + role_id: 2 + locale: en-US + - name: Generate Secret key for current API key + trendmicro.deepsec.deepsec_apikey: + state: present + api_keys: + - current: true + - name: Generate Secret key for specified API key + trendmicro.deepsec.deepsec_apikey: + state: present + api_keys: + - key_name: admin_apiKeys + secret_key: test_secret + - name: Get the API keys by Name + trendmicro.deepsec.deepsec_apikey: + api_keys: + - key_name: admin_apiKeys + state: gathered + - name: Get all the API keys + trendmicro.deepsec.deepsec_apikey: + state: gathered + - name: Delete/Remove the API key by name + trendmicro.deepsec.deepsec_apikey: + state: absent + key_name: test_apiKeys + + + + +Status +------ + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@justjais) " diff --git a/docs/trendmicro.deepsec.deepsec_firewall_rules_module.rst b/docs/trendmicro.deepsec.deepsec_firewall_rules_module.rst new file mode 100644 index 0000000..6f78ad6 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_firewall_rules_module.rst @@ -0,0 +1,1579 @@ +.. _trendmicro.deepsec.deepsec_firewall_rules_module: + + +***************************************** +trendmicro.deepsec.deepsec_firewall_rules +***************************************** + +**Manages Firewall Rule resource module** + + +Version added: 1.2.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Firewall rule details. + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ config + +
+ list + / elements=dictionary +
+ 		+ +
A dictionary of Firewall Rules options
+
+
+ action + +
+ string +
+ 		+
    Choices: +
  • log-only
    • +
  • allow
    • +
  • deny
    • +
  • force-allow
    • +
  • bypass
    • +
+ 		+
Action of the packet filter. Searchable as Choice.
+
+
+ alert_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if this filter should be alerted on. Searchable as Boolean.
+
+
+ any_flags + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
True if any flags are used. Searchable as Boolean.
+
+
+ context_id + +
+ integer +
+ 		+ +
RuleContext that is applied to this filter. Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ description + +
+ string +
+ 		+ +
Description of the firewall rule. Searchable as String.
+
+
+ destination_iplist_id + +
+ integer +
+ 		+ +
ID of destination IP list. Only applies to destination IP type "ip-list". Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ destination_ipmask + +
+ string +
+ 		+ +
Destination IP mask. Only applies to destination IP type "masked-ip". Searchable as String.
+
+
+ destination_ipmultiple + +
+ list + / elements=string +
+ 		+ +
List of comma-delimited destination IP addresses. Only applies to destination IP type "multiple". Searchable as String.
+
+
+ destination_ipnot + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the destination IP setting should be inverted. Set to true to invert. Searchable as Boolean.
+
+
+ destination_iprange_from + +
+ string +
+ 		+ +
The first value for a range of destination IP addresses. Only applies to estination IP type "range". Searchable as String.
+
+
+ destination_iprange_to + +
+ string +
+ 		+ +
The last value for a range of destination IP addresses. Only applies to destination IP type "range". Searchable as String.
+
+
+ destination_iptype + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • masked-ip
    • +
  • range
    • +
  • ip-list
    • +
  • single
    • +
  • multiple
    • +
+ 		+
Destination IP type. Default is "any". Searchable as Choice.
+
+
+ destination_ipvalue + +
+ string +
+ 		+ +
Destination IP. Only applies to destination IP type "masked-ip" or "single". Searchable as String.
+
+
+ destination_maclist_id + +
+ integer +
+ 		+ +
ID of MAC address list. Only applies to MAC type "mac-list". Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ destination_macmultiple + +
+ list + / elements=string +
+ 		+ +
List of comma-delimited MAC addresses. Only applies to MAC type "multiple". Searchable as String.
+
+
+ destination_macnot + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the destination MAC setting should be inverted. Set to true to invert. Searchable as Boolean.
+
+
+ destination_mactype + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • single
    • +
  • mac-list
    • +
  • multiple
    • +
+ 		+
Destination MAC type. Default is "any". Searchable as Choice.
+
+
+ destination_macvalue + +
+ string +
+ 		+ +
Destination MAC address. Only applies to MAC type "single". Searchable as String.
+
+
+ destination_port_list_id + +
+ integer +
+ 		+ +
ID of destination port list. Only applies to destination type "port-list". Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ destination_port_multiple + +
+ list + / elements=string +
+ 		+ +
List of comma-delimited destination ports. Only applies to destination type "multiple". Searchable as String.
+
+
+ destination_port_not + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the destination port setting should be inverted. Set to true to invert. Searchable as Boolean.
+
+
+ destination_port_type + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • multiple
    • +
  • port-list
    • +
+ 		+
The type of destination port. Searchable as Choice.
+
+
+ direction + +
+ string +
+ 		+
    Choices: +
  • incoming
    • +
  • outgoing
    • +
+ 		+
Packet direction. Searchable as Choice.
+
+
+ frame_not + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the frame setting should be inverted. Set to true to invert. Searchable as Boolean.
+
+
+ frame_number + +
+ integer +
+ 		+ +
Ethernet frame number. Only required for FrameType "other". Searchable as Numeric.
+
+
+ frame_type + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • ip
    • +
  • arp
    • +
  • revarp
    • +
  • ipv4
    • +
  • ipv6
    • +
  • other
    • +
+ 		+
Supported frame types. Searchable as Choice.
+
+
+ icmpcode + +
+ integer +
+ 		+ +
ICMP code
+
+
+ icmpnot + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
ICMP not
+
+
+ icmptype + +
+ integer +
+ 		+ +
ICMP type
+
+
+ id + +
+ integer +
+ 		+ +
ID of the firewall rule. Searchable as ID.
+
+
+ include_packet_data + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if this filter should capture data for every log. Searchable as Boolean.
+
+
+ log_disabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if logging for this filter is disabled. Only applies to filter action "log-only" or "deny". Searchable as Boolean.
+
+
+ name + +
+ string +
+ 		+ +
Name of the firewall rule. Searchable as String.
+
+
+ priority + +
+ string +
+ 		+
    Choices: +
  • 0
    • +
  • 1
    • +
  • 2
    • +
  • 3
    • +
  • 4
    • +
+ 		+
Priority of the packet filter. Searchable as Choice.
+
+
+ protocol + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • icmp
    • +
  • igmp
    • +
  • ggp
    • +
  • tcp
    • +
  • pup
    • +
  • udp
    • +
  • idp
    • +
  • nd
    • +
  • raw
    • +
  • tcp-udp
    • +
  • icmpv6
    • +
  • other
    • +
+ 		+
Protocol. Searchable as Choice.
+
+
+ protocol_not + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the protocol setting should be inverted. Set to true to invert. Searchable as Boolean.
+
+
+ protocol_number + +
+ integer +
+ 		+ +
Two-byte protocol number. Searchable as Numeric.
+
+
+ schedule_id + +
+ integer +
+ 		+ +
ID of the schedule to control when this filter is "on". Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ source_iplist_id + +
+ integer +
+ 		+ +
ID of source IP list. Only applies to source IP type "ip-list". Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ source_ipmask + +
+ string +
+ 		+ +
Source IP mask. Only applies to source IP type "masked-ip". Searchable as String.
+
+
+ source_ipmultiple + +
+ list + / elements=string +
+ 		+ +
List of source IP addresses. Only applies to source IP type "multiple". Searchable as String.
+
+
+ source_ipnot + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the source IP setting should be inverted. Set to true to invert. Searchable as Boolean.
+
+
+ source_iprange_from + +
+ string +
+ 		+ +
The first value for a range of source IP addresses. Only applies to source IP type "range". Searchable as String.
+
+
+ source_iprange_to + +
+ string +
+ 		+ +
The last value for a range of source IP addresses. Only applies to source IP type "range". Searchable as String.
+
+
+ source_iptype + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • masked-ip
    • +
  • range
    • +
  • ip-list
    • +
  • single
    • +
  • multiple
    • +
+ 		+
Source IP type. Default is "any". Searchable as Choice.
+
+
+ source_ipvalue + +
+ string +
+ 		+ +
Source IP. Only applies to source IP type "masked-ip" or "single". Searchable as String.
+
+
+ source_maclist_id + +
+ integer +
+ 		+ +
ID of MAC address list. Only applies to MAC type "mac-list". Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ source_macmultiple + +
+ list + / elements=string +
+ 		+ +
List of MAC addresses. Only applies to MAC type "multiple". Searchable as String.
+
+
+ source_macnot + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the source MAC setting should be inverted. Set to true to invert. Searchable as Boolean.
+
+
+ source_mactype + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • single
    • +
  • mac-list
    • +
  • multiple
    • +
+ 		+
Source MAC type. Default is "any". Searchable as Choice.
+
+
+ source_macvalue + +
+ string +
+ 		+ +
Source MAC address. Only applies to MAC type "single". Searchable as String.
+
+
+ source_port_list_id + +
+ integer +
+ 		+ +
ID of source port list. Only applies to source type "port-list". Set to 0 to remove any assignment. Searchable as Numeric.
+
+
+ source_port_multiple + +
+ list + / elements=string +
+ 		+ +
List of comma-delimited source ports. Only applies to source type "multiple". Searchable as String.
+
+
+ source_port_not + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the source port setting should be inverted. Set to true to invert. Searchable as Boolean.
+
+
+ source_port_type + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • multiple
    • +
  • port-list
    • +
+ 		+
The type of source port. Searchable as Choice.
+
+
+ tcpflags + +
+ list + / elements=string +
+ 		+ +
TCP flags
+
+
+ tcpnot + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
TCP not
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • merged
    • +
  • replaced
    • +
  • overridden
    • +
  • gathered
    • +
  • deleted
    • +
+ 		+
The state the configuration should be left in
+
The state gathered will get the module API configuration from the device and transform it into structured data in the format as per the module argspec and the value is returned in the gathered key within the result.
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + # Using MERGED state + # ------------------- + + - name: Create Firewall Rules + trendmicro.deepsec.deepsec_firewall_rules: + state: merged + config: + - name: test_firewallrule_1 + description: incoming firewall 1 rule description + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: incoming + protocol: tcp + log_disabled: true + - name: test_firewallrule_2 + description: incoming firewall 2 rule description + action: deny + priority: 0 + source_iptype: any + source_ipnot: false + source_port_type: any + destination_iptype: any + direction: incoming + protocol: tcp + + # RUN output: + # ----------- + + # firewall_rules: + # after: + # - action: deny + # alert_enabled: false + # any_flags: true + # description: incoming firewall 1 rule description + # destination_ipnot: false + # destination_iptype: any + # destination_macnot: false + # destination_mactype: any + # destination_port_not: false + # destination_port_type: any + # direction: incoming + # frame_not: false + # frame_number: 2048 + # frame_type: ip + # id: 148 + # include_packet_data: false + # log_disabled: true + # name: test_firewallrule_1 + # priority: '0' + # protocol: tcp + # protocol_not: false + # source_ipnot: false + # source_iptype: any + # source_macnot: false + # source_mactype: any + # source_port_not: false + # source_port_type: any + # - action: deny + # alert_enabled: false + # any_flags: true + # description: incoming firewall 2 rule description + # destination_ipnot: false + # destination_iptype: any + # destination_macnot: false + # destination_mactype: any + # destination_port_not: false + # destination_port_type: any + # direction: incoming + # frame_not: false + # frame_number: 2048 + # frame_type: ip + # id: 149 + # include_packet_data: false + # log_disabled: false + # name: test_firewallrule_2 + # priority: '0' + # protocol: tcp + # protocol_not: false + # source_ipnot: false + # source_iptype: any + # source_macnot: false + # source_mactype: any + # source_port_not: false + # source_port_type: any + # before: [] + + - name: Modify the severity of Firewall Rule by name + trendmicro.deepsec.deepsec_firewall_rules: + state: merged + config: + - name: test_firewallrule_1 + action: allow + + # RUN output: + # ----------- + + # firewall_rules: + # after: + # - action: allow + # alert_enabled: false + # any_flags: true + # description: incoming firewall 1 rule description + # destination_ipnot: false + # destination_iptype: any + # destination_macnot: false + # destination_mactype: any + # destination_port_not: false + # destination_port_type: any + # direction: incoming + # frame_not: false + # frame_number: 2048 + # frame_type: ip + # id: 148 + # include_packet_data: false + # log_disabled: true + # name: test_firewallrule_1 + # priority: '0' + # protocol: tcp + # protocol_not: false + # source_ipnot: false + # source_iptype: any + # source_macnot: false + # source_mactype: any + # source_port_not: false + # source_port_type: any + # before: + # - action: deny + # alert_enabled: false + # any_flags: true + # description: incoming firewall 1 rule description + # destination_ipnot: false + # destination_iptype: any + # destination_macnot: false + # destination_mactype: any + # destination_port_not: false + # destination_port_type: any + # direction: incoming + # frame_not: false + # frame_number: 2048 + # frame_type: ip + # id: 148 + # include_packet_data: false + # log_disabled: true + # name: test_firewallrule_1 + # priority: '0' + # protocol: tcp + # protocol_not: false + # source_ipnot: false + # source_iptype: any + # source_macnot: false + # source_mactype: any + # source_port_not: false + # source_port_type: any + + # Using REPLACED state + # -------------------- + + - name: Replace existing Firewall Rules + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: replaced + config: + - name: test_firewallrule_1 + description: outgoing firewall 1 REPLACED rule + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: outgoing + protocol: any + log_disabled: true + + # RUN output: + # ----------- + + # firewall_rules: + # after: + # - action: deny + # alert_enabled: false + # any_flags: true + # description: outgoing firewall 1 REPLACED rule + # destination_ipnot: false + # destination_iptype: any + # destination_macnot: false + # destination_mactype: any + # destination_port_not: false + # destination_port_type: any + # direction: outgoing + # frame_not: false + # frame_number: 2048 + # frame_type: ip + # id: 150 + # include_packet_data: false + # log_disabled: true + # name: test_firewallrule_1 + # priority: '0' + # protocol: any + # protocol_not: false + # source_ipnot: false + # source_iptype: any + # source_macnot: false + # source_mactype: any + # source_port_not: false + # source_port_type: any + # before: + # - action: allow + # alert_enabled: false + # any_flags: true + # description: incoming firewall 1 rule description + # destination_ipnot: false + # destination_iptype: any + # destination_macnot: false + # destination_mactype: any + # destination_port_not: false + # destination_port_type: any + # direction: incoming + # frame_not: false + # frame_number: 2048 + # frame_type: ip + # id: 148 + # include_packet_data: false + # log_disabled: true + # name: test_firewallrule_1 + # priority: '0' + # protocol: tcp + # protocol_not: false + # source_ipnot: false + # source_iptype: any + # source_macnot: false + # source_mactype: any + # source_port_not: false + # source_port_type: any + + # Using GATHERED state + # -------------------- + + - name: Gather Firewall Rules by FW names + trendmicro.deepsec.deepsec_firewall_rules: + state: gathered + config: + - name: test_firewallrule_1 + - name: test_firewallrule_2 + + # RUN output: + # ----------- + + # gathered: + # - action: deny + # alert_enabled: false + # any_flags: true + # description: incoming firewall 1 rule description + # destination_ipnot: false + # destination_iptype: any + # destination_macnot: false + # destination_mactype: any + # destination_port_not: false + # destination_port_type: any + # direction: incoming + # frame_not: false + # frame_number: 2048 + # frame_type: ip + # id: 150 + # include_packet_data: false + # log_disabled: true + # name: test_firewallrule_1 + # priority: '0' + # protocol: tcp + # protocol_not: false + # source_ipnot: false + # source_iptype: any + # source_macnot: false + # source_mactype: any + # source_port_not: false + # source_port_type: any + # - action: deny + # alert_enabled: false + # any_flags: true + # description: incoming firewall 2 rule description + # destination_ipnot: false + # destination_iptype: any + # destination_macnot: false + # destination_mactype: any + # destination_port_not: false + # destination_port_type: any + # direction: incoming + # frame_not: false + # frame_number: 2048 + # frame_type: ip + # id: 149 + # include_packet_data: false + # log_disabled: false + # name: test_firewallrule_2 + # priority: '0' + # protocol: tcp + # protocol_not: false + # source_ipnot: false + # source_iptype: any + # source_macnot: false + # source_mactype: any + # source_port_not: false + # source_port_type: any + + - name: Gather ALL of the Firewall Rules + trendmicro.deepsec.deepsec_firewall_rules: + state: gathered + + # Using DELETED state + # ------------------- + + - name: Delete Firewall Rules + trendmicro.deepsec.deepsec_firewall_rules: + state: deleted + config: + - name: test_firewallrule_1 + - name: test_firewallrule_2 + + # RUN output: + # ----------- + + # firewall_rules: + # after: [] + # before: + # - action: deny + # alert_enabled: false + # any_flags: true + # description: incoming firewall 1 rule description + # destination_ipnot: false + # destination_iptype: any + # destination_macnot: false + # destination_mactype: any + # destination_port_not: false + # destination_port_type: any + # direction: incoming + # frame_not: false + # frame_number: 2048 + # frame_type: ip + # id: 150 + # include_packet_data: false + # log_disabled: true + # name: test_firewallrule_1 + # priority: '0' + # protocol: tcp + # protocol_not: false + # source_ipnot: false + # source_iptype: any + # source_macnot: false + # source_mactype: any + # source_port_not: false + # source_port_type: any + # - action: deny + # alert_enabled: false + # any_flags: true + # description: incoming firewall 2 rule description + # destination_ipnot: false + # destination_iptype: any + # destination_macnot: false + # destination_mactype: any + # destination_port_not: false + # destination_port_type: any + # direction: incoming + # frame_not: false + # frame_number: 2048 + # frame_type: ip + # id: 149 + # include_packet_data: false + # log_disabled: false + # name: test_firewallrule_2 + # priority: '0' + # protocol: tcp + # protocol_not: false + # source_ipnot: false + # source_iptype: any + # source_macnot: false + # source_mactype: any + # source_port_not: false + # source_port_type: any + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ after + +
+ list +
+ 		when changed +
The configuration as structured data after module completion.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
+
+
+ before + +
+ list +
+ 		always +
The configuration as structured data prior to module invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@justjais) diff --git a/docs/trendmicro.deepsec.deepsec_firewallrules_module.rst b/docs/trendmicro.deepsec.deepsec_firewallrules_module.rst new file mode 100644 index 0000000..144d9e2 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_firewallrules_module.rst @@ -0,0 +1,1083 @@ +.. _trendmicro.deepsec.deepsec_firewallrules_module: + + +**************************************** +trendmicro.deepsec.deepsec_firewallrules +**************************************** + +**Create a new firewall rule.** + + +Version added: 1.0.0 + +.. contents:: + :local: + :depth: 1 + +DEPRECATED +---------- +:Removed in collection release after 2023-12-01 +:Why: Newer and updated modules released with more functionality +:Alternative: deepsec_firewall_rules + + + +Synopsis +-------- +- This module creates a new firewall rule under TrendMicro Deep Security. + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ action + +
+ string +
+ 		+
    Choices: +
  • log-only
    • +
  • allow
    • +
  • deny
    • +
  • force-allow
    • +
  • bypass
    • +
+ 		+
Action of the packet filter.
+
+
+ alert_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if this filter should be alerted on.
+
+
+ any_flags + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
True if any flags are used.
+
+
+ context_id + +
+ integer +
+ 		+ +
ID of the schedule to control when this filter is 'on'.
+
+
+ description + +
+ string +
+ 		+ +
Description of the firewall rule
+
+
+ destination_iplist_id + +
+ integer +
+ 		+ +
ID of destination IP list. Only applies to destination IP type 'ip-list'.
+
+
+ destination_ipmask + +
+ string +
+ 		+ +
Destination IP mask. Only applies to destination IP type 'masked-ip'.
+
+
+ destination_ipmultiple + +
+ list + / elements=string +
+ 		+ +
List of comma-delimited destination IP addresses. Only applies to destination IP type 'multiple'.
+
+
+ destination_ipnot + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the destination IP setting should be inverted. Set to true to invert.
+
+
+ destination_iprange_from + +
+ string +
+ 		+ +
The first value for a range of destination IP addresses. Only applies to estination IP type 'range'.
+
+
+ destination_iprange_to + +
+ string +
+ 		+ +
The last value for a range of destination IP addresses. Only applies to destination IP type 'range'.
+
+
+ destination_iptype + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • masked-ip
    • +
  • range
    • +
  • ip-list
    • +
  • single
    • +
  • multiple
    • +
+ 		+
Destination IP type.
+
+
+ destination_ipvalue + +
+ string +
+ 		+ +
Destination IP. Only applies to destination IP type 'masked-ip' or 'single'.
+
+
+ destination_maclist_id + +
+ integer +
+ 		+ +
ID of MAC address list. Only applies to MAC type 'mac-list'.
+
+
+ destination_macmultiple + +
+ list + / elements=string +
+ 		+ +
List of comma-delimited MAC addresses. Only applies to MAC type 'multiple'.
+
+
+ destination_macnot + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the destination MAC setting should be inverted. Set to true to invert.
+
+
+ destination_mactype + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • single
    • +
  • mac-list
    • +
  • multiple
    • +
+ 		+
Destination MAC type.
+
+
+ destination_macvalue + +
+ string +
+ 		+ +
Destination MAC address. Only applies to MAC type 'single'.
+
+
+ destination_port_list_id + +
+ integer +
+ 		+ +
ID of destination port list. Only applies to destination type 'port-list'.
+
+
+ destination_port_multiple + +
+ list + / elements=string +
+ 		+ +
List of comma-delimited destination ports. Only applies to destination type 'multiple'.
+
+
+ destination_port_not + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the destination port setting should be inverted. Set to true to invert.
+
+
+ destination_port_type + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • multiple
    • +
  • port-list
    • +
+ 		+
The type of destination port.
+
+
+ direction + +
+ string +
+ 		+
    Choices: +
  • incoming
    • +
  • outgoing
    • +
+ 		+
Packet direction.
+
+
+ frame_not + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the frame setting should be inverted. Set to true to invert.
+
+
+ frame_number + +
+ integer +
+ 		+ +
Ethernet frame number. Only required for FrameType 'other'.
+
+
+ frame_type + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • ip
    • +
  • arp
    • +
  • revarp
    • +
  • ipv4
    • +
  • ipv6
    • +
  • other
    • +
+ 		+
Supported frame types.
+
+
+ icmpcode + +
+ integer +
+ 		+ +
ICMPCode
+
+
+ icmpnot + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
ICMP Not
+
+
+ icmptype + +
+ integer +
+ 		+ +
ICMP Type
+
+
+ include_packet_data + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if this filter should capture data for every log.
+
+
+ log_disabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if logging for this filter is disabled. Only applies to filter action 'log-only' or 'deny'.
+
+
+ name + +
+ string + / required +
+ 		+ +
Name of the firewall rule
+
+
+ priority + +
+ string +
+ 		+
    Choices: +
  • 0
    • +
  • 1
    • +
  • 2
    • +
  • 3
    • +
  • 4
    • +
+ 		+
Priority of the packet filter.
+
+
+ protocol + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • icmp
    • +
  • igmp
    • +
  • ggp
    • +
  • tcp
    • +
  • pup
    • +
  • udp
    • +
  • idp
    • +
  • nd
    • +
  • raw
    • +
  • tcp-udp
    • +
  • icmpv6
    • +
  • other
    • +
+ 		+
Protocol.
+
+
+ protocol_not + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the protocol setting should be inverted. Set to true to invert.
+
+
+ protocol_number + +
+ integer +
+ 		+ +
Two-byte protocol number.
+
+
+ source_iplist_id + +
+ integer +
+ 		+ +
ID of source IP list. Only applies to source IP type 'ip-list'.
+
+
+ source_ipmask + +
+ string +
+ 		+ +
Source IP mask. Only applies to source IP type 'masked-ip'.
+
+
+ source_ipmultiple + +
+ list + / elements=string +
+ 		+ +
List of source IP addresses. Only applies to source IP type 'multiple'.
+
+
+ source_ipnot + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the source IP setting should be inverted. Set to true to invert.
+
+
+ source_iprange_from + +
+ string +
+ 		+ +
The first value for a range of source IP addresses. Only applies to source IP type 'range'.
+
+
+ source_iprange_to + +
+ string +
+ 		+ +
The last value for a range of source IP addresses. Only applies to source IP type 'range'.
+
+
+ source_iptype + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • masked-ip
    • +
  • range
    • +
  • ip-list
    • +
  • single
    • +
  • multiple
    • +
+ 		+
Source IP type.
+
+
+ source_ipvalue + +
+ string +
+ 		+ +
Source IP. Only applies to source IP type 'masked-ip' or 'single'.
+
+
+ source_maclist_id + +
+ integer +
+ 		+ +
ID of MAC address list. Only applies to MAC type 'mac-list'.
+
+
+ source_macmultiple + +
+ list + / elements=string +
+ 		+ +
List of MAC addresses. Only applies to MAC type 'multiple'.
+
+
+ source_macnot + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the source MAC setting should be inverted. Set to true to invert.
+
+
+ source_mactype + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • single
    • +
  • mac-list
    • +
  • multiple
    • +
+ 		+
Source MAC type.
+
+
+ source_macvalue + +
+ string +
+ 		+ +
Source MAC address. Only applies to MAC type 'single'.
+
+
+ source_port_list_id + +
+ integer +
+ 		+ +
ID of source port list. Only applies to source type 'port-list'.
+
+
+ source_port_multiple + +
+ list + / elements=string +
+ 		+ +
List of comma-delimited source ports. Only applies to source type 'multiple'.
+
+
+ source_port_not + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls if the source MAC setting should be inverted. Set to true to invert.
+
+
+ source_port_type + +
+ string +
+ 		+
    Choices: +
  • any
    • +
  • multiple
    • +
  • port-list
    • +
+ 		+
The type of source port.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • present ←
    • +
  • absent
    • +
+ 		+
The state the configuration should be left in
+
+
+ tcpflags + +
+ list + / elements=string +
+ 		+
    Choices: +
  • fin
    • +
  • syn
    • +
  • rst
    • +
  • psh
    • +
  • ack
    • +
  • urg
    • +
+ 		+
TCP flags
+
+
+ tcpnot + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
TCP Not
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + - name: Create/Config a new Firewall Rule Config + trendmicro.deepsec.deepsec_firewallrules: + state: present + name: test_firewallrule config + description: test firewall description + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: incoming + protocol: tcp + tcpflags: + - syn + + - name: Delete/Remove the existing Firewall rule Config + trendmicro.deepsec.deepsec_firewallrules: + state: absent + name: test_firewallrule config + + + + +Status +------ + + +- This module will be removed in a release after 2023-12-01. *[deprecated]* +- For more information see `DEPRECATED`_. + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@justjais) diff --git a/docs/trendmicro.deepsec.deepsec_hosts_info_module.rst b/docs/trendmicro.deepsec.deepsec_hosts_info_module.rst new file mode 100644 index 0000000..1323920 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_hosts_info_module.rst @@ -0,0 +1,78 @@ +.. _trendmicro.deepsec.deepsec_hosts_info_module: + + +************************************* +trendmicro.deepsec.deepsec_hosts_info +************************************* + +**Obtain information about one or many Hosts defined by TrendMicro Deep Security** + + +Version added: 1.0.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module obtains information about Hosts defined by TrendMicro Deep Security + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ id + +
+ integer +
+ 		+ +
Obtain only information of the Rule with provided ID
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + - name: Get the Host Info + trendmicro.deepsec.deepsec_hosts_info: + - name: Get the Host Info by ID + trendmicro.deepsec.deepsec_hosts_info: + id: 1 + + + + +Status +------ + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@maxamillion) diff --git a/docs/trendmicro.deepsec.deepsec_httpapi.rst b/docs/trendmicro.deepsec.deepsec_httpapi.rst new file mode 100644 index 0000000..471b3f1 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_httpapi.rst @@ -0,0 +1,43 @@ +.. _trendmicro.deepsec.deepsec_httpapi: + + +************************** +trendmicro.deepsec.deepsec +************************** + +**HttpApi Plugin for Trend Micro Deep Security** + + +Version added: 1.0.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This HttpApi plugin provides methods to connect to Trend Micro Deep Security over a HTTP(S)-based api. + + + + + + + + + + + +Status +------ + + +Authors +~~~~~~~ + +- Ansible Security Team (@ansible-security) + + +.. hint:: + Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up. diff --git a/docs/trendmicro.deepsec.deepsec_integrity_monitoring_rules_module.rst b/docs/trendmicro.deepsec.deepsec_integrity_monitoring_rules_module.rst new file mode 100644 index 0000000..8f8e0c8 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_integrity_monitoring_rules_module.rst @@ -0,0 +1,917 @@ +.. _trendmicro.deepsec.deepsec_integrity_monitoring_rules_module: + + +***************************************************** +trendmicro.deepsec.deepsec_integrity_monitoring_rules +***************************************************** + +**Manages Integrity Monitoring Rule resource module** + + +Version added: 1.2.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Integrity monitoring rules describe how Deep Security Agents should scan for and detect changes to a computer's files, directories and registry keys and values as well as changes in installed software, processes, listening ports and running services. Integrity monitoring rules can be assigned directly to computers or can be made part of a policy. + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ config + +
+ list + / elements=dictionary +
+ 		+ +
A dictionary of Integrity Monitoring Rules options
+
+
+ alert_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether an alert should be made if an event related to the IntegrityMonitoringRule is logged. Defaults to 'false'. Searchable as Boolean.
+
+
+ custom_xml + +
+ string +
+ 		+ +
Custom XML rules to be used by the IntegrityMonitoringRule. Custom XML rules must be encoded in the Base64 format. Ignored if the IntegrityMonitoringRule does not follow the 'custom' template.
+
+
+ description + +
+ string +
+ 		+ +
Description of the IntegrityMonitoringRule. Searchable as String.
+
+
+ file_attributes + +
+ list + / elements=string +
+ 		+ +
File attributes to be monitored by the IntegrityMonitoringRule. JSON array or delimited by new line. Defaults to 'STANDARD' which will monitor changes in file creation date, last modified date, permissions, owner, group, size, content, flags (Windows) and SymLinkPath (Linux). Ignored if the IntegrityMonitoringRule does not monitor a file directory.
+
+
+ file_base_directory + +
+ string +
+ 		+ +
Base of the file directory to be monitored by the IntegrityMonitoringRule. Ignored if the IntegrityMonitoringRule does not monitor a file directory.
+
+
+ file_excluded_values + +
+ list + / elements=string +
+ 		+ +
File name values to be ignored by the IntegrityMonitoringRule. JSON array or delimited by new line. Question mark matches a single character, while '*' matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a file directory.
+
+
+ file_include_sub_directories + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether the IntegrityMonitoringRule should also monitor sub-directories of the base file directory that is associated with it. Defaults to 'false'. Ignored if the IntegrityMonitoringRule does not monitor a file directory.
+
+
+ file_included_values + +
+ list + / elements=string +
+ 		+ +
File name values to be monitored by the IntegrityMonitoringRule. JSON array or delimited by new line. Question mark matches a single character, while '*' matches zero or more characters. Leaving this field blank when monitoring file directories will cause the IntegrityMonitoringRule to monitor all files in a directory. This can use significant system resources if the base directory contains numerous or large files. Ignored if the IntegrityMonitoringRule does not monitor a file directory.
+
+
+ id + +
+ integer +
+ 		+ +
ID of the IntegrityMonitoringRule. Searchable as ID.
+
+
+ identifier + +
+ string +
+ 		+ +
Identifier of the IntegrityMonitoringRule from Trend Micro. Empty if the IntegrityMonitoringRule is user created. Searchable as String.
+
+
+ last_updated + +
+ integer +
+ 		+ +
Timestamp when the IntegrityMonitoringRule was last updated, in milliseconds since epoch. Searchable as Date.
+
+
+ minimum_agent_version + +
+ string +
+ 		+ +
Minimum Deep Security Agent version that supports the IntegrityMonitoringRule. This value is provided in the X.X.X.X format. Defaults to '6.0.0.0'. If an agent is not the minimum required version, the manager does not send the rule to the agent, and generates an alert. Searchable as String.
+
+
+ minimum_manager_version + +
+ string +
+ 		+ +
Minimum Deep Security Manager version that supports the IntegrityMonitoringRule. This value is provided in the X.X.X format. Defaults to '6.0.0'. An alert will be raised if a manager that fails to meet the minimum manager version value tries to assign this rule to a host or profile. Searchable as String.
+
+
+ name + +
+ string +
+ 		+ +
Name of the IntegrityMonitoringRule. Searchable as String.
+
+
+ original_issue + +
+ integer +
+ 		+ +
Timestamp when the IntegrityMonitoringRule was originally issued by Trend Micro, in milliseconds since epoch. Empty if the IntegrityMonitoringRule is user created. Searchable as Date.
+
+
+ real_time_monitoring_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether the IntegrityMonitoringRule is monitored in real time or during every scan. Defaults to 'true' which indicates that it is monitored in real time. A value of 'false' indicates that it will only be checked during scans. Searchable as Boolean.
+
+
+ recommendations_mode + +
+ string +
+ 		+
    Choices: +
  • enabled
    • +
  • ignored
    • +
  • unknown
    • +
  • disabled
    • +
+ 		+
Indicates whether recommendation scans consider the IntegrityMonitoringRule. Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable as Choice.
+
+
+ registry_attributes + +
+ list + / elements=string +
+ 		+ +
Registry key attributes to be monitored by the IntegrityMonitoringRule. JSON array or delimited by new line. Defaults to 'STANDARD' which will monitor changes in registry size, content and type. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ registry_excluded_values + +
+ list + / elements=string +
+ 		+ +
Registry key values to be ignored by the IntegrityMonitoringRule. JSON array or delimited by new line. Question mark matches a single character, while '*' matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ registry_include_default_value + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether the rule should monitor default registry key values. Defaults to 'true'. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ registry_include_sub_keys + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether the IntegrityMonitoringRule should also include subkeys of the registry key it monitors. Defaults to 'false'. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ registry_included_values + +
+ list + / elements=string +
+ 		+ +
Registry key values to be monitored by the IntegrityMonitoringRule. JSON array or delimited by new line. Question mark matches a single character, while '*' matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ registry_key_root + +
+ string +
+ 		+ +
Registry hive which is monitored by the IntegrityMonitoringRule. Empty if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ registry_key_value + +
+ string +
+ 		+ +
Registry key which is monitored by the IntegrityMonitoringRule. Empty if the IntegrityMonitoringRule does not monitor a registry key. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ severity + +
+ string +
+ 		+
    Choices: +
  • low
    • +
  • medium
    • +
  • high
    • +
  • critical
    • +
+ 		+
Severity level of the event is multiplied by the computer's asset value to determine ranking. Ranking can be used to sort events with more business impact. Searchable as Choice.
+
+
+ template + +
+ string +
+ 		+
    Choices: +
  • registry
    • +
  • file
    • +
  • custom
    • +
+ 		+
Template which the IntegrityMonitoringRule follows.
+
+
+ type + +
+ string +
+ 		+ +
Type of the IntegrityMonitoringRule. If the rule is predefined by Trend Micro, it is set to '2'. If it is user created, it is set to '1'. Searchable as String.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • merged
    • +
  • replaced
    • +
  • overridden
    • +
  • gathered
    • +
  • deleted
    • +
+ 		+
The state the configuration should be left in
+
The state gathered will get the module API configuration from the device and transform it into structured data in the format as per the module argspec and the value is returned in the gathered key within the result.
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + # Using MERGED state + # ------------------- + + - name: Create Integrity Monitoring Rules + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + state: merged + config: + - name: THIS IS TEST IMR - 1 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 1 + real_time_monitoring_enabled: true + registry_included_values: + - test_1 + - test_2 + severity: medium + template: registry + - name: THIS IS TEST IMR - 2 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 2 + real_time_monitoring_enabled: true + registry_attributes: + - test + severity: low + template: registry + + # RUN output: + # ----------- + + # integrity_monitoring_rules: + # after: + # - alert_enabled: false + # description: THIS IS TEST IMR DESCRIPTION - 1 + # id: 328 + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: THIS IS TEST IMR - 1 + # real_time_monitoring_enabled: true + # registry_attributes: + # - STANDARD + # registry_excluded_values: + # - '' + # registry_include_default_value: true + # registry_include_sub_keys: false + # registry_included_values: + # - test_1 + # - test_2 + # registry_key_root: HKEY_CLASSES_ROOT + # registry_key_value: # severity: medium + # template: registry + # - alert_enabled: false + # description: THIS IS TEST IMR DESCRIPTION - 2 + # id: 329 + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: THIS IS TEST IMR - 2 + # real_time_monitoring_enabled: true + # registry_attributes: + # - test + # registry_excluded_values: + # - '' + # registry_include_default_value: true + # registry_include_sub_keys: false + # registry_included_values: + # - '' + # registry_key_root: HKEY_CLASSES_ROOT + # registry_key_value: # severity: low + # template: registry + # before: [] + + - name: Modify the severity of Integrity Monitoring Rule by name + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + state: merged + config: + - name: THIS IS TEST IMR - 2 + description: UPDATE TEST IMR DESCRIPTION - 2 + severity: medium + + # RUN output: + # ----------- + + # integrity_monitoring_rules: + # after: + # - alert_enabled: false + # description: UPDATE TEST IMR DESCRIPTION - 2 + # id: 329 + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: THIS IS TEST IMR - 2 + # real_time_monitoring_enabled: true + # registry_attributes: + # - test + # registry_excluded_values: + # - '' + # registry_include_default_value: true + # registry_include_sub_keys: false + # registry_included_values: + # - '' + # registry_key_root: HKEY_CLASSES_ROOT + # registry_key_value: # severity: medium + # template: registry + # before: + # - alert_enabled: false + # description: THIS IS TEST IMR DESCRIPTION - 2 + # id: 329 + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: THIS IS TEST IMR - 2 + # real_time_monitoring_enabled: true + # registry_attributes: + # - test + # registry_excluded_values: + # - '' + # registry_include_default_value: true + # registry_include_sub_keys: false + # registry_included_values: + # - '' + # registry_key_root: HKEY_CLASSES_ROOT + # registry_key_value: # severity: low + # template: registry + + # Using REPLACED state + # -------------------- + + - name: Replace existing Integrity Monitoring Rule + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + state: replaced + config: + - name: THIS IS TEST IMR - 1 + alert_enabled: false + description: THIS IS REPLACED TEST IMR DESCRIPTION - 1 + real_time_monitoring_enabled: true + registry_included_values: + - test_3 + - test_4 + severity: low + template: registry + + # RUN output: + # ----------- + + # integrity_monitoring_rules: + # after: + # - alert_enabled: false + # description: THIS IS REPLACED TEST IMR DESCRIPTION - 1 + # id: 330 + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: THIS IS TEST IMR - 1 + # real_time_monitoring_enabled: true + # registry_attributes: + # - STANDARD + # registry_excluded_values: + # - '' + # registry_include_default_value: true + # registry_include_sub_keys: false + # registry_included_values: + # - test_3 + # - test_4 + # registry_key_root: HKEY_CLASSES_ROOT + # registry_key_value: # severity: low + # template: registry + # before: + # - alert_enabled: false + # description: THIS IS TEST IMR DESCRIPTION - 1 + # id: 328 + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: THIS IS TEST IMR - 1 + # real_time_monitoring_enabled: true + # registry_attributes: + # - STANDARD + # registry_excluded_values: + # - '' + # registry_include_default_value: true + # registry_include_sub_keys: false + # registry_included_values: + # - test_1 + # - test_2 + # registry_key_root: HKEY_CLASSES_ROOT + # registry_key_value: # severity: medium + # template: registry + + # Using GATHERED state + # -------------------- + + - name: Gather Integrity Monitoring Rule by IMR names + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + state: gathered + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 + + # RUN output: + # ----------- + + # gathered: + # - alert_enabled: false + # description: THIS IS TEST IMR DESCRIPTION - 1 + # id: 330 + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: THIS IS TEST IMR - 1 + # real_time_monitoring_enabled: true + # registry_attributes: + # - STANDARD + # registry_excluded_values: + # - '' + # registry_include_default_value: true + # registry_include_sub_keys: false + # registry_included_values: + # - test_1 + # - test_3 + # - test_4 + # - test_2 + # registry_key_root: HKEY_CLASSES_ROOT + # registry_key_value: # severity: medium + # template: registry + # - alert_enabled: false + # description: THIS IS TEST IMR DESCRIPTION - 2 + # id: 329 + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: THIS IS TEST IMR - 2 + # real_time_monitoring_enabled: true + # registry_attributes: + # - test + # registry_excluded_values: + # - '' + # registry_include_default_value: true + # registry_include_sub_keys: false + # registry_included_values: + # - '' + # registry_key_root: HKEY_CLASSES_ROOT + # registry_key_value: # severity: low + # template: registry + + - name: Gather ALL of the Integrity Monitoring Rule + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + state: gathered + + # Using DELETED state + # ------------------- + + - name: Delete Integrity Monitoring Rule + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + state: deleted + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 + + # RUN output: + # ----------- + + # integrity_monitoring_rules: + # after: [] + # before: + # - alert_enabled: false + # description: THIS IS TEST IMR DESCRIPTION - 1 + # id: 330 + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: THIS IS TEST IMR - 1 + # real_time_monitoring_enabled: true + # registry_attributes: + # - STANDARD + # registry_excluded_values: + # - '' + # registry_include_default_value: true + # registry_include_sub_keys: false + # registry_included_values: + # - test_1 + # - test_3 + # - test_4 + # - test_2 + # registry_key_root: HKEY_CLASSES_ROOT + # registry_key_value: # severity: medium + # template: registry + # - alert_enabled: false + # description: THIS IS TEST IMR DESCRIPTION - 2 + # id: 329 + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: THIS IS TEST IMR - 2 + # real_time_monitoring_enabled: true + # registry_attributes: + # - test + # registry_excluded_values: + # - '' + # registry_include_default_value: true + # registry_include_sub_keys: false + # registry_included_values: + # - '' + # registry_key_root: HKEY_CLASSES_ROOT + # registry_key_value: # severity: low + # template: registry + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ after + +
+ list +
+ 		when changed +
The configuration as structured data after module completion.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
+
+
+ before + +
+ list +
+ 		always +
The configuration as structured data prior to module invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@justjais) diff --git a/docs/trendmicro.deepsec.deepsec_integrity_monitoringrules_module.rst b/docs/trendmicro.deepsec.deepsec_integrity_monitoringrules_module.rst new file mode 100644 index 0000000..8da3fc3 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_integrity_monitoringrules_module.rst @@ -0,0 +1,627 @@ +.. _trendmicro.deepsec.deepsec_integrity_monitoringrules_module: + + +**************************************************** +trendmicro.deepsec.deepsec_integrity_monitoringrules +**************************************************** + +**Create/Configure Integrity Monitoring Rules.** + + +Version added: 1.0.0 + +.. contents:: + :local: + :depth: 1 + +DEPRECATED +---------- +:Removed in collection release after 2023-12-01 +:Why: Newer and updated modules released with more functionality +:Alternative: deepsec_integrity_monitoring_rules + + + +Synopsis +-------- +- This module creates and configure Integrity Monitoring Rules under TrendMicro Deep Security. + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ config + +
+ list + / elements=dictionary +
+ 		+ +
Integrity Monitoring Rules config
+
+
+ alert_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether an alert should be made if an event related to the IntegrityMonitoringRule is logged. Defaults to false.
+
+
+ custom_xml + +
+ string +
+ 		+ +
Custom XML rules to be used by the IntegrityMonitoringRule. Custom XML rules must be encoded in the Base64 format. Ignored if the IntegrityMonitoringRule does not follow the custom template.
+
+
+ description + +
+ string +
+ 		+ +
Description of the IntegrityMonitoringRule.
+
+
+ file_attributes + +
+ list + / elements=string +
+ 		+ +
File attributes to be monitored by the IntegrityMonitoringRule. Defaults to STANDARD which will monitor changes in file creation date, last modified date, permissions, owner, group, size, content, flags (Windows) and SymLinkPath (Linux). Ignored if the IntegrityMonitoringRule does not monitor a file directory.
+
+
+ file_excluded_values + +
+ list + / elements=string +
+ 		+ +
File name values to be ignored by the IntegrityMonitoringRule. Ignored if the IntegrityMonitoringRule does not monitor a file directory.
+
+
+ file_included_values + +
+ list + / elements=string +
+ 		+ +
File name values to be monitored by the IntegrityMonitoringRule. Leaving this field blank when monitoring file directories will cause the IntegrityMonitoringRule to monitor all files in a directory. This can use significant system resources if the base directory contains numerous or large files. Ignored if the IntegrityMonitoringRule does not monitor a file directory.
+
+
+ filebase_directory + +
+ string +
+ 		+ +
Base of the file directory to be monitored by the IntegrityMonitoringRule. Ignored if the IntegrityMonitoringRule does not monitor a file directory.
+
+
+ fileinclude_subdirectories + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether the IntegrityMonitoringRule should also monitor sub-directories of the base file directory that is associated with it. Ignored if the IntegrityMonitoringRule does not monitor a file directory.
+
+
+ id + +
+ integer +
+ 		+ +
ID of the IntegrityMonitoringRule. APPLICABLE ONLY with GET call. NOT APPLICABLE param with Create/Modify POST call.
+
+
+ identifier + +
+ string +
+ 		+ +
Identifier of the IntegrityMonitoringRule from Trend Micro. Empty if the IntegrityMonitoringRule is user created. APPLICABLE ONLY with GET call. NOT APPLICABLE param with Create/Modify POST call.
+
+
+ last_updated + +
+ integer +
+ 		+ +
Timestamp when the IntegrityMonitoringRule was last updated, in milliseconds since epoch. APPLICABLE ONLY with GET call. NOT APPLICABLE param with Create/Modify POST call.
+
+
+ minimum_agent_version + +
+ string +
+ 		+ +
Minimum Deep Security Agent version that supports the IntegrityMonitoringRule. This value is provided in the X.X.X.X format. Defaults to 6.0.0.0. If an agent is not the minimum required version, the manager does not send the rule to the agent, and generates an alert. APPLICABLE ONLY with GET call. NOT APPLICABLE param with Create/Modify POST call.
+
+
+ minimum_manager_version + +
+ string +
+ 		+ +
Minimum Deep Security Manager version that supports the IntegrityMonitoringRule. This value is provided in the X.X.X format. Defaults to 6.0.0. An alert will be raised if a manager that fails to meet the minimum manager version value tries to assign this rule to a host or profile. APPLICABLE ONLY with GET call. NOT APPLICABLE param with Create/Modify POST call.
+
+
+ name + +
+ string +
+ 		+ +
Name of the IntegrityMonitoringRule.
+
+
+ original_issue + +
+ integer +
+ 		+ +
Timestamp when the IntegrityMonitoringRule was originally issued by Trend Micro, in milliseconds since epoch. Empty if the IntegrityMonitoringRule is user created. APPLICABLE ONLY with GET call. NOT APPLICABLE param with Create/Modify POST call.
+
+
+ real_time_monitoring_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether the IntegrityMonitoringRule is monitored in real time or during every scan. Defaults to true which indicates that it is monitored in real time. A value of false indicates that it will only be checked during scans.
+
+
+ recommendations_mode + +
+ string +
+ 		+
    Choices: +
  • enabled
    • +
  • ignored
    • +
  • unknown
    • +
  • disabled
    • +
+ 		+
Indicates whether recommendation scans consider the IntegrityMonitoringRule. Can be set to enabled or ignored. Custom rules cannot be recommended.
+
+
+ registry_attributes + +
+ list + / elements=string +
+ 		+ +
Registry key attributes to be monitored by the IntegrityMonitoringRule. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ registry_excluded_values + +
+ list + / elements=string +
+ 		+ +
Registry key values to be ignored by the IntegrityMonitoringRule. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ registry_include_default_value + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether the rule should monitor default registry key values. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ registry_include_subkeys + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether the IntegrityMonitoringRule should also include subkeys of the registry key it monitors. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ registry_included_values + +
+ list + / elements=string +
+ 		+ +
Registry key values to be monitored by the IntegrityMonitoringRule. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ registry_key_root + +
+ string +
+ 		+ +
Registry hive which is monitored by the IntegrityMonitoringRule. Empty if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ registry_key_value + +
+ string +
+ 		+ +
Registry key which is monitored by the IntegrityMonitoringRule. Empty if the IntegrityMonitoringRule does not monitor a registry key. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
+
+
+ severity + +
+ string +
+ 		+
    Choices: +
  • low
    • +
  • medium
    • +
  • high
    • +
  • critical
    • +
+ 		+
Severity level of the event is multiplied by the computer's asset value to determine ranking. Ranking can be used to sort events with more business impact.
+
+
+ template + +
+ string +
+ 		+
    Choices: +
  • registry
    • +
  • file
    • +
  • custom
    • +
+ 		+
Template which the IntegrityMonitoringRule follows.
+
+
+ type + +
+ string +
+ 		+ +
Type of the IntegrityMonitoringRule. If the rule is predefined by Trend Micro, it is set to 2. If it is user created, it is set to 1. APPLICABLE ONLY with GET call. NOT APPLICABLE param with Create/Modify POST call.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • present ←
    • +
  • absent
    • +
  • gathered
    • +
+ 		+
The state the configuration should be left in
+
The state gathered will get the module API configuration from the device and transform it into structured data in the format as per the module argspec and the value is returned in the gathered key within the result.
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + # Using PRESENT state + # ------------------- + + - name: Create and Configure Integrity Monitoring Rules + trendmicro.deepsec.deepsec_integrity_monitoringrules: + state: present + config: + - name: THIS IS TEST IMR - 1 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 1 + real_time_monitoring_enabled: true + registry_included_values: + - test_1 + - test_2 + severity: medium + template: registry + - name: THIS IS TEST IMR - 2 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 2 + real_time_monitoring_enabled: true + registry_attributes: + - test + severity: low + template: registry + - name: Modify the severity of Integrity Monitoring Rule by name + trendmicro.deepsec.deepsec_integrity_monitoringrules: + state: present + config: + - name: THIS IS TEST IMR - 2 + severity: medium + - name: Gather Integrity Monitoring Rules by IMR names + trendmicro.deepsec.deepsec_integrity_monitoringrules: + state: gathered + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 + - name: Gather ALL of the Integrity Monitoring Rules + trendmicro.deepsec.deepsec_integrity_monitoringrules: + state: gathered + - name: Delete existing Integrity Monitoring Rules + trendmicro.deepsec.deepsec_integrity_monitoringrules: + state: absent + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 + + + + +Status +------ + + +- This module will be removed in a release after 2023-12-01. *[deprecated]* +- For more information see `DEPRECATED`_. + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@justjais) " diff --git a/docs/trendmicro.deepsec.deepsec_intrusion_prevention_rules_module.rst b/docs/trendmicro.deepsec.deepsec_intrusion_prevention_rules_module.rst new file mode 100644 index 0000000..c3631f0 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_intrusion_prevention_rules_module.rst @@ -0,0 +1,1031 @@ +.. _trendmicro.deepsec.deepsec_intrusion_prevention_rules_module: + + +***************************************************** +trendmicro.deepsec.deepsec_intrusion_prevention_rules +***************************************************** + +**Intrusion Prevention Rule resource module.** + + +Version added: 1.2.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module creates a new intrusion preventin rul under TrendMicro Deep Security. + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ config + +
+ list + / elements=dictionary +
+ 		+ +
Intrusion prevention rules config
+
+
+ action + +
+ string +
+ 		+
    Choices: +
  • drop
    • +
  • log-only
    • +
+ 		+
Action to apply if the rule is triggered. Applicable to custom rules with template type signature or start-end-patterns.
+
+
+ alert_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Enable to raise an alert when the rule logs an event.
+
+
+ always_include_packet_data + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Enabled to include package data in the event logs. Not available if event logging disabled is true.
+
+
+ application_type_id + +
+ integer +
+ 		+ +
ID of the application type for the IntrusionPreventionRule.
+
+
+ can_be_assigned_alone + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Intrusion prevention rule can be assigned by self. Applicaple only with GET call. Not applicaple param with Create/Modify POST call
+
+
+ case_sensitive + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Enable to make signatures and patterns case sensitive. Applicable to custom rules with template type signature or start-end-patterns.
+
+
+ condition + +
+ string +
+ 		+
    Choices: +
  • all
    • +
  • any
    • +
  • none
    • +
+ 		+
Condition to determine if the rule is triggered. Applicable to custom rules with template type start-end-patterns.
+
+
+ context_id + +
+ integer +
+ 		+ +
ID of the context in which the rule is applied.
+
+
+ custom_xml + +
+ string +
+ 		+ +
The custom XML used to define the rule. Applicable to custom rules with template type custom.
+
+
+ cve + +
+ list + / elements=string +
+ 		+ +
List of CVEs associated with the IntrusionPreventionRule.
+
+
+ cvss_score + +
+ string +
+ 		+ +
A measure of the severity of the vulnerability according the National Vulnerability Database.
+
+
+ debug_mode_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Enable to log additional packets preceeding and following the packet that the rule detected. Not available if event logging disabled is true.
+
+
+ depends_on_rule_ids + +
+ list + / elements=integer +
+ 		+ +
IDs of intrusion prevention rules the rule depends on, which will be automatically assigned if this rule is assigned.
+
+
+ description + +
+ string +
+ 		+ +
Description of the IntrusionPreventionRule.
+
+
+ detect_only + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
In detect mode, the rule creates an event log and does not interfere with traffic.
+
+
+ end + +
+ string +
+ 		+ +
End pattern of the rule. Applicable to custom rules with template type start-end-patterns.
+
+
+ event_logging_disabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Enable to prevent event logs from being created when the rule is triggered. Not available if detect only is true.
+
+
+ generate_event_on_packet_drop + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Generate an event every time a packet is dropped for the rule. Not available if event logging disabled is true.
+
+
+ id + +
+ integer +
+ 		+ +
ID for the Intrusion prevention rule. Applicaple only with GET call Not applicaple param with Create/Modify POST call
+
+
+ identifier + +
+ string +
+ 		+ +
Identifier for the Intrusion prevention rule. Applicaple only with GET call. Not applicaple param with Create/Modify POST call
+
+
+ last_updated + +
+ integer +
+ 		+ +
Timestamp of the last rule modification, in milliseconds since epoch.
+
+
+ minimum_agent_version + +
+ string +
+ 		+ +
Version of the Deep Security agent or appliance required to support the rule.
+
+
+ name + +
+ string +
+ 		+ +
Name of the IntrusionPreventionRule.
+
+
+ original_issue + +
+ integer +
+ 		+ +
Timestamp of the date the rule was released, in milliseconds since epoch.
+
+
+ patterns + +
+ list + / elements=string +
+ 		+ +
Body patterns of the rule, which must be found between start and end patterns. Applicable to custom rules with template type start-end-patterns.
+
+
+ priority + +
+ string +
+ 		+
    Choices: +
  • lowest
    • +
  • low
    • +
  • normal
    • +
  • high
    • +
  • highest
    • +
+ 		+
Priority level of the rule. Higher priority rules are applied before lower priority rules.
+
+
+ recommendations_mode + +
+ string +
+ 		+
    Choices: +
  • enabled
    • +
  • ignored
    • +
  • unknown
    • +
  • disabled
    • +
+ 		+
Indicates whether recommendation scans consider the IntrusionPreventionRule. Can be set to enabled or ignored. Custom rules cannot be recommended.
+
+
+ schedule_id + +
+ integer +
+ 		+ +
ID of the schedule which defines times during which the rule is active.
+
+
+ severity + +
+ string +
+ 		+
    Choices: +
  • low
    • +
  • medium
    • +
  • high
    • +
  • critical
    • +
+ 		+
Severity level of the rule. Severity levels can be used as sorting criteria and affect event rankings.
+
+
+ signature + +
+ string +
+ 		+ +
Signature of the rule. Applicable to custom rules with template type signature.
+
+
+ start + +
+ string +
+ 		+ +
Start pattern of the rule. Applicable to custom rules with template type start-end-patterns.
+
+
+ template + +
+ string +
+ 		+
    Choices: +
  • signature
    • +
  • start-end-patterns
    • +
  • custom
    • +
+ 		+
Type of template for the IntrusionPreventionRule. Applicable only to custom rules.
+
+
+ type + +
+ string +
+ 		+
    Choices: +
  • custom
    • +
  • smart
    • +
  • vulnerability
    • +
  • exploit
    • +
  • hidden
    • +
  • policy
    • +
  • info
    • +
+ 		+
Type of IntrusionPreventionRule.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • merged
    • +
  • replaced
    • +
  • deleted
    • +
  • gathered
    • +
+ Default:
"present"
+ 		+
The state the configuration should be left in
+
The state gathered will get the module API configuration from the device and transform it into structured data in the format as per the module argspec and the value is returned in the gathered key within the result.
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + # Using MERGED state + # ------------------- + + - name: Create Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: merged + config: + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + template: signature + signature: test_new_signature_1 + debug_mode_enabled: false + description: TEST IPR 2 DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 1 + priority: normal + severity: medium + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + template: signature + signature: test_new_signature_2 + debug_mode_enabled: false + description: TEST IPR 2 DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 2 + priority: normal + severity: medium + + # RUN output: + # ----------- + + # intrusion_prevention_rules: + # after: + # - action: drop + # alert_enabled: false + # always_include_packet_data: false + # application_type_id: 300 + # case_sensitive: false + # debug_mode_enabled: false + # description: TEST IPR 1 DESCRIPTION + # detect_only: false + # event_logging_disabled: false + # generate_event_on_packet_drop: true + # id: 8657 + # name: TEST IPR 1 + # priority: normal + # severity: medium + # signature: test_new_signature_1 + # template: signature + # - action: drop + # alert_enabled: false + # always_include_packet_data: false + # application_type_id: 300 + # case_sensitive: false + # debug_mode_enabled: false + # description: TEST IPR 2 DESCRIPTION + # detect_only: false + # event_logging_disabled: false + # generate_event_on_packet_drop: true + # id: 8658 + # name: TEST IPR 2 + # priority: normal + # severity: medium + # signature: test_new_signature_2 + # template: signature + # before: [] + + - name: Modify the severity of Integrity Monitoring Rule by name + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: merged + config: + - name: TEST IPR 2 + description: UPDATE TEST IPR 2 DESCRIPTION + severity: low + + # RUN output: + # ----------- + + # intrusion_prevention_rules: + # after: + # - action: drop + # alert_enabled: false + # always_include_packet_data: false + # application_type_id: 300 + # case_sensitive: false + # debug_mode_enabled: false + # description: UPDATE TEST IPR 2 DESCRIPTION + # detect_only: false + # event_logging_disabled: false + # generate_event_on_packet_drop: true + # id: 8658 + # name: TEST IPR 2 + # priority: normal + # severity: low + # signature: test_new_signature_2 + # template: signature + # before: + # - action: drop + # alert_enabled: false + # always_include_packet_data: false + # application_type_id: 300 + # case_sensitive: false + # debug_mode_enabled: false + # description: TEST IPR 2 DESCRIPTION + # detect_only: false + # event_logging_disabled: false + # generate_event_on_packet_drop: true + # id: 8658 + # name: TEST IPR 2 + # priority: normal + # severity: medium + # signature: test_new_signature_2 + # template: signature + + # Using REPLACED state + # -------------------- + + - name: Replace existing Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: replaced + config: + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + template: signature + signature: test_new_signature_1 + debug_mode_enabled: false + description: TEST IPR 1 REPLACE DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 1 + priority: normal + severity: low + + # RUN output: + # ----------- + + # intrusion_prevention_rules: + # after: + # - action: drop + # alert_enabled: false + # always_include_packet_data: false + # application_type_id: 300 + # case_sensitive: false + # debug_mode_enabled: false + # description: TEST IPR 1 REPLACE DESCRIPTION + # detect_only: false + # event_logging_disabled: false + # generate_event_on_packet_drop: true + # id: 8659 + # name: TEST IPR 1 + # priority: normal + # severity: low + # signature: test_new_signature_1 + # template: signature + # before: + # - action: drop + # alert_enabled: false + # always_include_packet_data: false + # application_type_id: 300 + # case_sensitive: false + # debug_mode_enabled: false + # description: TEST IPR 1 DESCRIPTION + # detect_only: false + # event_logging_disabled: false + # generate_event_on_packet_drop: true + # id: 8657 + # name: TEST IPR 1 + # priority: normal + # severity: medium + # signature: test_new_signature_1 + # template: signature + + # Using GATHERED state + # -------------------- + + - name: Gather Intrusion Prevention Rules by IPR names + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: gathered + config: + - name: TEST IPR 1 + - name: TEST IPR 2 + + # RUN output: + # ----------- + + # gathered: + # - action: drop + # alert_enabled: false + # always_include_packet_data: false + # application_type_id: 300 + # case_sensitive: false + # debug_mode_enabled: false + # description: TEST IPR 1 DESCRIPTION + # detect_only: false + # event_logging_disabled: false + # generate_event_on_packet_drop: true + # id: 8659 + # name: TEST IPR 1 + # priority: normal + # severity: medium + # signature: test_new_signature_1 + # template: signature + # - action: drop + # alert_enabled: false + # always_include_packet_data: false + # application_type_id: 300 + # case_sensitive: false + # debug_mode_enabled: false + # description: TEST IPR 2 DESCRIPTION + # detect_only: false + # event_logging_disabled: false + # generate_event_on_packet_drop: true + # id: 8658 + # name: TEST IPR 2 + # priority: normal + # severity: medium + # signature: test_new_signature_2 + # template: signature + + - name: Gather ALL of the Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: gathered + + # Using DELETED state + # ------------------- + + - name: Delete Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: deleted + config: + - name: TEST IPR 1 + - name: TEST IPR 2 + + # RUN output: + # ----------- + + # intrusion_prevention_rules: + # after: [] + # before: + # - action: drop + # alert_enabled: false + # always_include_packet_data: false + # application_type_id: 300 + # case_sensitive: false + # debug_mode_enabled: false + # description: TEST IPR 1 DESCRIPTION + # detect_only: false + # event_logging_disabled: false + # generate_event_on_packet_drop: true + # id: 8659 + # name: TEST IPR 1 + # priority: normal + # severity: medium + # signature: test_new_signature_1 + # template: signature + # - action: drop + # alert_enabled: false + # always_include_packet_data: false + # application_type_id: 300 + # case_sensitive: false + # debug_mode_enabled: false + # description: TEST IPR 2 DESCRIPTION + # detect_only: false + # event_logging_disabled: false + # generate_event_on_packet_drop: true + # id: 8658 + # name: TEST IPR 2 + # priority: normal + # severity: medium + # signature: test_new_signature_2 + # template: signature + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ after + +
+ list +
+ 		when changed +
The configuration as structured data after module completion.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
+
+
+ before + +
+ list +
+ 		always +
The configuration as structured data prior to module invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@justjais) " diff --git a/docs/trendmicro.deepsec.deepsec_intrusion_preventionrules_module.rst b/docs/trendmicro.deepsec.deepsec_intrusion_preventionrules_module.rst new file mode 100644 index 0000000..ab8dbc8 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_intrusion_preventionrules_module.rst @@ -0,0 +1,801 @@ +.. _trendmicro.deepsec.deepsec_intrusion_preventionrules_module: + + +**************************************************** +trendmicro.deepsec.deepsec_intrusion_preventionrules +**************************************************** + +**Create a new intrusion prevention rule.** + + +Version added: 1.0.0 + +.. contents:: + :local: + :depth: 1 + +DEPRECATED +---------- +:Removed in collection release after 2023-12-01 +:Why: Newer and updated modules released with more functionality +:Alternative: deepsec_intrusion_prevention_rules + + + +Synopsis +-------- +- This module creates a new intrusion preventin rul under TrendMicro Deep Security. + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ config + +
+ list + / elements=dictionary +
+ 		+ +
Intrusion prevention rules config
+
+
+ action + +
+ string +
+ 		+
    Choices: +
  • drop
    • +
  • log-only
    • +
+ 		+
Action to apply if the rule is triggered.
+
Applicable to custom rules with template type signature or start-end-patterns.
+
+
+ alert_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Enable to raise an alert when the rule logs an event.
+
Searchable as Boolean.
+
+
+ always_include_packet_data + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Enabled to include package data in the event logs.
+
Not available if event logging disabled is true.
+
Searchable as Boolean.
+
+
+ application_type_id + +
+ integer +
+ 		+ +
ID of the application type for the IntrusionPreventionRule.
+
Searchable as Numeric.
+
+
+ can_be_assigned_alone + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Intrusion prevention rule can be assigned by self.
+
Applicaple only with GET call
+
Not applicaple param with Create/Modify POST call
+
+
+ case_sensitive + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Enable to make signatures and patterns case sensitive.
+
Applicable to custom rules with template type signature or start-end-patterns.
+
+
+ condition + +
+ string +
+ 		+
    Choices: +
  • all
    • +
  • any
    • +
  • none
    • +
+ 		+
Condition to determine if the rule is triggered.
+
Applicable to custom rules with template type start-end-patterns.
+
+
+ context_id + +
+ integer +
+ 		+ +
ID of the context in which the rule is applied.
+
Searchable as Numeric.
+
+
+ custom_xml + +
+ string +
+ 		+ +
The custom XML used to define the rule.
+
Applicable to custom rules with template type custom.
+
+
+ cve + +
+ list + / elements=string +
+ 		+ +
List of CVEs associated with the IntrusionPreventionRule.
+
Searchable as String.
+
+
+ cvss_score + +
+ string +
+ 		+ +
A measure of the severity of the vulnerability according the National Vulnerability Database.
+
Searchable as String or as Numeric.
+
+
+ debug_mode_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Enable to log additional packets preceeding and following the packet that the rule detected.
+
Not available if event logging disabled is true.
+
Searchable as Boolean.
+
+
+ depends_on_rule_ids + +
+ list + / elements=integer +
+ 		+ +
IDs of intrusion prevention rules the rule depends on, which will be automatically assigned if this rule is assigned.
+
+
+ description + +
+ string +
+ 		+ +
Description of the IntrusionPreventionRule.
+
Searchable as String.
+
+
+ detect_only + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
In detect mode, the rule creates an event log and does not interfere with traffic.
+
+
+ end + +
+ string +
+ 		+ +
End pattern of the rule. Applicable to custom rules with template type start-end-patterns.
+
+
+ event_logging_disabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Enable to prevent event logs from being created when the rule is triggered.
+
Not available if detect only is true.
+
Searchable as Boolean.
+
+
+ generate_event_on_packet_drop + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Generate an event every time a packet is dropped for the rule.
+
Not available if event logging disabled is true.
+
Searchable as Boolean.
+
+
+ id + +
+ integer +
+ 		+ +
ID for the Intrusion prevention rule.
+
Applicaple only with GET call
+
Not applicaple param with Create/Modify POST call
+
+
+ identifier + +
+ string +
+ 		+ +
Identifier for the Intrusion prevention rule.
+
Applicaple only with GET call
+
Not applicaple param with Create/Modify POST call
+
+
+ last_updated + +
+ integer +
+ 		+ +
Timestamp of the last rule modification, in milliseconds since epoch.
+
Searchable as Date.
+
+
+ minimum_agent_version + +
+ string +
+ 		+ +
Version of the Deep Security agent or appliance required to support the rule.
+
Searchable as String.
+
+
+ name + +
+ string +
+ 		+ +
Name of the IntrusionPreventionRule.
+
Searchable as String.
+
+
+ original_issue + +
+ integer +
+ 		+ +
Timestamp of the date the rule was released, in milliseconds since epoch.
+
Searchable as Date.
+
+
+ patterns + +
+ list + / elements=string +
+ 		+ +
Body patterns of the rule, which must be found between start and end patterns.
+
Applicable to custom rules with template type start-end-patterns.
+
+
+ priority + +
+ string +
+ 		+
    Choices: +
  • lowest
    • +
  • low
    • +
  • normal
    • +
  • high
    • +
  • highest
    • +
+ 		+
Priority level of the rule. Higher priority rules are applied before lower priority rules.
+
Searchable as Choice.
+
+
+ recommendations_mode + +
+ string +
+ 		+
    Choices: +
  • enabled
    • +
  • ignored
    • +
  • unknown
    • +
  • disabled
    • +
+ 		+
Indicates whether recommendation scans consider the IntrusionPreventionRule.
+
Can be set to enabled or ignored. Custom rules cannot be recommended.
+
Searchable as Choice.
+
+
+ schedule_id + +
+ integer +
+ 		+ +
ID of the schedule which defines times during which the rule is active.
+
Searchable as Numeric.
+
+
+ severity + +
+ string +
+ 		+
    Choices: +
  • low
    • +
  • medium
    • +
  • high
    • +
  • critical
    • +
+ 		+
Severity level of the rule. Severity levels can be used as sorting criteria and affect event rankings.
+
Searchable as Choice.
+
+
+ signature + +
+ string +
+ 		+ +
Signature of the rule. Applicable to custom rules with template type signature.
+
+
+ start + +
+ string +
+ 		+ +
Start pattern of the rule. Applicable to custom rules with template type start-end-patterns.
+
+
+ template + +
+ string +
+ 		+
    Choices: +
  • signature
    • +
  • start-end-patterns
    • +
  • custom
    • +
+ 		+
Type of template for the IntrusionPreventionRule. Applicable only to custom rules.
+
+
+ type + +
+ string +
+ 		+
    Choices: +
  • custom
    • +
  • smart
    • +
  • vulnerability
    • +
  • exploit
    • +
  • hidden
    • +
  • policy
    • +
  • info
    • +
+ 		+
Type of IntrusionPreventionRule.
+
Searchable as Choice.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • present ←
    • +
  • absent
    • +
  • gathered
    • +
+ 		+
The state the configuration should be left in
+
The state gathered will get the module API configuration from the device and transform it into structured data in the format as per the module argspec and the value is returned in the gathered key within the result.
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + # Using PRESENT state + # ------------------- + + - name: Create Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_preventionrules: + state: present + config: + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + template: signature + signature: test_new_signature_1 + debug_mode_enabled: false + description: TEST IPR 2 DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 1 + priority: normal + severity: medium + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + template: signature + signature: test_new_signature_2 + debug_mode_enabled: false + description: TEST IPR 2 DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 2 + priority: normal + severity: medium + - name: Modify the severity of Integrity Monitoring Rule by name + trendmicro.deepsec.deepsec_intrusion_preventionrules: + state: present + config: + - name: TEST IPR 2 + severity: low + - name: Gather Intrusion Prevention Rules by IPR names + trendmicro.deepsec.deepsec_intrusion_preventionrules: + state: gathered + config: + - name: TEST IPR 1 + - name: TEST IPR 2 + - name: Gather ALL of the Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_preventionrules: + state: gathered + - name: Delete Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_preventionrules: + state: absent + config: + - name: TEST IPR 1 + - name: TEST IPR 2 + + + + +Status +------ + + +- This module will be removed in a release after 2023-12-01. *[deprecated]* +- For more information see `DEPRECATED`_. + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@justjais) " diff --git a/docs/trendmicro.deepsec.deepsec_log_inspection_rules_module.rst b/docs/trendmicro.deepsec.deepsec_log_inspection_rules_module.rst new file mode 100644 index 0000000..b61f463 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_log_inspection_rules_module.rst @@ -0,0 +1,1062 @@ +.. _trendmicro.deepsec.deepsec_log_inspection_rules_module: + + +*********************************************** +trendmicro.deepsec.deepsec_log_inspection_rules +*********************************************** + +**Manages Log Inspection Rule resource module** + + +Version added: 1.2.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Contains string matching and threshold to trigger alerts as well as group information for LogInspectionRules. + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ config + +
+ list + / elements=dictionary +
+ 		+ +
A dictionary of Log Inspection Rules options
+
+
+ alert_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to raise an alert when a LogInspectionRule logs an event. Use true to raise an alert. Searchable as Boolean.
+
+
+ alert_minimum_severity + +
+ integer +
+ 		+ +
Severity level that will trigger an alert. Ignored unless 'ruleXML' contains multiple rules with different severities, and so you must indicate which severity level to use. Searchable as Numeric.
+
+
+ can_be_assigned_alone + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Indicates whether this LogInspectionRule can be allocated without allocating any additional LogInspectionRules. Ignored if the rule is user-defined, which uses 'dependency' instead.
+
+
+ dependency + +
+ string +
+ 		+
    Choices: +
  • none
    • +
  • rule
    • +
  • group
    • +
+ 		+
Indicates if a dependant rule or dependency group is set or not. If set, the LogInspectionRule will only log an event if the dependency is triggered. Available for user-defined rules.
+
+
+ dependency_group + +
+ string +
+ 		+ +
If dependency is configured, the dependancy groups that this rule is dependant on.
+
+
+ dependency_rule_id + +
+ integer +
+ 		+ +
If dependency is configured, the ID of the rule that this rule is dependant on. Ignored if the rule is from Trend Micro, which uses 'dependsOnRuleIDs' instead.
+
+
+ depends_on_rule_ids + +
+ list + / elements=integer +
+ 		+ +
IDs of LogInspectionRules, separated by commas, that are required by this rule. Ignored if the rule is user-defined, which uses 'dependencyRuleID' or 'dependencyGroup' instead.
+
+
+ description + +
+ string +
+ 		+ +
Description of the LogInspectionRule that appears in search results, and on the General tab in the Deep Security Manager user interface. Searchable as String.
+
+
+ frequency + +
+ integer +
+ 		+ +
Number of times the dependant rule has to match within a specific time frame before the rule is triggered.
+
+
+ groups + +
+ list + / elements=string +
+ 		+ +
Groups that the LogInspectionRule is assigned to, separated by commas. Useful when dependency is used as it's possible to create a LogInspectionRule that fires when another LogInspectionRule belonging to a specific group fires.
+
+
+ id + +
+ integer +
+ 		+ +
ID of the LogInspectionRule. This number is set automatically. Searchable as ID.
+
+
+ identifier + +
+ string +
+ 		+ +
Indentifier of the LogInspectionRule used in the Deep Security Manager user interface. Searchable as String.
+
+
+ last_updated + +
+ integer +
+ 		+ +
Update timestamp of the LogInspectionRule, measured in milliseconds since epoch. Searchable as Date.
+
+
+ level + +
+ integer +
+ 		+ +
Log level of the LogInspectionRule indicates severity of attack. Level 0 is the least severe and will not log an event. Level 15 is the most severe.
+
+
+ log_files + +
+ dictionary +
+ 		+ +
Log file objects
+
+
+ log_files + +
+ list + / elements=dictionary +
+ 		+ +
Array of objects (logFile)
+
+
+ format + +
+ string +
+ 		+
    Choices: +
  • syslog
    • +
  • snort-full
    • +
  • snort-fast
    • +
  • apache
    • +
  • iis
    • +
  • squid
    • +
  • nmapg
    • +
  • mysql-log
    • +
  • postgresql-log
    • +
  • dbj-multilog
    • +
  • eventlog
    • +
  • single-line-text-log
    • +
+ 		+
Structure of the data in the log file. The application that generates the log file defines the structure of the data.
+
+
+ location + +
+ string +
+ 		+ +
File path of the log file.
+
+
+ minimum_agent_version + +
+ string +
+ 		+ +
Minimum Deep Security Agent version required by the LogInspectionRule. Searchable as String.
+
+
+ minimum_manager_version + +
+ string +
+ 		+ +
Minimumn Deep Security Manager version required by the LogInspectionRule. Searchable as String.
+
+
+ name + +
+ string +
+ 		+ +
Name of the LogInspectionRule. Searchable as String.
+
+
+ original_issue + +
+ integer +
+ 		+ +
Creation timestamp of the LogInspectionRule, measured in milliseconds since epoch. Searchable as Date.
+
+
+ pattern + +
+ string +
+ 		+ +
Regular expression pattern the LogInspectionRule will look for in the logs. The rule will be triggered on a match. Open Source HIDS SEcurity (OSSEC) regular expression syntax is supported, see http://www.ossec.net/docs/syntax/regex.html.
+
+
+ pattern_type + +
+ string +
+ 		+
    Choices: +
  • string
    • +
  • regex
    • +
+ 		+
Pattern the LogInspectionRule will look for in the logs. The string matching pattern is faster than the regex pattern.
+
+
+ recommendations_mode + +
+ string +
+ 		+
    Choices: +
  • enabled
    • +
  • ignored
    • +
  • unknown
    • +
  • disabled
    • +
+ 		+
Indicates whether recommendation scans consider the LogInspectionRule. Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable as Choice.
+
+
+ rule_description + +
+ string +
+ 		+ +
Description of the LogInspectionRule that appears on events and the Content tab in the Deep Security Manager user interface. Alternatively, you can configure this by inserting a description in 'ruleXML'.
+
+
+ rule_id + +
+ integer +
+ 		+ +
ID of the LogInspectionRule sent to the Deep Security Agent. The values 100000 - 109999 are reserved for user-definded rules.
+
+
+ rule_xml + +
+ string +
+ 		+ +
LogInspectionRule in an XML format. For information on the XML format, see http://ossec-docs.readthedocs.io/en/latest/syntax/head_rules.html
+
+
+ sort_order + +
+ integer +
+ 		+ +
Order in which LogInspectionRules are sent to the Deep Security Agent. Log inspeciton rules are sent in ascending order. Valid values are between 10000 and 20000.
+
+
+ template + +
+ string +
+ 		+
    Choices: +
  • basic-rule
    • +
  • custom
    • +
+ 		+
Template used to create this rule.
+
+
+ time_frame + +
+ integer +
+ 		+ +
Time period for the frequency of LogInspectionRule triggers that will generate an event, in seconds.
+
+
+ type + +
+ string +
+ 		+ +
Type of the LogInspectionRule. The value 'Defined' is used for LogInspectionRules provided by Trend Micro. Searchable as String.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • merged
    • +
  • replaced
    • +
  • overridden
    • +
  • gathered
    • +
  • deleted
    • +
+ 		+
The state the configuration should be left in
+
The state gathered will get the module API configuration from the device and transform it into structured data in the format as per the module argspec and the value is returned in the gathered key within the result.
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + # Using MERGED state + # ------------------- + + - name: Create Log Inspection Rules + trendmicro.deepsec.deepsec_log_inspection_rules: + state: merged + config: + - name: custom log_rule for mysqld event + description: MYSQLD description + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100001 + rule_description: sqld rule description + groups: + - test + alert_minimum_severity: 4 + alert_enabled: true + log_files: + log_files: + - location: /var/log/mysqld.log + format: mysql-log + - name: custom log_rule for daemon event + description: DAEMON description + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100002 + rule_description: deamon rule description + groups: + - test + alert_minimum_severity: 3 + alert_enabled: true + log_files: + log_files: + - location: /var/log/daemon.log + format: eventlog + + # RUN output: + # ----------- + + # log_inspection_rules: + # after: + # - alert_enabled: true + # alert_minimum_severity: 4 + # dependency: none + # description: MYSQLD description + # groups: + # - test + # id: 179 + # level: 0 + # log_files: + # log_files: + # - format: mysql-log + # location: /var/log/mysqld.log + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: custom log_rule for mysqld event + # pattern: name + # pattern_type: string + # rule_description: sqld rule description + # rule_id: 100001 + # sort_order: 15000 + # template: basic-rule + # - alert_enabled: true + # alert_minimum_severity: 3 + # dependency: none + # description: DAEMON description + # groups: + # - test + # id: 180 + # level: 0 + # log_files: + # log_files: + # - format: eventlog + # location: /var/log/daemon.log + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: custom log_rule for daemon event + # pattern: name + # pattern_type: string + # rule_description: deamon rule description + # rule_id: 100002 + # sort_order: 15000 + # template: basic-rule + # before: [] + + - name: Modify the Pattern type of Log Inspection Rule by name + trendmicro.deepsec.deepsec_log_inspection_rules: + state: merged + config: + - name: custom log_rule for mysqld event + description: UPDATE pattern type for mysqld log event + pattern: name + pattern_type: regex + log_files: + log_files: + - location: /var/log/messages + format: syslog + + # RUN output: + # ----------- + + # log_inspection_rules: + # after: + # - alert_enabled: true + # alert_minimum_severity: 4 + # dependency: none + # description: UPDATE pattern type for mysqld log event + # groups: + # - test + # id: 179 + # level: 0 + # log_files: + # log_files: + # - format: mysql-log + # location: /var/log/mysqld.log + # - format: syslog + # location: /var/log/messages + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: custom log_rule for mysqld event + # pattern: name + # pattern_type: regex + # rule_description: sqld rule description + # rule_id: 100001 + # sort_order: 15000 + # template: basic-rule + # before: + # - alert_enabled: true + # alert_minimum_severity: 4 + # dependency: none + # description: MYSQLD description + # groups: + # - test + # id: 179 + # level: 0 + # log_files: + # log_files: + # - format: mysql-log + # location: /var/log/mysqld.log + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: custom log_rule for mysqld event + # pattern: name + # pattern_type: string + # rule_description: sqld rule description + # rule_id: 100001 + # sort_order: 15000 + # template: basic-rule + + # Using REPLACED state + # -------------------- + + - name: Replace existing Log Inspection Rules + trendmicro.deepsec.deepsec_log_inspection_rules: + state: replaced + config: + - name: custom log_rule for daemon event + description: REPLACED log daemon event + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100003 + rule_description: daemon rule description + groups: + - test + alert_minimum_severity: 5 + alert_enabled: true + log_files: + log_files: + - location: /var/log/messages + format: syslog + + # RUN output: + # ----------- + + # log_inspection_rules: + # after: + # - alert_enabled: true + # alert_minimum_severity: 5 + # dependency: none + # description: REPLACED log daemon event + # groups: + # - test + # id: 181 + # level: 0 + # log_files: + # log_files: + # - format: syslog + # location: /var/log/messages + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: custom log_rule for daemon event + # pattern: name + # pattern_type: string + # rule_description: daemon rule description + # rule_id: 100003 + # sort_order: 15000 + # template: basic-rule + # before: + # - alert_enabled: true + # alert_minimum_severity: 3 + # dependency: none + # description: DAEMON description + # groups: + # - test + # id: 180 + # level: 0 + # log_files: + # log_files: + # - format: eventlog + # location: /var/log/daemon.log + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: custom log_rule for daemon event + # pattern: name + # pattern_type: string + # rule_description: deamon rule description + # rule_id: 100002 + # sort_order: 15000 + # template: basic-rule + + # Using GATHERED state + # -------------------- + + - name: Gather Log Inspection Rules by IPR names + trendmicro.deepsec.deepsec_log_inspection_rules: + state: gathered + config: + - name: custom log_rule for mysqld event + - name: custom log_rule for daemon event + + # RUN output: + # ----------- + + # gathered: + # - alert_enabled: true + # alert_minimum_severity: 4 + # dependency: none + # description: UPDATE pattern type for mysqld log event + # groups: + # - test + # id: 179 + # level: 0 + # log_files: + # log_files: + # - format: mysql-log + # location: /var/log/mysqld.log + # - format: syslog + # location: /var/log/messages + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: custom log_rule for mysqld event + # pattern: name + # pattern_type: regex + # rule_description: sqld rule description + # rule_id: 100001 + # sort_order: 15000 + # template: basic-rule + # - alert_enabled: true + # alert_minimum_severity: 5 + # dependency: none + # description: REPLACED log daemon event + # groups: + # - test + # id: 181 + # level: 0 + # log_files: + # log_files: + # - format: syslog + # location: /var/log/messages + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: custom log_rule for daemon event + # pattern: name + # pattern_type: string + # rule_description: daemon rule description + # rule_id: 100003 + # sort_order: 15000 + # template: basic-rule + + - name: Gather ALL of the Log Inspection Rules + trendmicro.deepsec.deepsec_log_inspection_rules: + state: gathered + + # Using DELETED state + # ------------------- + + - name: Delete Log Inspection Rules + trendmicro.deepsec.deepsec_log_inspection_rules: + state: deleted + config: + - name: custom log_rule for mysqld event + - name: custom log_rule for daemon event + + # RUN output: + # ----------- + + # log_inspection_rules: + # after: [] + # before: + # - alert_enabled: true + # alert_minimum_severity: 4 + # dependency: none + # description: UPDATE pattern type for mysqld log event + # groups: + # - test + # id: 179 + # level: 0 + # log_files: + # log_files: + # - format: mysql-log + # location: /var/log/mysqld.log + # - format: syslog + # location: /var/log/messages + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: custom log_rule for mysqld event + # pattern: name + # pattern_type: regex + # rule_description: sqld rule description + # rule_id: 100001 + # sort_order: 15000 + # template: basic-rule + # - alert_enabled: true + # alert_minimum_severity: 5 + # dependency: none + # description: REPLACED log daemon event + # groups: + # - test + # id: 181 + # level: 0 + # log_files: + # log_files: + # - format: syslog + # location: /var/log/messages + # minimum_agent_version: 6.0.0.0 + # minimum_manager_version: 6.0.0 + # name: custom log_rule for daemon event + # pattern: name + # pattern_type: string + # rule_description: daemon rule description + # rule_id: 100003 + # sort_order: 15000 + # template: basic-rule + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ after + +
+ list +
+ 		when changed +
The configuration as structured data after module completion.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
+
+
+ before + +
+ list +
+ 		always +
The configuration as structured data prior to module invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@justjais) diff --git a/docs/trendmicro.deepsec.deepsec_log_inspectionrules_module.rst b/docs/trendmicro.deepsec.deepsec_log_inspectionrules_module.rst new file mode 100644 index 0000000..b43d028 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_log_inspectionrules_module.rst @@ -0,0 +1,629 @@ +.. _trendmicro.deepsec.deepsec_log_inspectionrules_module: + + +********************************************** +trendmicro.deepsec.deepsec_log_inspectionrules +********************************************** + +**Create a new log inspection rule.** + + +Version added: 1.0.0 + +.. contents:: + :local: + :depth: 1 + +DEPRECATED +---------- +:Removed in collection release after 2023-12-01 +:Why: Newer and updated modules released with more functionality +:Alternative: deepsec_log_inspection_rules + + + +Synopsis +-------- +- This module creates a new log inspection rule under TrendMicro Deep Security. + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ alert_enabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Controls whether to raise an alert when a LogInspectionRule logs an event. Use true to raise an alert.
+
+
+ alert_minimum_severity + +
+ integer +
+ 		+ +
Severity level that will trigger an alert. Ignored unless ruleXML contains multiple rules with different severities, and so you must indicate which severity level to use.
+
+
+ can_be_assigned_alone + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Indicates whether this LogInspectionRule can be allocated without allocating any additional LogInspectionRules. Ignored if the rule is user-defined, which uses dependency instead.
+
+
+ dependency + +
+ string +
+ 		+
    Choices: +
  • none
    • +
  • rule
    • +
  • group
    • +
+ 		+
Indicates if a dependant rule or dependency group is set or not. If set, the LogInspectionRule will only log an event if the dependency is triggered. Available for user-defined rules.
+
+
+ dependency_group + +
+ string +
+ 		+ +
If dependency is configured, the dependancy groups that this rule is dependant on.
+
+
+ dependency_rule_id + +
+ integer +
+ 		+ +
If dependency is configured, the ID of the rule that this rule is dependant on. Ignored if the rule is from Trend Micro, which uses dependsOnRuleIDs instead.
+
+
+ depends_onrule_id + +
+ list + / elements=string +
+ 		+ +
IDs of LogInspectionRules, separated by commas, that are required by this rule. Ignored if the rule is user-defined which uses dependency_rule_id or dependency_group instead.
+
+
+ description + +
+ string +
+ 		+ +
Description of the LogInspectionRule that appears in search results, and on the General tab in the Deep Security Manager user interface.
+
+
+ frequency + +
+ integer +
+ 		+ +
Number of times the dependant rule has to match within a specific time frame before the rule is triggered.
+
+
+ groups + +
+ list + / elements=string +
+ 		+ +
Groups that the LogInspectionRule is assigned to, separated by commas. Useful when dependency is used as it's possible to create a LogInspectionRule that fires when another LogInspectionRule belonging to a specific group fires.
+
+
+ identifier + +
+ string +
+ 		+ +
Indentifier of the LogInspectionRule used in the Deep Security Manager user interface.
+
+
+ last_updated + +
+ integer +
+ 		+ +
Update timestamp of the LogInspectionRule, measured in milliseconds since epoch.
+
+
+ level + +
+ integer +
+ 		+ +
Log level of the LogInspectionRule indicates severity of attack. Level 0 is the least severe and will not log an event. Level 15 is the most severe.
+
+
+ log_files + +
+ dictionary +
+ 		+ +
Log file objects
+
+
+ log_files + +
+ list + / elements=dictionary +
+ 		+ +
Array of objects (logFile)
+
+
+ format + +
+ string +
+ 		+
    Choices: +
  • syslog
    • +
  • snort-full
    • +
  • snort-fast
    • +
  • apache
    • +
  • iis
    • +
  • squid
    • +
  • nmapg
    • +
  • mysql-log
    • +
  • postgresql-log
    • +
  • dbj-multilog
    • +
  • eventlog
    • +
  • single-line-text-log
    • +
+ 		+
Structure of the data in the log file. The application that generates the log file defines the structure of the data.
+
+
+ location + +
+ string +
+ 		+ +
File path of the log file.
+
+
+ minimum_agent_version + +
+ string +
+ 		+ +
Minimum Deep Security Agent version required by the LogInspectionRule.
+
+
+ minimum_manager_version + +
+ string +
+ 		+ +
Minimumn Deep Security Manager version required by the LogInspectionRule.
+
+
+ name + +
+ string + / required +
+ 		+ +
Name of the LogInspectionRule.
+
+
+ original_issue + +
+ integer +
+ 		+ +
Creation timestamp of the LogInspectionRule, measured in milliseconds since epoch.
+
+
+ pattern + +
+ string +
+ 		+ +
Regular expression pattern the LogInspectionRule will look for in the logs. The rule will be triggered on a match. Open Source HIDS SEcurity (OSSEC) regular expression syntax is supported, see http://www.ossec.net/docs/syntax/regex.html.
+
+
+ pattern_type + +
+ string +
+ 		+
    Choices: +
  • string
    • +
  • regex
    • +
+ 		+
Pattern the LogInspectionRule will look for in the logs. The string matching pattern is faster than the regex pattern.
+
+
+ recommendations_mode + +
+ string +
+ 		+
    Choices: +
  • enabled
    • +
  • ignored
    • +
  • unknown
    • +
  • disabled
    • +
+ 		+
Indicates whether recommendation scans consider the LogInspectionRule. Can be set to enabled or ignored. Custom rules cannot be recommended.
+
+
+ rule_description + +
+ string +
+ 		+ +
Description of the LogInspectionRule that appears on events and the Content tab in the Deep Security Manager user interface. Alternatively, you can configure this by inserting a description in 'rule_xml'.
+
+
+ rule_id + +
+ integer +
+ 		+ +
ID of the LogInspectionRule sent to the Deep Security Agent. The values 100000 - 109999 are reserved for user-definded rules.
+
+
+ rule_xml + +
+ string +
+ 		+ +
LogInspectionRule in an XML format. For information on the XML format, see http://ossec-docs.readthedocs.io/en/latest/syntax/head_rules.html
+
+
+ sort_order + +
+ integer +
+ 		+ +
Order in which LogInspectionRules are sent to the Deep Security Agent. Log inspeciton rules are sent in ascending order. Valid values are between 10000 and 20000.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • present ←
    • +
  • absent
    • +
+ 		+
The state the configuration should be left in
+
+
+ template + +
+ string +
+ 		+
    Choices: +
  • basic-rule
    • +
  • custom
    • +
+ 		+
Template used to create this rule.
+
+
+ time_frame + +
+ integer +
+ 		+ +
Time period for the frequency of LogInspectionRule triggers that will generate an event, in seconds.
+
+
+ type + +
+ string +
+ 		+ +
Type of the LogInspectionRule. The value 'Defined' is used for LogInspectionRules provided by Trend Micro.
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + - name: Create a new log inspection rule + trendmicro.deepsec.deepsec_log_inspectionrules: + state: present + name: custom log_rule for mysqld event + description: some description + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100001 + rule_description: test rule description + groups: + - test + alert_minimum_severity: 4 + alert_enabled: true + log_files: + log_files: + - location: /var/log/mysqld.log + format: mysql-log + - name: Delete/Remove the existing log inspection rule + trendmicro.deepsec.deepsec_log_inspectionrules: + state: absent + name: custom log_rule for mysqld event + + + + +Status +------ + + +- This module will be removed in a release after 2023-12-01. *[deprecated]* +- For more information see `DEPRECATED`_. + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@justjais) diff --git a/docs/trendmicro.deepsec.deepsec_syslog_module.rst b/docs/trendmicro.deepsec.deepsec_syslog_module.rst new file mode 100644 index 0000000..bf3cf94 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_syslog_module.rst @@ -0,0 +1,306 @@ +.. _trendmicro.deepsec.deepsec_syslog_module: + + +********************************* +trendmicro.deepsec.deepsec_syslog +********************************* + +**Configure or create a syslog configuration for TrendMicro Deep Security** + + +Version added: 1.0.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Configure or create a syslog configuration for TrendMicro Deep Security + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ certificate_chain + +
+ list + / elements=string +
+ 		+ +
The identity certificate chain the Deep Security Manager will use when it contacts the syslog server over TLS.
+
The identity certificate must be the first certificate in the list, followed by the certificate for the issuing certificate authority (if any) and continuing up the issuer chain.
+
The root certificate authority's certificate does not need to be included.
+
Each element in the list will be an unencrypted PEM-encoded certificate.
+
+
+ description + +
+ string +
+ 		+ +
The description for this syslog configuration.
+
+
+ direct + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
The "direct delivery from agent to syslog server" flag
+
+
+ event_format + +
+ string +
+ 		+
    Choices: +
  • standard
    • +
  • cef ←
    • +
  • leef
    • +
+ 		+
The event format to use when sending syslog messages.
+
+
+ facility + +
+ string +
+ 		+
    Choices: +
  • kernel
    • +
  • user
    • +
  • mail
    • +
  • daemon
    • +
  • authorization
    • +
  • syslog
    • +
  • printer
    • +
  • news
    • +
  • uucp
    • +
  • clock
    • +
  • authpriv
    • +
  • ftp
    • +
  • ntp
    • +
  • log-audit
    • +
  • log-alert
    • +
  • cron
    • +
  • local0 ←
    • +
  • local1
    • +
  • local2
    • +
  • local3
    • +
  • local4
    • +
  • local5
    • +
  • local6
    • +
  • local7
    • +
+ 		+
The facility value to send with each syslog message.
+
+
+ id + +
+ string +
+ 		+ +
The ID of the syslog configuration (when editing an existing configuration).
+
+
+ name + +
+ string +
+ 		+ +
The name for this syslog configuration.
+
+
+ port + +
+ integer +
+ 		+ Default:
514
+ 		+
The destination port for syslog messages.
+
+
+ private_key + +
+ string +
+ 		+ +
The private key the Deep Security Manager will use when it contacts the syslog server over TLS.
+
The private key must be an RSA key in PEM-encoded PKCS#1 or PKCS#8 format.
+
To prevent accidental disclosure of the private key, the Deep Security Manager will not return this value; therefore Ansible does not have access to it and it can only be used to set the private key.
+
+
+ server + +
+ string +
+ 		+ +
The destination server for syslog messages.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • present ←
    • +
  • absent
    • +
  • gathered
    • +
+ 		+
The state the configuration should be left in
+
The state gathered will make a get call to the module API and transform it into structured data in the format as per the resource module argspec and the value is returned in the gathered key within the result.
+
+
+ transport + +
+ string +
+ 		+
    Choices: +
  • udp ←
    • +
  • tcp
    • +
  • tls
    • +
+ 		+
The transport to use when sending syslog messages.
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + - name: Create/Config a new Syslog Config + trendmicro.deepsec.deepsec_syslog: + state: present + name: TEST_SYSLOG + facility: local0 + event_format: leef + direct: false + server: 192.0.2.1 + port: 514 + transport: udp + description: Syslog Api request from Ansible + - name: Delete/Remove the existing Syslog Config + trendmicro.deepsec.deepsec_syslog: + state: absent + name: TEST_SYSLOG + + + + +Status +------ + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@justjais) diff --git a/docs/trendmicro.deepsec.deepsec_system_settings_module.rst b/docs/trendmicro.deepsec.deepsec_system_settings_module.rst new file mode 100644 index 0000000..97ade69 --- /dev/null +++ b/docs/trendmicro.deepsec.deepsec_system_settings_module.rst @@ -0,0 +1,7378 @@ +.. _trendmicro.deepsec.deepsec_system_settings_module: + + +****************************************** +trendmicro.deepsec.deepsec_system_settings +****************************************** + +**Modify the system settings for TrendMicro Deep Security.** + + +Version added: 1.1.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module modifies system settings under TrendMicro Deep Security. + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ config + +
+ dictionary +
+ 		+ +
System settings config
+
+
+ anti_malware_setting_event_email_body_template + +
+ dictionary +
+ 		+ +
anti malware setting event email body template
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ anti_malware_setting_event_email_enabled + +
+ dictionary +
+ 		+ +
anti malware setting event email enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ anti_malware_setting_event_email_recipients + +
+ dictionary +
+ 		+ +
anti malware setting event email recipients
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ anti_malware_setting_event_email_subject + +
+ dictionary +
+ 		+ +
anti malware setting event email subject
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ anti_malware_setting_retain_event_duration + +
+ dictionary +
+ 		+ +
anti malware setting retain event duration
+
+
+ value + +
+ string +
+ 		+ Default:
"7 Days"
+ 		+
Value of a Setting.
+
+
+ application_control_setting_retain_event_duration + +
+ dictionary +
+ 		+ +
application control setting retain event duration
+
+
+ value + +
+ string +
+ 		+ Default:
"7 Days"
+ 		+
Value of a Setting.
+
+
+ application_control_setting_serve_rulesets_from_relays_enabled + +
+ dictionary +
+ 		+ +
application control setting serve rulesets from relays enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ firewall_setting_event_rank_severity_deny + +
+ dictionary +
+ 		+ +
firewall setting event rank severity deny
+
+
+ value + +
+ string +
+ 		+ Default:
"100"
+ 		+
Value of a Setting.
+
+
+ firewall_setting_event_rank_severity_log_only + +
+ dictionary +
+ 		+ +
firewall setting event rank severity log only
+
+
+ value + +
+ string +
+ 		+ Default:
"1"
+ 		+
Value of a Setting.
+
+
+ firewall_setting_event_rank_severity_packet_rejection + +
+ dictionary +
+ 		+ +
firewall setting event rank severity packet rejection
+
+
+ value + +
+ string +
+ 		+ Default:
"50"
+ 		+
Value of a Setting.
+
+
+ firewall_setting_global_stateful_config_id + +
+ dictionary +
+ 		+ +
firewall setting global stateful config id
+
+
+ value + +
+ string +
+ 		+ Default:
"0"
+ 		+
Value of a Setting.
+
+
+ firewall_setting_internet_connectivity_test_expected_content_regex + +
+ dictionary +
+ 		+ +
firewall setting internet connectivity test expected content regex
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ firewall_setting_internet_connectivity_test_interval + +
+ dictionary +
+ 		+ +
firewall setting internet connectivity test interval
+
+
+ value + +
+ string +
+ 		+ Default:
"10 Seconds"
+ 		+
Value of a Setting.
+
+
+ firewall_setting_internet_connectivity_test_url + +
+ dictionary +
+ 		+ +
firewall setting internet connectivity test url
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ firewall_setting_intranet_connectivity_test_expected_content_regex + +
+ dictionary +
+ 		+ +
firewall setting intranet connectivity test expected content regex
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ firewall_setting_intranet_connectivity_test_url + +
+ dictionary +
+ 		+ +
firewall setting intranet connectivity test url
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ firewall_setting_retain_event_duration + +
+ dictionary +
+ 		+ +
firewall setting retain event duration
+
+
+ value + +
+ string +
+ 		+ Default:
"7 Days"
+ 		+
Value of a Setting.
+
+
+ integrity_monitoring_setting_event_rank_severity_critical + +
+ dictionary +
+ 		+ +
integrity monitoring setting event rank severity critical
+
+
+ value + +
+ string +
+ 		+ Default:
"100"
+ 		+
Value of a Setting.
+
+
+ integrity_monitoring_setting_event_rank_severity_high + +
+ dictionary +
+ 		+ +
integrity monitoring setting event rank severity high
+
+
+ value + +
+ string +
+ 		+ Default:
"50"
+ 		+
Value of a Setting.
+
+
+ integrity_monitoring_setting_event_rank_severity_low + +
+ dictionary +
+ 		+ +
integrity monitoring setting event rank severity low
+
+
+ value + +
+ string +
+ 		+ Default:
"1"
+ 		+
Value of a Setting.
+
+
+ integrity_monitoring_setting_event_rank_severity_medium + +
+ dictionary +
+ 		+ +
integrity monitoring setting event rank severity medium
+
+
+ value + +
+ string +
+ 		+ Default:
"25"
+ 		+
Value of a Setting.
+
+
+ integrity_monitoring_setting_retain_event_duration + +
+ dictionary +
+ 		+ +
integrity monitoring setting retain event duration
+
+
+ value + +
+ string +
+ 		+ Default:
"7 Days"
+ 		+
Value of a Setting.
+
+
+ intrusion_prevention_setting_event_rank_severity_filter_critical + +
+ dictionary +
+ 		+ +
intrusion prevention setting event rank severity filter critical
+
+
+ value + +
+ string +
+ 		+ Default:
"100"
+ 		+
Value of a Setting.
+
+
+ intrusion_prevention_setting_event_rank_severity_filter_error + +
+ dictionary +
+ 		+ +
intrusion prevention setting event rank severity filter error
+
+
+ value + +
+ string +
+ 		+ Default:
"100"
+ 		+
Value of a Setting.
+
+
+ intrusion_prevention_setting_event_rank_severity_filter_high + +
+ dictionary +
+ 		+ +
intrusion prevention setting event rank severity filter high
+
+
+ value + +
+ string +
+ 		+ Default:
"50"
+ 		+
Value of a Setting.
+
+
+ intrusion_prevention_setting_event_rank_severity_filter_low + +
+ dictionary +
+ 		+ +
intrusion prevention setting event rank severity filter low
+
+
+ value + +
+ string +
+ 		+ Default:
"1"
+ 		+
Value of a Setting.
+
+
+ intrusion_prevention_setting_event_rank_severity_filter_medium + +
+ dictionary +
+ 		+ +
intrusion prevention setting event rank severity filter medium
+
+
+ value + +
+ string +
+ 		+ Default:
"25"
+ 		+
Value of a Setting.
+
+
+ intrusion_prevention_setting_retain_event_duration + +
+ dictionary +
+ 		+ +
intrusion prevention setting retain event duration
+
+
+ value + +
+ string +
+ 		+ Default:
"7 Days"
+ 		+
Value of a Setting.
+
+
+ log_inspection_setting_event_rank_severity_critical + +
+ dictionary +
+ 		+ +
log inspection setting event rank severity critical
+
+
+ value + +
+ string +
+ 		+ Default:
"100"
+ 		+
Value of a Setting.
+
+
+ log_inspection_setting_event_rank_severity_high + +
+ dictionary +
+ 		+ +
log inspection setting event rank severity high
+
+
+ value + +
+ string +
+ 		+ Default:
"50"
+ 		+
Value of a Setting.
+
+
+ log_inspection_setting_event_rank_severity_low + +
+ dictionary +
+ 		+ +
log inspection setting event rank severity low
+
+
+ value + +
+ string +
+ 		+ Default:
"1"
+ 		+
Value of a Setting.
+
+
+ log_inspection_setting_event_rank_severity_medium + +
+ dictionary +
+ 		+ +
log inspection setting event rank severity medium
+
+
+ value + +
+ string +
+ 		+ Default:
"25"
+ 		+
Value of a Setting.
+
+
+ log_inspection_setting_retain_event_duration + +
+ dictionary +
+ 		+ +
log inspection setting retain event duration
+
+
+ value + +
+ string +
+ 		+ Default:
"7 Days"
+ 		+
Value of a Setting.
+
+
+ name + +
+ list + / elements=string +
+ 		+ +
System Settings name
+
+
+ platform_setting_active_sessions_max + +
+ dictionary +
+ 		+ +
platform setting active sessions max
+
+
+ value + +
+ string +
+ 		+ Default:
"10"
+ 		+
Value of a Setting.
+
+
+ platform_setting_active_sessions_max_exceeded_action + +
+ dictionary +
+ 		+ +
platform setting active sessions max exceeded action
+
+
+ value + +
+ string +
+ 		+ Default:
"Block new sessions"
+ 		+
Value of a Setting.
+
+
+ platform_setting_agent_initiated_activation_duplicate_hostname_mode + +
+ dictionary +
+ 		+ +
platform setting agent initiated activation duplicate hostname mode
+
+
+ value + +
+ string +
+ 		+ Default:
"Re-activate the existing Computer"
+ 		+
Value of a Setting.
+
+
+ platform_setting_agent_initiated_activation_enabled + +
+ dictionary +
+ 		+ +
platform setting agent initiated activation enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"For any computers"
+ 		+
Value of a Setting.
+
+
+ platform_setting_agent_initiated_activation_policy_id + +
+ dictionary +
+ 		+ +
platform setting agent initiated activation policy id
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_agent_initiated_activation_reactivate_cloned_enabled + +
+ dictionary +
+ 		+ +
platform setting agent initiated activation reactivate cloned enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_agent_initiated_activation_reactivate_unknown_enabled + +
+ dictionary +
+ 		+ +
platform setting agent initiated activation reactivate unknown enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_agent_initiated_activation_specify_hostname_enabled + +
+ dictionary +
+ 		+ +
platform setting agent initiated activation specify hostname enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_agent_initiated_activation_token + +
+ dictionary +
+ 		+ +
platform setting agent initiated activation token
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_agent_initiated_activation_within_ip_list_id + +
+ dictionary +
+ 		+ +
platform setting agent initiated activation within ip list id
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_agentless_vcloud_protection_enabled + +
+ dictionary +
+ 		+ +
platform setting agentless vcloud protection enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_alert_agent_update_pending_threshold + +
+ dictionary +
+ 		+ +
platform setting alert agent update pending threshold
+
+
+ value + +
+ string +
+ 		+ Default:
"7 Days"
+ 		+
Value of a Setting.
+
+
+ platform_setting_alert_default_email_address + +
+ dictionary +
+ 		+ +
platform setting alert default email address
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_allow_packet_data_capture_in_network_events + +
+ dictionary +
+ 		+ +
platform setting that allows packet data capture in network_events
+
Applicaple only with GET call
+
Not applicaple param with Create/Modify POST call
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_api_soap_web_service_enabled + +
+ dictionary +
+ 		+ +
platform setting api soap web service enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_api_status_monitoring_enabled + +
+ dictionary +
+ 		+ +
platform setting api status monitoring enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_aws_external_id_retrieval_enabled + +
+ dictionary +
+ 		+ +
platform setting aws external id retrieval enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_aws_manager_identity_access_key + +
+ dictionary +
+ 		+ +
platform setting aws manager identity access key
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_aws_manager_identity_secret_key + +
+ dictionary +
+ 		+ +
platform setting aws manager identity secret key
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_aws_manager_identity_use_instance_role_enabled + +
+ dictionary +
+ 		+ +
platform setting aws manager identity use instance role enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_azure_sso_certificate + +
+ dictionary +
+ 		+ +
platform setting azure sso certificate
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_capture_encrypted_traffic_enabled + +
+ dictionary +
+ 		+ +
platform setting capture encrypted traffic enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_connected_threat_defense_control_manager_manual_source_api_key + +
+ dictionary +
+ 		+ +
platform setting connected threat defense control manager manual source api key
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_connected_threat_defense_control_manager_manual_source_server_url + +
+ dictionary +
+ 		+ +
platform setting connected threat defense control manager manual source server url
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_connected_threat_defense_control_manager_proxy_id + +
+ dictionary +
+ 		+ +
platform setting connected threat defense control manager proxy id
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_connected_threat_defense_control_manager_source_option + +
+ dictionary +
+ 		+ +
platform setting connected threat defense control manager source option
+
+
+ value + +
+ string +
+ 		+ Default:
"Manually select an Apex Central server"
+ 		+
Value of a Setting.
+
+
+ platform_setting_connected_threat_defense_control_manager_suspicious_object_list_comparison_enabled + +
+ dictionary +
+ 		+ +
platform setting connected threat defense control manager suspicious object list comparison enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_connected_threat_defense_control_manager_use_proxy_enabled + +
+ dictionary +
+ 		+ +
platform setting connected threat defense control manager use proxy enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_connected_threat_defenses_use_primary_tenant_server_settings_enabled + +
+ dictionary +
+ 		+ +
platform setting connected threat defenses use primary tenant server settings enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_content_security_policy + +
+ dictionary +
+ 		+ +
platform setting content security policy
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_content_security_policy_report_only_enabled + +
+ dictionary +
+ 		+ +
platform setting content security policy report only enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_ddan_auto_submission_enabled + +
+ dictionary +
+ 		+ +
platform setting ddan auto submission enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_ddan_manual_source_api_key + +
+ dictionary +
+ 		+ +
platform setting ddan manual source api key
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_ddan_manual_source_server_url + +
+ dictionary +
+ 		+ +
platform setting ddan manual source server url
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_ddan_proxy_id + +
+ dictionary +
+ 		+ +
platform setting ddan proxy id
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_ddan_source_option + +
+ dictionary +
+ 		+ +
platform setting ddan source option
+
+
+ value + +
+ string +
+ 		+ Default:
"Manually select a Deep Discovery Analyzer server"
+ 		+
Value of a Setting.
+
+
+ platform_setting_ddan_submission_enabled + +
+ dictionary +
+ 		+ +
platform setting ddan submission enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_ddan_use_proxy_enabled + +
+ dictionary +
+ 		+ +
platform setting ddan use proxy enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_demo_mode_enabled + +
+ dictionary +
+ 		+ +
platform setting demo mode enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_dsm_as_xbc_agent_feature_enabled + +
+ dictionary +
+ 		+ +
platform setting dsm as xbc agent feature enabled
+
Applicaple only with GET call
+
Not applicaple param with Create/Modify POST call
+
+
+ value + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Value of a Setting.
+
+
+ platform_setting_event_forwarding_sns_access_key + +
+ dictionary +
+ 		+ +
platform setting event forwarding sns access key
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_event_forwarding_sns_advanced_config_enabled + +
+ dictionary +
+ 		+ +
platform setting event forwarding sns advanced config enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_event_forwarding_sns_config_json + +
+ dictionary +
+ 		+ +
platform setting event forwarding sns config json
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_event_forwarding_sns_enabled + +
+ dictionary +
+ 		+ +
platform setting event forwarding sns enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_event_forwarding_sns_secret_key + +
+ dictionary +
+ 		+ +
platform setting event forwarding sns secret key
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_event_forwarding_sns_topic_arn + +
+ dictionary +
+ 		+ +
platform setting event forwarding sns topic arn
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_exported_diagnostic_package_locale + +
+ dictionary +
+ 		+ +
platform setting exported diagnostic package locale
+
+
+ value + +
+ string +
+ 		+ Default:
"en_US"
+ 		+
Value of a Setting.
+
+
+ platform_setting_exported_file_character_encoding + +
+ dictionary +
+ 		+ +
platform setting exported file character encoding
+
+
+ value + +
+ string +
+ 		+ Default:
"US-ASCII"
+ 		+
Value of a Setting.
+
+
+ platform_setting_http_public_key_pin_policy + +
+ dictionary +
+ 		+ +
platform setting http public key pin policy
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_http_public_key_pin_policy_report_only_enabled + +
+ dictionary +
+ 		+ +
platform setting http public key pin policy report only enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_http_strict_transport_enabled + +
+ dictionary +
+ 		+ +
platform setting http strict transport enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_inactive_agent_cleanup_duration + +
+ dictionary +
+ 		+ +
platform setting inactive agent cleanup duration
+
+
+ value + +
+ string +
+ 		+ Default:
"1 Month"
+ 		+
Value of a Setting.
+
+
+ platform_setting_inactive_agent_cleanup_enabled + +
+ dictionary +
+ 		+ +
platform setting inactive agent cleanup enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_linux_upgrade_on_activation_enabled + +
+ dictionary +
+ 		+ +
platform setting linux upgrade on activation enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_load_balancer_heartbeat_address + +
+ dictionary +
+ 		+ +
platform setting load balancer heartbeat address
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_load_balancer_heartbeat_port + +
+ dictionary +
+ 		+ +
platform setting load balancer heartbeat port
+
+
+ value + +
+ string +
+ 		+ Default:
"4120"
+ 		+
Value of a Setting.
+
+
+ platform_setting_load_balancer_manager_address + +
+ dictionary +
+ 		+ +
platform setting load balancer manager address
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_load_balancer_manager_port + +
+ dictionary +
+ 		+ +
platform setting load balancer manager port
+
+
+ value + +
+ string +
+ 		+ Default:
"4119"
+ 		+
Value of a Setting.
+
+
+ platform_setting_load_balancer_relay_address + +
+ dictionary +
+ 		+ +
platform setting load balancer relay address
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_load_balancer_relay_port + +
+ dictionary +
+ 		+ +
platform setting load balancer relay port
+
+
+ value + +
+ string +
+ 		+ Default:
"4122"
+ 		+
Value of a Setting.
+
+
+ platform_setting_logo_binary_image_img + +
+ dictionary +
+ 		+ +
platform setting logo binary image img
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_managed_detect_response_company_guid + +
+ dictionary +
+ 		+ +
platform setting managed detect response company guid
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_managed_detect_response_enabled + +
+ dictionary +
+ 		+ +
platform setting managed detect response enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_managed_detect_response_proxy_id + +
+ dictionary +
+ 		+ +
platform setting managed detect response proxy id
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_managed_detect_response_server_url + +
+ dictionary +
+ 		+ +
platform setting managed detect response server url
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_managed_detect_response_service_token + +
+ dictionary +
+ 		+ +
platform setting managed detect response service token
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_managed_detect_response_use_primary_tenant_settings_enabled + +
+ dictionary +
+ 		+ +
platform setting managed detect response use primary tenant settings enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_managed_detect_response_use_proxy_enabled + +
+ dictionary +
+ 		+ +
platform setting managed detect response use proxy enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_new_tenant_download_security_update_enabled + +
+ dictionary +
+ 		+ +
platform setting new tenant download security update enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_add_vmware_vcenter_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant add vmware vcenter enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_configure_forgot_password_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant configure forgot password enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_configure_remember_me_option_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant configure remember me option enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_configure_siem_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant configure siem enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_configure_snmp_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant configure snmp enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_configure_sns_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant configure sns enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_control_impersonation_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant control impersonation enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_database_state + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant database state
+
+
+ value + +
+ string +
+ 		+ Default:
"10"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_run_computer_discovery_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant run computer discovery enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_run_port_scan_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant run port scan enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_sync_with_cloud_account_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant sync with cloud account enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_synchronize_ldap_directories_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant synchronize ldap directories enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_use_default_relay_group_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant use default relay group enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_allow_tenant_use_scheduled_run_script_task_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant allow tenant use scheduled run script task enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_lock_and_hide_tenant_data_privacy_option_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant lock and hide tenant data privacy option enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_lock_and_hide_tenant_smtp_tab_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant lock and hide tenant smtp tab enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_lock_and_hide_tenant_storage_tab_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant lock and hide tenant storage tab enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_share_connected_threat_defenses_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant share connected threat defenses enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_primary_tenant_share_managed_detect_responses_enabled + +
+ dictionary +
+ 		+ +
platform setting primary tenant share managed detect responses enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_product_usage_data_collection_enabled + +
+ dictionary +
+ 		+ +
platform setting product usage data collection enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_proxy_agent_update_proxy_id + +
+ dictionary +
+ 		+ +
platform setting proxy agent update proxy id
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_proxy_manager_cloud_proxy_id + +
+ dictionary +
+ 		+ +
platform setting proxy manager cloud proxy id
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_proxy_manager_update_proxy_id + +
+ dictionary +
+ 		+ +
platform setting proxy manager update proxy id
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_recommendation_cpu_usage_level + +
+ dictionary +
+ 		+ +
platform setting recommendation cpu usage level
+
+
+ value + +
+ string +
+ 		+ Default:
"High"
+ 		+
Value of a Setting.
+
+
+ platform_setting_recommendation_ongoing_scans_enabled + +
+ dictionary +
+ 		+ +
platform setting recommendation ongoing scans enabled
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_retain_agent_installers_per_platform_max + +
+ dictionary +
+ 		+ +
platform setting retain agent installers per platform max
+
+
+ value + +
+ string +
+ 		+ Default:
"5"
+ 		+
Value of a Setting.
+
+
+ platform_setting_retain_counters_duration + +
+ dictionary +
+ 		+ +
platform setting retain counters duration
+
+
+ value + +
+ string +
+ 		+ Default:
"13 Weeks"
+ 		+
Value of a Setting.
+
+
+ platform_setting_retain_security_updates_max + +
+ dictionary +
+ 		+ +
platform setting retain security updates max
+
+
+ value + +
+ string +
+ 		+ Default:
"10"
+ 		+
Value of a Setting.
+
+
+ platform_setting_retain_server_log_duration + +
+ dictionary +
+ 		+ +
platform setting retain server log duration
+
+
+ value + +
+ string +
+ 		+ Default:
"7 Days"
+ 		+
Value of a Setting.
+
+
+ platform_setting_retain_system_event_duration + +
+ dictionary +
+ 		+ +
platform setting retain system event duration
+
+
+ value + +
+ string +
+ 		+ Default:
"53 weeks"
+ 		+
Value of a Setting.
+
+
+ platform_setting_saml_identity_provider_certificate_expiry_warning_daysr + +
+ dictionary +
+ 		+ +
platform setting saml identity provider certificate expiry warning days
+
+
+ value + +
+ string +
+ 		+ Default:
"30"
+ 		+
Value of a Setting.
+
+
+ platform_setting_saml_retain_inactive_external_administrators_duration + +
+ dictionary +
+ 		+ +
platform setting saml retain inactive external administrators duration
+
+
+ value + +
+ string +
+ 		+ Default:
"365"
+ 		+
Value of a Setting.
+
+
+ platform_setting_saml_service_provider_certificate + +
+ dictionary +
+ 		+ +
platform setting saml service provider certificate
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_saml_service_provider_certificate_expiry_warning_days + +
+ dictionary +
+ 		+ +
platform setting saml service provider certificate expiry warning days
+
+
+ value + +
+ string +
+ 		+ Default:
"30"
+ 		+
Value of a Setting.
+
+
+ platform_setting_saml_service_provider_entity_id + +
+ dictionary +
+ 		+ +
platform setting saml service provider entity id
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_saml_service_provider_name + +
+ dictionary +
+ 		+ +
platform setting saml service provider name
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_saml_service_provider_private_key + +
+ dictionary +
+ 		+ +
platform setting saml service provider private key
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_sign_in_page_message + +
+ dictionary +
+ 		+ +
platform setting sign in page message
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_smart_protection_feedback_bandwidth_max_kbytes + +
+ dictionary +
+ 		+ +
platform setting smart protection feedback bandwidth max kbytes
+
+
+ value + +
+ string +
+ 		+ Default:
"32"
+ 		+
Value of a Setting.
+
+
+ platform_setting_smart_protection_feedback_enabled + +
+ dictionary +
+ 		+ +
platform setting smart protection feedback enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_smart_protection_feedback_for_suspicious_file_enabled + +
+ dictionary +
+ 		+ +
platform setting smart protection feedback for suspicious file enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_smart_protection_feedback_industry_type + +
+ dictionary +
+ 		+ +
platform setting smart protection feedback industry type
+
+
+ value + +
+ string +
+ 		+ Default:
"Not specified"
+ 		+
Value of a Setting.
+
+
+ platform_setting_smart_protection_feedback_interval + +
+ dictionary +
+ 		+ +
platform setting smart protection feedback interval
+
+
+ value + +
+ string +
+ 		+ Default:
"5"
+ 		+
Value of a Setting.
+
+
+ platform_setting_smart_protection_feedback_threat_detections_threshold + +
+ dictionary +
+ 		+ +
platform setting smart protection feedback threat detections threshold
+
+
+ value + +
+ string +
+ 		+ Default:
"10"
+ 		+
Value of a Setting.
+
+
+ platform_setting_smtp_bounce_email_address + +
+ dictionary +
+ 		+ +
platform setting smtp bounce email address
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_smtp_from_email_address + +
+ dictionary +
+ 		+ +
platform setting smtp from email address
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_smtp_password + +
+ dictionary +
+ 		+ +
platform setting smtp password
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_smtp_requires_authentication_enabled + +
+ dictionary +
+ 		+ +
platform setting smtp requires authentication enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_smtp_server_address + +
+ dictionary +
+ 		+ +
platform setting smtp server address
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_smtp_start_tls_enabled + +
+ dictionary +
+ 		+ +
platform setting smtp start tls enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_smtp_username + +
+ dictionary +
+ 		+ +
platform setting smtp username
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_syslog_config_id + +
+ dictionary +
+ 		+ +
platform setting syslog config id
+
+
+ value + +
+ string +
+ 		+ Default:
"0"
+ 		+
Value of a Setting.
+
+
+ platform_setting_system_event_forwarding_snmp_address + +
+ dictionary +
+ 		+ +
platform setting system event forwarding snmp address
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_system_event_forwarding_snmp_enabled + +
+ dictionary +
+ 		+ +
platform setting system event forwarding snmp enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_system_event_forwarding_snmp_port + +
+ dictionary +
+ 		+ +
platform setting system event forwarding snmp port
+
+
+ value + +
+ string +
+ 		+ Default:
"162"
+ 		+
Value of a Setting.
+
+
+ platform_setting_tenant_allow_impersonation_by_primary_tenant_enabled + +
+ dictionary +
+ 		+ +
platform setting tenant allow impersonation by primary tenant enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_tenant_auto_revoke_impersonation_by_primary_tenant_enabled + +
+ dictionary +
+ 		+ +
platform setting tenant auto revoke impersonation by primary tenant enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_tenant_auto_revoke_impersonation_by_primary_tenant_timeout + +
+ dictionary +
+ 		+ +
platform setting tenant auto revoke impersonation by primary tenant timeout
+
+
+ value + +
+ string +
+ 		+ Default:
"4 Hours"
+ 		+
Value of a Setting.
+
+
+ platform_setting_tenant_protection_usage_monitoring_computer_id_1 + +
+ dictionary +
+ 		+ +
platform setting tenant protection usage monitoring computer id 1
+
+
+ value + +
+ string +
+ 		+ Default:
"Hostname"
+ 		+
Value of a Setting.
+
+
+ platform_setting_tenant_protection_usage_monitoring_computer_id_2 + +
+ dictionary +
+ 		+ +
platform setting tenant protection usage monitoring computer id 2
+
+
+ value + +
+ string +
+ 		+ Default:
"Last Used IP Address"
+ 		+
Value of a Setting.
+
+
+ platform_setting_tenant_protection_usage_monitoring_computer_id_3 + +
+ dictionary +
+ 		+ +
platform setting tenant protection usage monitoring computer id 3
+
+
+ value + +
+ string +
+ 		+ Default:
"Platform"
+ 		+
Value of a Setting.
+
+
+ platform_setting_tenant_use_default_relay_group_from_primary_tenant_enabled + +
+ dictionary +
+ 		+ +
platform setting tenant use default relay group from primary tenant enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_trend_micro_xdr_api_key + +
+ dictionary +
+ 		+ +
platform setting trend micro xdr api key
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_trend_micro_xdr_api_server_url + +
+ dictionary +
+ 		+ +
platform setting trend micro xdr api server url
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_trend_micro_xdr_api_user + +
+ dictionary +
+ 		+ +
platform setting trend micro xdr api user
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_trend_micro_xdr_common_log_receiver_url + +
+ dictionary +
+ 		+ +
platform setting trend micro xdr common log receiver url
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_trend_micro_xdr_company_id + +
+ dictionary +
+ 		+ +
platform setting trend micro xdr company id
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_trend_micro_xdr_enabled + +
+ dictionary +
+ 		+ +
platform setting trend micro xdr enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_trend_micro_xdr_identity_provider_api_url + +
+ dictionary +
+ 		+ +
platform setting trend micro xdr identity provider api url
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_trend_micro_xdr_log_server_url + +
+ dictionary +
+ 		+ +
platform setting trend micro xdr log server url
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_update_agent_security_contact_primary_source_on_missing_relay_enabled + +
+ dictionary +
+ 		+ +
platform setting update agent security contact primary source on missing relay enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_update_agent_security_on_missing_deep_security_manager_enabled + +
+ dictionary +
+ 		+ +
platform setting update agent security on missing deep security manager enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_update_agent_software_use_download_center_on_missing_deep_security_manager_enabled + +
+ dictionary +
+ 		+ +
platform setting update agent software use download center on missing deep security manager enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_update_appliance_default_agent_version + +
+ dictionary +
+ 		+ +
platform setting update appliance default agent version
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_update_hostname_on_ip_change_enabled + +
+ dictionary +
+ 		+ +
platform setting update hostname on ip change enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_update_imported_software_auto_download_enabled + +
+ dictionary +
+ 		+ +
platform setting update imported software auto download enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_update_relay_security_all_regions_patterns_download_enabled + +
+ dictionary +
+ 		+ +
platform setting update relay security all regions patterns download enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_update_relay_security_support_agent_9and_earlier_enabled + +
+ dictionary +
+ 		+ +
platform setting update relay security support agent and earlier enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_update_rules_policy_auto_apply_enabled + +
+ dictionary +
+ 		+ +
platform setting update rules policy auto apply enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"true"
+ 		+
Value of a Setting.
+
+
+ platform_setting_update_security_primary_source_mode + +
+ dictionary +
+ 		+ +
platform setting update security primary source mode
+
+
+ value + +
+ string +
+ 		+ Default:
"Trend Micro ActiveUpdate Server"
+ 		+
Value of a Setting.
+
+
+ platform_setting_update_security_primary_source_url + +
+ dictionary +
+ 		+ +
platform setting update security primary source url
+
+
+ value + +
+ string +
+ 		+ Default:
"http://"
+ 		+
Value of a Setting.
+
+
+ platform_setting_update_software_alternate_update_server_urls + +
+ dictionary +
+ 		+ +
platform setting update software alternate update server urls
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_user_enforce_terms_and_conditions_enabled + +
+ dictionary +
+ 		+ +
platform setting user enforce terms and conditions enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_user_enforce_terms_and_conditions_message + +
+ dictionary +
+ 		+ +
platform setting user enforce terms and conditions message
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_user_enforce_terms_and_conditions_title + +
+ dictionary +
+ 		+ +
platform setting user enforce terms and conditions title
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_user_hide_unlicensed_modules_enabled + +
+ dictionary +
+ 		+ +
platform setting user hide unlicensed modules enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_user_password_expiry + +
+ dictionary +
+ 		+ +
platform setting user password expiry
+
+
+ value + +
+ string +
+ 		+ Default:
"Never"
+ 		+
Value of a Setting.
+
+
+ platform_setting_user_password_expiry_send_email_enabled + +
+ dictionary +
+ 		+ +
platform setting user password expiry send email enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_user_password_length_min + +
+ dictionary +
+ 		+ +
platform setting user password length min
+
+
+ value + +
+ string +
+ 		+ Default:
"8"
+ 		+
Value of a Setting.
+
+
+ platform_setting_user_password_require_letters_and_numbers_enabled + +
+ dictionary +
+ 		+ +
platform setting user password require letters and numbers enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_user_password_require_mixed_case_enabled + +
+ dictionary +
+ 		+ +
platform setting user password require mixed case enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_user_password_require_not_same_as_username_enabled + +
+ dictionary +
+ 		+ +
platform setting user password require not same as username enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_user_password_require_special_characters_enabled + +
+ dictionary +
+ 		+ +
platform setting user password require special characters enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ platform_setting_user_session_duration_max + +
+ dictionary +
+ 		+ +
platform setting user session duration max
+
+
+ value + +
+ string +
+ 		+ Default:
"No Limit"
+ 		+
Value of a Setting.
+
+
+ platform_setting_user_session_idle_timeout + +
+ dictionary +
+ 		+ +
platform setting user session idle timeout
+
+
+ value + +
+ string +
+ 		+ Default:
"30 Minutes"
+ 		+
Value of a Setting.
+
+
+ platform_setting_user_sign_in_attempts_allowed_number + +
+ dictionary +
+ 		+ +
platform setting user sign in attempts allowed number
+
+
+ value + +
+ string +
+ 		+ Default:
"5"
+ 		+
Value of a Setting.
+
+
+ platform_setting_vmware_nsx_manager_node + +
+ dictionary +
+ 		+ +
platform setting vmware nsx manager node
+
+
+ value + +
+ string +
+ 		+ Default:
"1"
+ 		+
Value of a Setting.
+
+
+ platform_setting_whois_url + +
+ dictionary +
+ 		+ +
platform setting whois url
+
+
+ value + +
+ string +
+ 		+ +
Value of a Setting.
+
+
+ platform_setting_windows_upgrade_on_activation_enabled + +
+ dictionary +
+ 		+ +
platform setting windows upgrade on activation enabled
+
+
+ value + +
+ string +
+ 		+ Default:
"false"
+ 		+
Value of a Setting.
+
+
+ web_reputation_setting_event_rank_risk_blocked_by_administrator_rank + +
+ dictionary +
+ 		+ +
web reputation setting event rank risk blocked by administrator rank
+
+
+ value + +
+ string +
+ 		+ Default:
"100"
+ 		+
Value of a Setting.
+
+
+ web_reputation_setting_event_rank_risk_dangerous + +
+ dictionary +
+ 		+ +
web reputation setting event rank risk dangerous
+
+
+ value + +
+ string +
+ 		+ Default:
"100"
+ 		+
Value of a Setting.
+
+
+ web_reputation_setting_event_rank_risk_highly_suspicious + +
+ dictionary +
+ 		+ +
web reputation setting event rank risk highly suspicious
+
+
+ value + +
+ string +
+ 		+ Default:
"50"
+ 		+
Value of a Setting.
+
+
+ web_reputation_setting_event_rank_risk_suspicious + +
+ dictionary +
+ 		+ +
web reputation setting event rank risk suspicious
+
+
+ value + +
+ string +
+ 		+ Default:
"25"
+ 		+
Value of a Setting.
+
+
+ web_reputation_setting_event_rank_risk_untested + +
+ dictionary +
+ 		+ +
web reputation setting event rank risk untested
+
+
+ value + +
+ string +
+ 		+ Default:
"25"
+ 		+
Value of a Setting.
+
+
+ web_reputation_setting_retain_event_duration + +
+ dictionary +
+ 		+ +
web reputation setting retain event duration
+
+
+ value + +
+ string +
+ 		+ Default:
"7 Days"
+ 		+
Value of a Setting.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • present ←
    • +
  • absent
    • +
  • gathered
    • +
+ 		+
The state the configuration should be left in
+
The state gathered will get the module API configuration from the device and transform it into structured data in the format as per the module argspec and the value is returned in the gathered key within the result.
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + - name: Apply the input config to System Settings config + trendmicro.deepsec.deepsec_system_settings: + state: present + config: + platform_setting_syslog_config_id: + value: 12 + platform_setting_http_strict_transport_enabled: + value: true + platform_setting_demo_mode_enabled: + value: true + - name: Reset/Delete the input System Settings Config + trendmicro.deepsec.deepsec_system_settings: + state: absent + config: + name: + - platform_setting_syslog_config_id + - platform_setting_http_strict_transport_enabled + - platform_setting_demo_mode_enabled + + # Play Run: + # ========= + # + # "system_settings": { + # "after": { + # "platform_setting_demo_mode_enabled": { + # "value": "false" + # }, + # "platform_setting_http_strict_transport_enabled": { + # "value": "false" + # }, + # "platform_setting_syslog_config_id": { + # "value": "0" + # } + # }, + # "before": { + # "platform_setting_demo_mode_enabled": { + # "value": "true" + # }, + # "platform_setting_http_strict_transport_enabled": { + # "value": "true" + # }, + # "platform_setting_syslog_config_id": { + # "value": "12" + # } + # } + # } + + - name: Gather/Get System Settings by System Settings Name + trendmicro.deepsec.deepsec_system_settings: + state: gathered + config: + name: + - platform_setting_syslog_config_id + - platform_setting_http_strict_transport_enabled + - platform_setting_demo_mode_enabled + + # Play Run: + # ========= + # + # "gathered": { + # "config": { + # "platform_setting_demo_mode_enabled": { + # "value": "false" + # }, + # "platform_setting_http_strict_transport_enabled": { + # "value": "false" + # }, + # "platform_setting_syslog_config_id": { + # "value": "0" + # } + # } + # } + + - name: Gather/Get the complete System Settings + trendmicro.deepsec.deepsec_system_settings: + state: gathered + + + + +Status +------ + + +Authors +~~~~~~~ + +- Ansible Security Automation Team (@justjais) " diff --git a/galaxy.yml b/galaxy.yml index f1e8802..a55eee1 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,66 +1,26 @@ -### REQUIRED - -# The namespace of the collection. This can be a company/brand/organization or product namespace under which all -# content lives. May only contain alphanumeric characters and underscores. Additionally namespaces cannot start with -# underscores or numbers and cannot contain consecutive underscores -namespace: trendmicro - -# The name of the collection. Has the same character restrictions as 'namespace' +--- +authors: + - Ansible Security Team (https://github.com/ansible-security) +dependencies: + "ansible.netcommon": ">=2.5.1" + "ansible.utils": ">=2.11.0" +license_file: LICENSE name: deepsec - -# The version of the collection. Must be compatible with semantic versioning -version: 0.0.1 - -# The path to the Markdown (.md) readme file. This path is relative to the root of the collection -readme: README.md - -# A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) -# @nicks:irc/im.site#channel' -authors: Ansible Security Team (https://github.com/ansible-security)' - - -### OPTIONAL but strongly recommended - -# A short summary description of the collection +namespace: trendmicro description: Ansible Security Collection for Trend Micro Deep Security - -# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only -# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' -license: -- GPL-3.0-or-later - -# The path to the license file for the collection. This path is relative to the root of the collection. This key is -# mutually exclusive with 'license' -#license_file: '' - -# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character -# requirements as 'namespace' and 'name' -tags: - - trendmicro - - deepsec - - security - - endpoint - -# Collections that this collection requires to be installed for it to be usable. The key of the dict is the -# collection label 'namespace.name'. The value is a version range -# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version -# range specifiers can be set and are separated by ',' -#dependencies: {} - +readme: README.md # The URL of the originating SCM repository repository: https://github.com/ansible-collections/trendmicro.deepsec - # The URL to any online docs documentation: https://github.com/ansible-collections/trendmicro.deepsec - # The URL to the homepage of the collection/project homepage: https://github.com/ansible-collections/trendmicro.deepsec - # The URL to the collection issue tracker issues: https://github.com/ansible-collections/trendmicro.deepsec/issues - -# A list of file glob-like patterns used to filter any files or directories that should not be included in the build -# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This -# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry', -# and '.git' are always filtered +tags: + - trendmicro + - deepsec + - security + - endpoint +version: "2.0.0" build_ignore: [] diff --git a/meta/runtime.yml b/meta/runtime.yml index 28d1d3a..bc5430c 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,2 +1,67 @@ --- -requires_ansible: '>=2.9.10,<2.11' +requires_ansible: ">=2.9.10" +plugin_routing: + modules: + anti_malware: + redirect: trendmicro.deepsec.deepsec_anti_malware + deprecation: + removal_date: "2023-12-01" + warning_text: See the plugin documentation for more details + deepsec_anti_malware: + deprecation: + removal_date: "2023-12-01" + warning_text: See the plugin documentation for more details + anti_malwares: + redirect: trendmicro.deepsec.deepsec_anti_malwares + apikey: + redirect: trendmicro.deepsec.deepsec_apikey + firewallrules: + redirect: trendmicro.deepsec.deepsec_firewallrules + deprecation: + removal_date: "2023-12-01" + warning_text: See the plugin documentation for more details + deepsec_firewallrules: + deprecation: + removal_date: "2023-12-01" + warning_text: See the plugin documentation for more details + firewall_rules: + redirect: trendmicro.deepsec.deepsec_firewall_rules + hosts_info: + redirect: trendmicro.deepsec.deepsec_hosts_info + log_inspectionrules: + redirect: trendmicro.deepsec.deepsec_log_inspectionrules + deprecation: + removal_date: "2023-12-01" + warning_text: See the plugin documentation for more details + deepsec_log_inspectionrules: + deprecation: + removal_date: "2023-12-01" + warning_text: See the plugin documentation for more details + log_inspection_rules: + redirect: trendmicro.deepsec.deepsec_log_inspection_rules + syslog: + redirect: trendmicro.deepsec.deepsec_syslog + system_settings: + redirect: trendmicro.deepsec.deepsec_system_settings + integrity_monitoringrules: + redirect: trendmicro.deepsec.deepsec_integrity_monitoringrules + deprecation: + removal_date: "2023-12-01" + warning_text: See the plugin documentation for more details + deepsec_integrity_monitoringrules: + deprecation: + removal_date: "2023-12-01" + warning_text: See the plugin documentation for more details + integrity_monitoring_rules: + redirect: trendmicro.deepsec.deepsec_integrity_monitoring_rules + intrusion_preventionrules: + redirect: trendmicro.deepsec.deepsec_intrusion_preventionrules + deprecation: + removal_date: "2023-12-01" + warning_text: See the plugin documentation for more details + deepsec_intrusion_preventionrules: + deprecation: + removal_date: "2023-12-01" + warning_text: See the plugin documentation for more details + intrusion_prevention_rules: + redirect: trendmicro.deepsec.deepsec_intrusion_prevention_rules diff --git a/mypy.ini b/mypy.ini new file mode 100644 index 0000000..c55c1b8 --- /dev/null +++ b/mypy.ini @@ -0,0 +1,30 @@ +[mypy] +files = + plugins/, + tests/ +install_types = true +namespace_packages = true +no_implicit_optional = true +non_interactive = true +pretty = true +show_column_numbers = true +show_error_codes = true +show_error_context = true +strict = true +strict_optional = true + +[mypy-ansible.*] +# No type hints as of version 2.12 +ignore_missing_imports = true + +[mypy-ansible_collections.trendmicro.deepsec.*] +# No type hints as of version 2.6.1 +ignore_missing_imports = true + +[mypy-pytest_ansible_network_integration] +# No type hints as of 6/8/2022 +ignore_missing_imports = true + +[mypy-ansible_collections.*] +# Collections are not python package +ignore_missing_imports = true diff --git a/plugins/action/__init__.py b/plugins/action/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/plugins/action/deepsec_anti_malwares.py b/plugins/action/deepsec_anti_malwares.py new file mode 100644 index 0000000..6f9136c --- /dev/null +++ b/plugins/action/deepsec_anti_malwares.py @@ -0,0 +1,374 @@ +# +# Copyright 2021 Red Hat Inc. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +""" +The module file for deepsec_anti_malwares +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from ansible.plugins.action import ActionBase +from ansible.errors import AnsibleActionFail +from ansible.module_utils.connection import Connection + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) +from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( + DeepSecurityRequest, + map_obj_to_params, + map_params_to_obj, + remove_get_keys_from_payload_dict, +) +from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, +) +from ansible_collections.trendmicro.deepsec.plugins.modules.deepsec_anti_malwares import ( + DOCUMENTATION, +) + + +class ActionModule(ActionBase): + """action module""" + + def __init__(self, *args, **kwargs): + super(ActionModule, self).__init__(*args, **kwargs) + self._result = None + self._supports_async = True + self.api_object = "/api/antimalwareconfigurations" + self.api_object_search = "/api/antimalwareconfigurations/search" + self.api_return = "antiMalwareConfigurations" + self.module_return = "anti_malwares" + self.key_transform = { + "id": "ID", + "amsi_scan_enabled": "amsiScanEnabled", + "scan_type": "scanType", + "document_exploit_protection_enabled": "documentExploitProtectionEnabled", + "document_exploit_protection": "documentExploitProtection", + "document_exploit_heuristic_level": "documentExploitHeuristicLevel", + "machine_learning_enabled": "machineLearningEnabled", + "behavior_monitoring_enabled": "behaviorMonitoringEnabled", + "document_recovery_enabled": "documentRecoveryEnabled", + "intelli_trap_enabled": "intelliTrapEnabled", + "memory_scan_enabled": "memoryScanEnabled", + "spyware_enabled": "spywareEnabled", + "alert_enabled": "alertEnabled", + "directories_to_scan": "directoriesToScan", + "directory_list_id": "directoryListID", + "files_to_scan": "filesToScan", + "excluded_directory_list_id": "excludedDirectoryListID", + "excluded_file_list_id": "excludedFileListID", + "excluded_file_extension_list_id": "fileExtensionListID", + "excluded_process_image_file_list_id": "excludedProcessImageFileListID", + "real_time_scan": "realTimeScan", + "scan_compressed_enabled": "scanCompressedEnabled", + "scan_compressed_maximum_size": "scanCompressedMaximumSize", + "scan_compressed_maximum_levels": "scanCompressedMaximumLevels", + "scan_compressed_maximum_files": "scanCompressedMaximumFiles", + "microsoft_office_enabled": "microsoftOfficeEnabled", + "microsoft_office_layers": "microsoftOfficeLayers", + "network_directories_enabled": "networkDirectoriesEnabled", + "custom_remediation_actions_enabled": "customRemediationActionsEnabled", + "custom_scan_actions_enabled": "customScanActionsEnabled", + "scan_action_for_virus": "scanActionForVirus", + "scan_action_for_trojans": "scanActionForTrojans", + "scan_action_for_packer": "scanActionForPacker", + "scan_action_for_spyware": "scanActionForSpyware", + "scan_action_for_other_threats": "scanActionForOtherThreats", + "scan_action_for_cookies": "scanActionForCookies", + "scan_action_for_cve": "scanActionForCVE", + "scan_action_for_heuristics": "scanActionForHeuristics", + "scan_action_for_machine_learning": "scanActionForMachineLearning", + "scan_action_for_possible_malware": "scanActionForPossibleMalware", + "cpu_usage": "cpuUsage", + } + + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=DOCUMENTATION, + schema_format="doc", + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + self._result["failed"] = True + self._result["msg"] = errors + + def _check_for_response_code(self, response_code, response): + if response_code >= 400: + if response.get("errors"): + raise AnsibleActionFail( + "Request failed with HTTPerror code: {0}, and with a response: {1}".format( + response_code, response["errors"] + ) + ) + elif response.get("message"): + raise AnsibleActionFail( + "Request failed with HTTPerror code: {0}, and with a response: {1}".format( + response_code, response["message"] + ) + ) + + def search_for_existing_rules(self, conn_request, search_payload=None): + code, resource_response = conn_request.post( + self.api_object_search, data=search_payload + ) + self._check_for_response_code(code, resource_response) + return resource_response + + def search_for_resource_name(self, conn_request, search_resource_by_names): + search_result = [] + if isinstance(search_resource_by_names, list): + for each in search_resource_by_names: + search_payload = { + "maxItems": 1, + "searchCriteria": [ + { + "fieldName": "name", + "stringTest": "equal", + "stringValue": each["name"], + } + ], + } + temp_search_response = self.search_for_existing_rules( + conn_request, search_payload + ) + if ( + temp_search_response.get(self.api_return) + and temp_search_response[self.api_return] + ): + search_result.append( + map_obj_to_params( + temp_search_response[self.api_return][0], + self.key_transform, + self.api_return, + ) + ) + else: + search_payload = { + "maxItems": 1, + "searchCriteria": [ + { + "fieldName": "name", + "stringTest": "equal", + "stringValue": search_resource_by_names, + } + ], + } + search_result = self.search_for_existing_rules( + conn_request, search_payload + ) + + return search_result + + def delete_module_api_config(self, conn_request, module_config_params): + config = {} + before = [] + after = [] + changed = False + for each in module_config_params: + search_by_name = self.search_for_resource_name( + conn_request, each["name"] + ) + if search_by_name.get(self.api_return): + every = map_obj_to_params( + search_by_name[self.api_return][0], + self.key_transform, + self.api_return, + ) + before.append(every) + response_code, api_response = conn_request.delete( + "{0}/{1}".format(self.api_object, every["id"]), data=each + ) + self._check_for_response_code(response_code, api_response) + + changed = True + if api_response: + after.append( + map_obj_to_params( + api_response, self.key_transform, self.api_return + ) + ) + if changed: + config.update({"before": before, "after": after}) + else: + config.update({"before": before}) + return config, changed + + def configure_module_api(self, conn_request, module_config_params): + get_supported_keys = ["id", "identifier", "can_be_assigned_alone"] + config = {} + before = [] + after = [] + changed = False + diff = None + # Add to the THIS list for the value which needs to be excluded + # from HAVE params when compared to WANT param like 'ID' can be + # part of HAVE param but may not be part of your WANT param + remove_from_diff_compare = [ + "id", + "real_time_scan", + "scan_action_for_virus", + "cpu_usage", + ] + temp_name = [] + for each in module_config_params: + search_by_name = self.search_for_resource_name( + conn_request, each["name"] + ) + if search_by_name and search_by_name.get(self.api_return): + each_result = search_by_name[self.api_return] + every = {} + for every in each_result: + every = map_obj_to_params( + every, self.key_transform, self.api_return + ) + if every["name"] == each["name"]: + each = utils.remove_empties(each) + diff = utils.dict_diff(every, each) + if diff: + diff = remove_get_keys_from_payload_dict( + diff, remove_from_diff_compare + ) + if diff: + before.append(every) + if self._task.args["state"] == "merged": + # Check for actual modification and if present fire + # the request over that integrity_monitoring_rules ID + each = utils.remove_empties( + utils.dict_merge(every, each) + ) + each = remove_get_keys_from_payload_dict( + each, remove_from_diff_compare + ) + changed = True + payload = map_params_to_obj( + each, self.key_transform + ) + response_code, api_response = conn_request.post( + "{0}/{1}".format(self.api_object, every["id"]), + data=payload, + ) + self._check_for_response_code( + response_code, api_response + ) + after.append( + map_obj_to_params( + api_response, + self.key_transform, + self.api_return, + ) + ) + elif self._task.args["state"] == "replaced": + response_code, api_response = conn_request.delete( + "{0}/{1}".format(self.api_object, every["id"]), + data=each, + ) + self._check_for_response_code( + response_code, api_response + ) + changed = True + payload = map_params_to_obj( + each, self.key_transform + ) + response_code, api_response = conn_request.post( + "{0}".format(self.api_object), data=payload + ) + self._check_for_response_code( + response_code, api_response + ) + after.append( + map_obj_to_params( + api_response, + self.key_transform, + self.api_return, + ) + ) + else: + before.append(every) + after.append(every) + temp_name.append(every["name"]) + else: + before.append(every) + after.append(every) + else: + changed = True + each = utils.remove_empties(each) + each = remove_get_keys_from_payload_dict( + each, get_supported_keys + ) + payload = map_params_to_obj(each, self.key_transform) + code, api_response = conn_request.post( + "{0}".format(self.api_object), data=payload + ) + self._check_for_response_code(code, api_response) + after.extend(before) + after.append( + map_obj_to_params( + api_response, self.key_transform, self.api_return + ) + ) + if not changed: + after = [] + config.update({"before": before, "after": after}) + + return config, changed + + def run(self, tmp=None, task_vars=None): + self._supports_check_mode = True + self._result = super(ActionModule, self).run(tmp, task_vars) + self._check_argspec() + if self._result.get("failed"): + return self._result + conn = Connection(self._connection.socket_path) + conn_request = DeepSecurityRequest( + connection=conn, task_vars=task_vars + ) + if self._task.args["state"] == "gathered": + if self._task.args.get("config"): + self._result["gathered"] = self.search_for_resource_name( + conn_request, self._task.args["config"] + ) + else: + self._result["gathered"] = conn_request.get(self.api_object) + self._result["changed"] = False + elif ( + self._task.args["state"] == "merged" + or self._task.args["state"] == "replaced" + ): + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + ) = self.configure_module_api( + conn_request, self._task.args["config"] + ) + elif self._task.args["state"] == "deleted": + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + ) = self.delete_module_api_config( + conn_request, self._task.args["config"] + ) + + return self._result diff --git a/plugins/action/deepsec_firewall_rules.py b/plugins/action/deepsec_firewall_rules.py new file mode 100644 index 0000000..4159e2d --- /dev/null +++ b/plugins/action/deepsec_firewall_rules.py @@ -0,0 +1,363 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +The module file for deepsec_firewall_rules +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from ansible.plugins.action import ActionBase +from ansible.errors import AnsibleActionFail +from ansible.module_utils.connection import Connection + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) +from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( + DeepSecurityRequest, + map_obj_to_params, + map_params_to_obj, + remove_get_keys_from_payload_dict, +) +from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, +) +from ansible_collections.trendmicro.deepsec.plugins.modules.deepsec_firewall_rules import ( + DOCUMENTATION, +) + + +class ActionModule(ActionBase): + """action module""" + + def __init__(self, *args, **kwargs): + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = True + self._result = None + self.api_object = "/api/firewallrules" + self.api_object_search = "/api/firewallrules/search" + self.api_return = "firewallRules" + self.module_return = "firewall_rules" + self.key_transform = { + "id": "ID", + "frame_type": "frameType", + "frame_number": "frameNumber", + "frame_not": "frameNot", + "protocol_number": "protocolNumber", + "protocol_not": "protocolNot", + "source_iptype": "sourceIPType", + "source_ipvalue": "sourceIPValue", + "source_ipmask": "sourceIPMask", + "source_iprange_from": "sourceIPRangeFrom", + "source_iprange_to": "sourceIPRangeTo", + "source_ipmultiple": "sourceIPMultiple", + "source_iplist_id": "sourceIPListID", + "source_ipnot": "sourceIPNot", + "source_mactype": "sourceMACType", + "source_macvalue": "sourceMACValue", + "source_macmultiple": "sourceMACMultiple", + "source_maclist_id": "sourceMACListID", + "source_macnot": "sourceMACNot", + "source_port_type": "sourcePortType", + "source_port_multiple": "sourcePortMultiple", + "source_port_list_id": "sourcePortListID", + "source_port_not": "sourcePortNot", + "destination_iptype": "destinationIPType", + "destination_ipvalue": "destinationIPValue", + "destination_ipmask": "destinationIPMask", + "destinationIPRangeFrom": "destination_iprange_from", + "destination_iprange_to": "destinationIPRangeTo", + "destination_ipmultiple": "destinationIPMultiple", + "destination_iplist_id": "destinationIPListID", + "destination_ipnot": "destinationIPNot", + "destination_mactype": "destinationMACType", + "destination_macvalue": "destinationMACValue", + "destination_macmultiple": "destinationMACMultiple", + "destination_maclist_id": "destinationMACListID", + "destination_macnot": "destinationMACNot", + "destination_port_type": "destinationPortType", + "destination_port_multiple": "destinationPortMultiple", + "destination_port_list_id": "destinationPortListID", + "destination_port_not": "destinationPortNot", + "any_flags": "anyFlags", + "log_disabled": "logDisabled", + "include_packet_data": "includePacketData", + "alert_enabled": "alertEnabled", + "schedule_id": "scheduleID", + "context_id": "contextID", + "tcpnot": "TCPNot", + "icmptype": "ICMPType", + "icmpcode": "ICMPCode", + "icmpnot": "ICMPNot", + } + + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=DOCUMENTATION, + schema_format="doc", + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + self._result["failed"] = True + self._result["msg"] = errors + + def _check_for_response_code(self, response_code, response): + if response_code >= 400: + if response.get("errors"): + raise AnsibleActionFail( + "Request failed with HTTPerror code: {0}, and with a response: {1}".format( + response_code, response["errors"] + ) + ) + elif response.get("message"): + raise AnsibleActionFail( + "Request failed with HTTPerror code: {0}, and with a response: {1}".format( + response_code, response["message"] + ) + ) + + def search_for_existing_rules(self, conn_request, search_payload=None): + code, resource_response = conn_request.post( + self.api_object_search, data=search_payload + ) + self._check_for_response_code(code, resource_response) + return resource_response + + def search_for_resource_name(self, conn_request, search_resource_by_names): + search_result = [] + if isinstance(search_resource_by_names, list): + for each in search_resource_by_names: + search_payload = { + "maxItems": 1, + "searchCriteria": [ + { + "fieldName": "name", + "stringTest": "equal", + "stringValue": each["name"], + } + ], + } + temp_search_response = self.search_for_existing_rules( + conn_request, search_payload + ) + if ( + temp_search_response.get("firewallRules") + and temp_search_response["firewallRules"] + ): + search_result.append( + map_obj_to_params( + temp_search_response["firewallRules"][0], + self.key_transform, + self.api_return, + ) + ) + else: + search_payload = { + "maxItems": 1, + "searchCriteria": [ + { + "fieldName": "name", + "stringTest": "equal", + "stringValue": search_resource_by_names, + } + ], + } + search_result = self.search_for_existing_rules( + conn_request, search_payload + ) + + return search_result + + def delete_module_api_config(self, conn_request, module_config_params): + config = {} + before = [] + after = [] + changed = False + for each in module_config_params: + search_by_name = self.search_for_resource_name( + conn_request, each["name"] + ) + if search_by_name.get(self.api_return): + every = map_obj_to_params( + search_by_name[self.api_return][0], + self.key_transform, + self.api_return, + ) + before.append(every) + response_code, api_response = conn_request.delete( + "{0}/{1}".format(self.api_object, every["id"]), data=each + ) + self._check_for_response_code(response_code, api_response) + + changed = True + if api_response: + after.append( + map_obj_to_params( + api_response, self.key_transform, self.api_return + ) + ) + if changed: + config.update({"before": before, "after": after}) + else: + config.update({"before": before}) + return config, changed + + def configure_module_api(self, conn_request, module_config_params): + get_supported_keys = ["id", "identifier", "can_be_assigned_alone"] + config = {} + before = [] + after = [] + changed = False + diff = None + # Add to the THIS list for the value which needs to be excluded + # from HAVE params when compared to WANT param like 'ID' can be + # part of HAVE param but may not be part of your WANT param + remove_from_diff_compare = [] + temp_name = [] + for each in module_config_params: + search_by_name = self.search_for_resource_name( + conn_request, each["name"] + ) + if search_by_name and search_by_name.get(self.api_return): + each_result = search_by_name[self.api_return] + every = {} + for every in each_result: + every = map_obj_to_params( + every, self.key_transform, self.api_return + ) + if every["name"] == each["name"]: + each = utils.remove_empties(each) + diff = utils.dict_diff(every, each) + if diff: + diff = remove_get_keys_from_payload_dict( + diff, remove_from_diff_compare + ) + if diff: + before.append(every) + if self._task.args["state"] == "merged": + # Check for actual modification and if present fire + # the request over that integrity_monitoring_rules ID + each = utils.remove_empties( + utils.dict_merge(every, each) + ) + each = remove_get_keys_from_payload_dict( + each, remove_from_diff_compare + ) + changed = True + payload = map_params_to_obj( + each, self.key_transform + ) + response_code, api_response = conn_request.post( + "{0}/{1}".format(self.api_object, every.get("id")), + data=payload, + ) + self._check_for_response_code( + response_code, api_response + ) + after.append( + map_obj_to_params( + api_response, + self.key_transform, + self.api_return, + ) + ) + elif self._task.args["state"] == "replaced": + response_code, api_response = conn_request.delete( + "{0}/{1}".format(self.api_object, every.get("id")), + data=each, + ) + self._check_for_response_code( + response_code, api_response + ) + changed = True + payload = map_params_to_obj( + each, self.key_transform + ) + response_code, api_response = conn_request.post( + "{0}".format(self.api_object), data=payload + ) + self._check_for_response_code( + response_code, api_response + ) + after.append( + map_obj_to_params( + api_response, + self.key_transform, + self.api_return, + ) + ) + else: + before.append(every) + after.append(every) + temp_name.append(every["name"]) + else: + before.append(every) + after.append(every) + else: + changed = True + each = utils.remove_empties(each) + each = remove_get_keys_from_payload_dict( + each, get_supported_keys + ) + payload = map_params_to_obj(each, self.key_transform) + code, api_response = conn_request.post( + "{0}".format(self.api_object), data=payload + ) + self._check_for_response_code(code, api_response) + after.extend(before) + after.append( + map_obj_to_params( + api_response, self.key_transform, self.api_return + ) + ) + if not changed: + after = [] + config.update({"before": before, "after": after}) + + return config, changed + + def run(self, tmp=None, task_vars=None): + self._supports_check_mode = True + self._result = super(ActionModule, self).run(tmp, task_vars) + self._check_argspec() + if self._result.get("failed"): + return self._result + conn = Connection(self._connection.socket_path) + conn_request = DeepSecurityRequest( + connection=conn, task_vars=task_vars + ) + if self._task.args["state"] == "gathered": + if self._task.args.get("config"): + self._result["gathered"] = self.search_for_resource_name( + conn_request, self._task.args["config"] + ) + else: + self._result["gathered"] = conn_request.get(self.api_object) + self._result["changed"] = False + elif ( + self._task.args["state"] == "merged" + or self._task.args["state"] == "replaced" + ): + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + ) = self.configure_module_api( + conn_request, self._task.args["config"] + ) + elif self._task.args["state"] == "deleted": + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + ) = self.delete_module_api_config( + conn_request, self._task.args["config"] + ) + + return self._result diff --git a/plugins/action/deepsec_integrity_monitoring_rules.py b/plugins/action/deepsec_integrity_monitoring_rules.py new file mode 100644 index 0000000..f7ef160 --- /dev/null +++ b/plugins/action/deepsec_integrity_monitoring_rules.py @@ -0,0 +1,337 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +The module file for deepsec_integrity_monitoring_rules +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from ansible.plugins.action import ActionBase +from ansible.errors import AnsibleActionFail +from ansible.module_utils.connection import Connection + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) +from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( + DeepSecurityRequest, + map_obj_to_params, + map_params_to_obj, + remove_get_keys_from_payload_dict, +) +from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, +) +from ansible_collections.trendmicro.deepsec.plugins.modules.deepsec_integrity_monitoring_rules import ( + DOCUMENTATION, +) + + +class ActionModule(ActionBase): + """action module""" + + def __init__(self, *args, **kwargs): + super(ActionModule, self).__init__(*args, **kwargs) + self._result = None + self._supports_async = True + self.api_object = "/api/integritymonitoringrules" + self.api_object_search = "/api/integritymonitoringrules/search" + self.api_return = "integrityMonitoringRules" + self.module_return = "integrity_monitoring_rules" + self.key_transform = { + "id": "ID", + "minimum_agent_version": "minimumAgentVersion", + "minimum_manager_version": "minimumManagerVersion", + "original_issue": "originalIssue", + "last_updated": "lastUpdated", + "registry_key_root": "registryKeyRoot", + "registry_key_value": "registryKeyValue", + "registry_include_sub_keys": "registryIncludeSubKeys", + "registry_included_values": "registryIncludedValues", + "registry_include_default_value": "registryIncludeDefaultValue", + "registry_excluded_values": "registryExcludedValues", + "registry_attributes": "registryAttributes", + "file_base_directory": "fileBaseDirectory", + "file_include_sub_directories": "fileIncludeSubDirectories", + "file_included_values": "fileIncludedValues", + "file_excluded_values": "fileExcludedValues", + "file_attributes": "fileAttributes", + "custom_xml": "customXML", + "alert_enabled": "alertEnabled", + "real_time_monitoring_enabled": "realTimeMonitoringEnabled", + "recommendations_mode": "recommendationsMode", + } + + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=DOCUMENTATION, + schema_format="doc", + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + self._result["failed"] = True + self._result["msg"] = errors + + def _check_for_response_code(self, response_code, response): + if response_code >= 400: + if response.get("errors"): + raise AnsibleActionFail( + "Request failed with HTTPerror code: {0}, and with a response: {1}".format( + response_code, response["errors"] + ) + ) + elif response.get("message"): + raise AnsibleActionFail( + "Request failed with HTTPerror code: {0}, and with a response: {1}".format( + response_code, response["message"] + ) + ) + + def search_for_existing_rules(self, conn_request, search_payload=None): + code, resource_response = conn_request.post( + self.api_object_search, data=search_payload + ) + self._check_for_response_code(code, resource_response) + return resource_response + + def search_for_resource_name(self, conn_request, search_resource_by_names): + search_result = [] + if isinstance(search_resource_by_names, list): + for each in search_resource_by_names: + search_payload = { + "maxItems": 1, + "searchCriteria": [ + { + "fieldName": "name", + "stringTest": "equal", + "stringValue": each["name"], + } + ], + } + temp_search_response = self.search_for_existing_rules( + conn_request, search_payload + ) + if ( + temp_search_response.get("integrityMonitoringRules") + and temp_search_response["integrityMonitoringRules"] + ): + search_result.append( + map_obj_to_params( + temp_search_response["integrityMonitoringRules"][ + 0 + ], + self.key_transform, + self.api_return, + ) + ) + else: + search_payload = { + "maxItems": 1, + "searchCriteria": [ + { + "fieldName": "name", + "stringTest": "equal", + "stringValue": search_resource_by_names, + } + ], + } + search_result = self.search_for_existing_rules( + conn_request, search_payload + ) + + return search_result + + def delete_module_api_config(self, conn_request, module_config_params): + config = {} + before = [] + after = [] + changed = False + for each in module_config_params: + search_by_name = self.search_for_resource_name( + conn_request, each["name"] + ) + if search_by_name.get(self.api_return): + every = map_obj_to_params( + search_by_name[self.api_return][0], + self.key_transform, + self.api_return, + ) + before.append(every) + response_code, api_response = conn_request.delete( + "{0}/{1}".format(self.api_object, every["id"]), data=each + ) + self._check_for_response_code(response_code, api_response) + + changed = True + if api_response: + after.append( + map_obj_to_params( + api_response, self.key_transform, self.api_return + ) + ) + if changed: + config.update({"before": before, "after": after}) + else: + config.update({"before": before}) + return config, changed + + def configure_module_api(self, conn_request, module_config_params): + get_supported_keys = ["id", "identifier", "can_be_assigned_alone"] + config = {} + before = [] + after = [] + changed = False + remove_from_diff_compare = [ + "id", + "cvss_score", + "cve", + "can_be_assigned_alone", + "type", + ] + temp_name = [] + for each in module_config_params: + search_by_name = self.search_for_resource_name( + conn_request, each["name"] + ) + if search_by_name and search_by_name.get(self.api_return): + each_result = search_by_name[self.api_return] + for every in each_result: + every = map_obj_to_params( + every, self.key_transform, self.api_return + ) + if every["name"] == each["name"]: + each = utils.remove_empties(each) + diff = utils.dict_diff(every, each) + if diff: + diff = remove_get_keys_from_payload_dict( + diff, remove_from_diff_compare + ) + if diff: + before.append(every) + if self._task.args["state"] == "merged": + # Check for actual modification and if present fire + # the request over that integrity_monitoring_rules ID + each = utils.remove_empties( + utils.dict_merge(every, each) + ) + each = remove_get_keys_from_payload_dict( + each, remove_from_diff_compare + ) + changed = True + payload = map_params_to_obj( + each, self.key_transform + ) + response_code, api_response = conn_request.post( + "{0}/{1}".format(self.api_object, every["id"]), + data=payload, + ) + self._check_for_response_code( + response_code, api_response + ) + after.append( + map_obj_to_params( + api_response, + self.key_transform, + self.api_return, + ) + ) + elif self._task.args["state"] == "replaced": + response_code, api_response = conn_request.delete( + "{0}/{1}".format(self.api_object, every["id"]), + data=each, + ) + self._check_for_response_code( + response_code, api_response + ) + changed = True + payload = map_params_to_obj( + each, self.key_transform + ) + response_code, api_response = conn_request.post( + "{0}".format(self.api_object), data=payload + ) + self._check_for_response_code( + response_code, api_response + ) + after.append( + map_obj_to_params( + api_response, + self.key_transform, + self.api_return, + ) + ) + else: + before.append(every) + after.append(every) + temp_name.append(every["name"]) + else: + before.append(every) + after.append(every) + else: + changed = True + each = utils.remove_empties(each) + each = remove_get_keys_from_payload_dict( + each, get_supported_keys + ) + payload = map_params_to_obj(each, self.key_transform) + code, api_response = conn_request.post( + "{0}".format(self.api_object), data=payload + ) + self._check_for_response_code(code, api_response) + after.extend(before) + after.append( + map_obj_to_params( + api_response, self.key_transform, self.api_return + ) + ) + if not changed: + after = [] + config.update({"before": before, "after": after}) + + return config, changed + + def run(self, tmp=None, task_vars=None): + self._supports_check_mode = True + self._result = super(ActionModule, self).run(tmp, task_vars) + self._check_argspec() + self._result["changed"] = False + if self._result.get("failed"): + return self._result + conn = Connection(self._connection.socket_path) + conn_request = DeepSecurityRequest( + connection=conn, task_vars=task_vars + ) + if self._task.args["state"] == "gathered": + if self._task.args.get("config"): + self._result["gathered"] = self.search_for_resource_name( + conn_request, self._task.args["config"] + ) + else: + self._result["gathered"] = conn_request.get(self.api_object) + elif ( + self._task.args["state"] == "merged" + or self._task.args["state"] == "replaced" + ): + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + ) = self.configure_module_api( + conn_request, self._task.args["config"] + ) + elif self._task.args["state"] == "deleted": + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + ) = self.delete_module_api_config( + conn_request, self._task.args["config"] + ) + + return self._result diff --git a/plugins/action/deepsec_intrusion_prevention_rules.py b/plugins/action/deepsec_intrusion_prevention_rules.py new file mode 100644 index 0000000..36e6901 --- /dev/null +++ b/plugins/action/deepsec_intrusion_prevention_rules.py @@ -0,0 +1,364 @@ +# +# Copyright 2021 Red Hat Inc. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from ansible.plugins.action import ActionBase +from ansible.errors import AnsibleActionFail +from ansible.module_utils.connection import Connection + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) +from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( + DeepSecurityRequest, + map_obj_to_params, + map_params_to_obj, + remove_get_keys_from_payload_dict, +) +from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, +) +from ansible_collections.trendmicro.deepsec.plugins.modules.deepsec_intrusion_prevention_rules import ( + DOCUMENTATION, +) + + +class ActionModule(ActionBase): + """action module""" + + def __init__(self, *args, **kwargs): + super(ActionModule, self).__init__(*args, **kwargs) + self._result = None + self._supports_async = True + self.api_object = "/api/intrusionpreventionrules" + self.api_object_search = "/api/intrusionpreventionrules/search" + self.api_return = "intrusionPreventionRules" + self.module_return = "intrusion_prevention_rules" + self.key_transform = { + "id": "ID", + "minimum_agent_version": "minimumAgentVersion", + "application_type_id": "applicationTypeID", + "detect_only": "detectOnly", + "event_logging_disabled": "eventLoggingDisabled", + "generate_event_on_packet_drop": "generateEventOnPacketDrop", + "always_include_packet_data": "alwaysIncludePacketData", + "debug_mode_enabled": "debugModeEnabled", + "original_issue": "originalIssue", + "last_updated": "lastUpdated", + "can_be_assigned_alone": "canBeAssignedAlone", + "case_sensitive": "caseSensitive", + "custom_xml": "customXML", + "alert_enabled": "alertEnabled", + "schedule_id": "scheduleID", + "context_id": "contextID", + "recommendations_mode": "recommendationsMode", + "depends_on_rule_ids": "dependsOnRuleIDs", + "cvss_score": "CVSSScore", + "cve": "CVE", + } + + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=DOCUMENTATION, + schema_format="doc", + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + self._result["failed"] = True + self._result["msg"] = errors + + def _check_for_response_code(self, response_code, response): + if response_code >= 400: + if response.get("errors"): + raise AnsibleActionFail( + "Request failed with HTTPerror code: {0}, and with a response: {1}".format( + response_code, response["errors"] + ) + ) + elif response.get("message"): + raise AnsibleActionFail( + "Request failed with HTTPerror code: {0}, and with a response: {1}".format( + response_code, response["message"] + ) + ) + + def search_for_intrusion_prevention_rules( + self, deepsec_conn_request, search_payload=None + ): + code, ipr_response = deepsec_conn_request.post( + self.api_object_search, data=search_payload + ) + self._check_for_response_code(code, ipr_response) + return ipr_response + + def search_for_ipr_name(self, deepsec_conn_request, search_ipr_by_names): + search_result = [] + if isinstance(search_ipr_by_names, list): + for each in search_ipr_by_names: + search_payload = { + "maxItems": 1, + "searchCriteria": [ + { + "fieldName": "name", + "stringTest": "equal", + "stringValue": each["name"], + } + ], + } + temp_search_response = ( + self.search_for_intrusion_prevention_rules( + deepsec_conn_request, search_payload + ) + ) + if ( + temp_search_response.get("intrusionPreventionRules") + and temp_search_response["intrusionPreventionRules"] + ): + search_result.append( + map_obj_to_params( + temp_search_response["intrusionPreventionRules"][ + 0 + ], + self.key_transform, + self.api_return, + ) + ) + else: + search_payload = { + "maxItems": 1, + "searchCriteria": [ + { + "fieldName": "name", + "stringTest": "equal", + "stringValue": search_ipr_by_names, + } + ], + } + search_result = self.search_for_intrusion_prevention_rules( + deepsec_conn_request, search_payload + ) + + return search_result + + def delete_module_api_config( + self, deepsec_conn_request, module_config_params + ): + config = {} + before = [] + after = [] + changed = False + for each in module_config_params: + search_by_name = self.search_for_ipr_name( + deepsec_conn_request, each["name"] + ) + if search_by_name.get(self.api_return): + every = map_obj_to_params( + search_by_name[self.api_return][0], + self.key_transform, + self.api_return, + ) + before.append(every) + response_code, api_response = deepsec_conn_request.delete( + "{0}/{1}".format(self.api_object, every["id"]), data=each + ) + self._check_for_response_code(response_code, api_response) + + changed = True + if api_response: + after.append( + map_obj_to_params( + api_response, self.key_transform, self.api_return + ) + ) + if changed: + config.update({"before": before, "after": after}) + else: + config.update({"before": before}) + return config, changed + + def configure_module_api(self, deepsec_conn_request, module_config_params): + get_supported_keys = ["id", "identifier", "can_be_assigned_alone"] + config = {} + before = [] + after = [] + changed = False + remove_from_diff_compare = [ + "id", + "cvss_score", + "cve", + "can_be_assigned_alone", + "type", + ] + temp_name = [] + for each in module_config_params: + search_by_name = self.search_for_ipr_name( + deepsec_conn_request, each["name"] + ) + if search_by_name and search_by_name.get(self.api_return): + each_result = search_by_name[self.api_return] + for every in each_result: + every = map_obj_to_params( + every, self.key_transform, self.api_return + ) + if every["name"] == each["name"]: + each = utils.remove_empties(each) + diff = utils.dict_diff(every, each) + if diff: + diff = remove_get_keys_from_payload_dict( + diff, remove_from_diff_compare + ) + if diff: + before.append(every) + if self._task.args["state"] == "merged": + # Check for actual modification and if present fire + # the request over that IPR ID + each = utils.remove_empties( + utils.dict_merge(every, each) + ) + each = remove_get_keys_from_payload_dict( + each, remove_from_diff_compare + ) + changed = True + payload = map_params_to_obj( + each, self.key_transform + ) + ( + response_code, + api_response, + ) = deepsec_conn_request.post( + "{0}/{1}".format(self.api_object, every["id"]), + data=payload, + ) + self._check_for_response_code( + response_code, api_response + ) + after.append( + map_obj_to_params( + api_response, + self.key_transform, + self.api_return, + ) + ) + elif self._task.args["state"] == "replaced": + ( + response_code, + api_response, + ) = deepsec_conn_request.delete( + "{0}/{1}".format(self.api_object, every["id"]), + data=each, + ) + self._check_for_response_code( + response_code, api_response + ) + changed = True + payload = map_params_to_obj( + each, self.key_transform + ) + ( + response_code, + api_response, + ) = deepsec_conn_request.post( + "{0}".format(self.api_object), data=payload + ) + self._check_for_response_code( + response_code, api_response + ) + after.append( + map_obj_to_params( + api_response, + self.key_transform, + self.api_return, + ) + ) + else: + before.append(every) + after.append(every) + temp_name.append(every["name"]) + else: + before.append(every) + after.append(every) + else: + changed = True + each = utils.remove_empties(each) + each = remove_get_keys_from_payload_dict( + each, get_supported_keys + ) + payload = map_params_to_obj(each, self.key_transform) + code, api_response = deepsec_conn_request.post( + "{0}".format(self.api_object), data=payload + ) + self._check_for_response_code(code, api_response) + after.extend(before) + after.append( + map_obj_to_params( + api_response, self.key_transform, self.api_return + ) + ) + if not changed: + after = [] + config.update({"before": before, "after": after}) + + return config, changed + + def run(self, tmp=None, task_vars=None): + self._supports_check_mode = True + self._result = super(ActionModule, self).run(tmp, task_vars) + self._check_argspec() + if self._result.get("failed"): + return self._result + conn = Connection(self._connection.socket_path) + deepsec_conn_request = DeepSecurityRequest( + connection=conn, task_vars=task_vars + ) + if self._task.args["state"] == "gathered": + if self._task.args.get("config"): + self._result["gathered"] = self.search_for_ipr_name( + deepsec_conn_request, self._task.args["config"] + ) + else: + self._result["gathered"] = deepsec_conn_request.get( + self.api_object + ) + self._result["changed"] = False + elif ( + self._task.args["state"] == "merged" + or self._task.args["state"] == "replaced" + ): + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + ) = self.configure_module_api( + deepsec_conn_request, self._task.args["config"] + ) + elif self._task.args["state"] == "deleted": + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + ) = self.delete_module_api_config( + deepsec_conn_request, self._task.args["config"] + ) + + return self._result diff --git a/plugins/action/deepsec_log_inspection_rules.py b/plugins/action/deepsec_log_inspection_rules.py new file mode 100644 index 0000000..b6895b2 --- /dev/null +++ b/plugins/action/deepsec_log_inspection_rules.py @@ -0,0 +1,427 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +The module file for deepsec_log_inspection_rules +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from ansible.plugins.action import ActionBase +from ansible.errors import AnsibleActionFail +from ansible.module_utils.connection import Connection +from ansible.module_utils.six import iteritems +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) +from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( + DeepSecurityRequest, + map_obj_to_params, + map_params_to_obj, + remove_get_keys_from_payload_dict, +) +from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, +) +from ansible_collections.trendmicro.deepsec.plugins.modules.deepsec_log_inspection_rules import ( + DOCUMENTATION, +) + + +class ActionModule(ActionBase): + """action module""" + + def __init__(self, *args, **kwargs): + super(ActionModule, self).__init__(*args, **kwargs) + self._result = None + self._supports_async = True + self.api_object = "/api/loginspectionrules" + self.api_object_search = "/api/loginspectionrules/search" + self.api_return = "logInspectionRules" + self.module_return = "log_inspection_rules" + self.key_transform = { + "id": "ID", + "minimum_agent_version": "minimumAgentVersion", + "minimum_manager_version": "minimumManagerVersion", + "original_issue": "originalIssue", + "last_updated": "lastUpdated", + "rule_id": "ruleID", + "rule_description": "ruleDescription", + "pattern_type": "patternType", + "dependency_rule_id": "dependencyRuleID", + "dependency_group": "dependencyGroup", + "time_frame": "timeFrame", + "rule_xml": "ruleXML", + "alert_enabled": "alertEnabled", + "alert_minimum_severity": "alertMinimumSeverity", + "recommendations_mode": "recommendationsMode", + "sort_order": "sortOrder", + "can_be_assigned_alone": "canBeAssignedAlone", + "depends_onrule_id": "dependsOnRuleIDs", + } + + def log_files_fn(self, module_params): + temp_obj = {} + if module_params.get("log_files"): + temp_obj = { + "logFiles": module_params.get("log_files")["log_files"] + } + elif module_params.get("logFiles"): + temp_obj["log_files"] = module_params["logFiles"]["logFiles"] + return temp_obj + + def convert_list_to_dict(self, params, key, keys): + if isinstance(params[key], list): + temp = {} + temp[key] = {} + for each in params[key]: + each_key = "" + for every in keys: + each_key += each[every] + temp[key][each_key] = each + params[key] = temp[key] + return params + + def convert_dict_to_list(self, params, key, sub_key): + if isinstance(params[key][sub_key], dict): + temp = [] + for k, v in iteritems(params[key][sub_key]): + temp.append(v) + params[key][sub_key] = temp + return params + + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=DOCUMENTATION, + schema_format="doc", + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + self._result["failed"] = True + self._result["msg"] = errors + + def _check_for_response_code(self, response_code, response): + if response_code >= 400: + if response.get("errors"): + raise AnsibleActionFail( + "Request failed with HTTPerror code: {0}, and with a response: {1}".format( + response_code, response["errors"] + ) + ) + elif response.get("message"): + raise AnsibleActionFail( + "Request failed with HTTPerror code: {0}, and with a response: {1}".format( + response_code, response["message"] + ) + ) + + def search_for_existing_rules(self, conn_request, search_payload=None): + code, resource_response = conn_request.post( + self.api_object_search, data=search_payload + ) + self._check_for_response_code(code, resource_response) + return resource_response + + def search_for_resource_name(self, conn_request, search_resource_by_names): + search_result = [] + if isinstance(search_resource_by_names, list): + for each in search_resource_by_names: + search_payload = { + "maxItems": 1, + "searchCriteria": [ + { + "fieldName": "name", + "stringTest": "equal", + "stringValue": each["name"], + } + ], + } + temp_search_response = self.search_for_existing_rules( + conn_request, search_payload + ) + if ( + temp_search_response.get(self.api_return) + and temp_search_response[self.api_return] + ): + api_response = map_obj_to_params( + temp_search_response[self.api_return][0], + self.key_transform, + self.api_return, + ) + if api_response.get("logFiles"): + api_response["log_files"] = self.log_files_fn( + api_response + ) + api_response.pop("logFiles") + search_result.append(api_response) + else: + search_payload = { + "maxItems": 1, + "searchCriteria": [ + { + "fieldName": "name", + "stringTest": "equal", + "stringValue": search_resource_by_names, + } + ], + } + search_result = self.search_for_existing_rules( + conn_request, search_payload + ) + + return search_result + + def delete_module_api_config(self, conn_request, module_config_params): + config = {} + before = [] + after = [] + changed = False + for each in module_config_params: + search_by_name = self.search_for_resource_name( + conn_request, each["name"] + ) + if search_by_name.get(self.api_return): + every = map_obj_to_params( + search_by_name[self.api_return][0], + self.key_transform, + self.api_return, + ) + response_code, api_response = conn_request.delete( + "{0}/{1}".format(self.api_object, every["id"]), data=each + ) + if every.get("logFiles"): + every["log_files"] = self.log_files_fn(every) + every.pop("logFiles") + before.append(every) + self._check_for_response_code(response_code, api_response) + + changed = True + if api_response: + api_response = map_obj_to_params( + api_response, self.key_transform, self.api_return + ) + if api_response.get("logFiles"): + api_response["log_files"] = self.log_files_fn( + api_response + ) + api_response.pop("logFiles") + after.append(api_response) + if changed: + config.update({"before": before, "after": after}) + else: + config.update({"before": before}) + return config, changed + + def configure_module_api(self, conn_request, module_config_params): + get_supported_keys = ["id", "identifier", "can_be_assigned_alone"] + config = {} + before = [] + after = [] + changed = False + diff = None + # Add to the THIS list for the value which needs to be excluded + # from HAVE params when compared to WANT param like 'ID' can be + # part of HAVE param but may not be part of your WANT param + remove_from_diff_compare = ["id", "type"] + temp_name = [] + for each in module_config_params: + + search_by_name = self.search_for_resource_name( + conn_request, each["name"] + ) + if search_by_name and search_by_name.get(self.api_return): + each_result = search_by_name[self.api_return] + for every in each_result: + every = map_obj_to_params( + every, self.key_transform, self.api_return + ) + if every.get("logFiles"): + every["log_files"] = self.log_files_fn(every) + every["log_files"] = self.convert_list_to_dict( + every["log_files"], + "log_files", + ["format", "location"], + ) + every.pop("logFiles") + if each.get("log_files"): + each["log_files"] = self.convert_list_to_dict( + each["log_files"], + "log_files", + ["format", "location"], + ) + if every["name"] == each["name"]: + each = utils.remove_empties(each) + diff = utils.dict_diff(every, each) + if diff: + diff = remove_get_keys_from_payload_dict( + diff, remove_from_diff_compare + ) + if diff: + if self._task.args["state"] == "merged": + # Check for actual modification and if present fire + # the request over that integrity_monitoring_rules ID + each = utils.remove_empties( + utils.dict_merge(every, each) + ) + each = remove_get_keys_from_payload_dict( + each, remove_from_diff_compare + ) + changed = True + each = self.convert_dict_to_list( + each, "log_files", "log_files" + ) + payload = map_params_to_obj( + each, self.key_transform + ) + if payload.get("log_files"): + payload["logFiles"] = self.log_files_fn(each) + payload.pop("log_files") + response_code, api_response = conn_request.post( + "{0}/{1}".format(self.api_object, every["id"]), + data=payload, + ) + self._check_for_response_code( + response_code, api_response + ) + api_response = map_obj_to_params( + api_response, + self.key_transform, + self.api_return, + ) + if api_response.get("logFiles"): + api_response["log_files"] = self.log_files_fn( + api_response + ) + api_response.pop("logFiles") + after.append(api_response) + elif self._task.args["state"] == "replaced": + response_code, api_response = conn_request.delete( + "{0}/{1}".format(self.api_object, every["id"]), + data=every, + ) + self._check_for_response_code( + response_code, api_response + ) + changed = True + each = self.convert_dict_to_list( + each, "log_files", "log_files" + ) + payload = map_params_to_obj( + each, self.key_transform + ) + if payload.get("log_files"): + payload["logFiles"] = self.log_files_fn(each) + payload.pop("log_files") + response_code, api_response = conn_request.post( + "{0}".format(self.api_object), data=payload + ) + self._check_for_response_code( + response_code, api_response + ) + api_response = map_obj_to_params( + api_response, + self.key_transform, + self.api_return, + ) + if api_response.get("logFiles"): + api_response["log_files"] = self.log_files_fn( + api_response + ) + api_response.pop("logFiles") + after.append(api_response) + if every.get("log_files"): + every = self.convert_dict_to_list( + every, "log_files", "log_files" + ) + before.append(every) + else: + if every.get("logFiles"): + every["log_files"] = self.log_files_fn(every) + every.pop("logFiles") + every = self.convert_dict_to_list( + every, "log_files", "log_files" + ) + before.append(every) + after.append(every) + temp_name.append(every["name"]) + else: + if every.get("logFiles"): + every["log_files"] = self.log_files_fn(every) + every.pop("logFiles") + every = self.convert_dict_to_list( + every, "log_files", "log_files" + ) + before.append(every) + after.append(every) + else: + changed = True + each = utils.remove_empties(each) + each = remove_get_keys_from_payload_dict( + each, get_supported_keys + ) + if each.get("log_files"): + each["logFiles"] = self.log_files_fn(each) + each.pop("log_files") + payload = map_params_to_obj(each, self.key_transform) + code, api_response = conn_request.post( + "{0}".format(self.api_object), data=payload + ) + self._check_for_response_code(code, api_response) + after.extend(before) + api_response = map_obj_to_params( + api_response, self.key_transform, self.api_return + ) + if api_response.get("logFiles"): + api_response["log_files"] = self.log_files_fn(api_response) + api_response.pop("logFiles") + after.append(api_response) + if not changed: + after = [] + config.update({"before": before, "after": after}) + + return config, changed + + def run(self, tmp=None, task_vars=None): + self._supports_check_mode = True + self._result = super(ActionModule, self).run(tmp, task_vars) + self._check_argspec() + self._result["changed"] = False + if self._result.get("failed"): + return self._result + conn = Connection(self._connection.socket_path) + conn_request = DeepSecurityRequest( + connection=conn, task_vars=task_vars + ) + if self._task.args["state"] == "gathered": + if self._task.args.get("config"): + self._result["gathered"] = self.search_for_resource_name( + conn_request, self._task.args["config"] + ) + else: + self._result["gathered"] = conn_request.get(self.api_object) + elif ( + self._task.args["state"] == "merged" + or self._task.args["state"] == "replaced" + ): + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + ) = self.configure_module_api( + conn_request, self._task.args["config"] + ) + elif self._task.args["state"] == "deleted": + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + ) = self.delete_module_api_config( + conn_request, self._task.args["config"] + ) + + return self._result diff --git a/plugins/httpapi/deepsec.py b/plugins/httpapi/deepsec.py index d206cf9..1b85cd8 100644 --- a/plugins/httpapi/deepsec.py +++ b/plugins/httpapi/deepsec.py @@ -6,33 +6,33 @@ __metaclass__ = type DOCUMENTATION = """ ---- -author: Ansible Security Automation Team -httpapi: deepsec +author: Ansible Security Team (@ansible-security) +name: deepsec short_description: HttpApi Plugin for Trend Micro Deep Security description: - - This HttpApi plugin provides methods to connect to Trend Micro Deep Security - over a HTTP(S)-based api. -version_added: "2.9" +- This HttpApi plugin provides methods to connect to Trend Micro Deep Security over + a HTTP(S)-based api. +version_added: 1.0.0 """ import json from ansible.module_utils.basic import to_text, to_bytes from ansible.module_utils.six.moves.urllib.parse import urlencode -from ansible.errors import ( - AnsibleConnectionFailure, - AnsibleAuthenticationFailure, -) +from ansible.errors import AnsibleAuthenticationFailure from ansible.module_utils.six.moves.urllib.error import HTTPError -from ansible.plugins.httpapi import HttpApiBase -from ansible.module_utils.connection import ConnectionError +from ansible_collections.ansible.netcommon.plugins.plugin_utils.httpapi_base import ( + HttpApiBase, +) BASE_HEADERS = { "Content-Type": "application/json", "Accept": "application/json", } +LOGIN_URL = "/rest/authentication/login/primary" +LOGOUT_BY_ID = "/rest/authentication/logout?sID=" + class HttpApi(HttpApiBase): def send_request( @@ -93,7 +93,7 @@ def _response_to_json(self, response_text): return response_text def login(self, username, password): - login_path = "/rest/authentication/login/primary" + login_path = LOGIN_URL data = { "dsCredentials": { "password": to_text(password), @@ -103,13 +103,19 @@ def login(self, username, password): code, auth_token = self.send_request("POST", login_path, data=data) try: + if code >= 400 and isinstance(auth_token, dict): + raise AnsibleAuthenticationFailure( + message="{0} Failed to acquire login token.".format( + auth_token["error"].get("message") + ) + ) # This is still sent as an HTTP header, so we can set our connection's _auth # variable manually. If the token is returned to the device in another way, # you will have to keep track of it another way and make sure that it is sent # with the rest of the request from send_request() self.connection._auth = {"Cookie": "sID={0}".format(auth_token)} - # Have to carry this around because variuous Trend Micro Deepsecurity REST + # Have to carry this around because various Trend Micro Deepsecurity REST # API endpoints want the sID as a querystring parameter instead of honoring # the session Cookie self._auth_token = auth_token @@ -122,9 +128,8 @@ def logout(self): if self.connection._auth is not None: self.send_request( "DELETE", - "/rest/authentication/logout?sID={0}".format( - self.connection._auth["Cookie"].split("=")[-1] - ), + LOGOUT_BY_ID + + "{0}".format(self.connection._auth["Cookie"].split("=")[-1]), ) # Clean up tokens diff --git a/plugins/module_utils/deepsec.py b/plugins/module_utils/deepsec.py index 3242627..edb3052 100644 --- a/plugins/module_utils/deepsec.py +++ b/plugins/module_utils/deepsec.py @@ -7,13 +7,15 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -from ansible.module_utils.urls import CertificateError -from ansible.module_utils.six.moves.urllib.parse import urlencode, quote_plus +try: + from ssl import CertificateError +except ImportError: + from backports.ssl_match_hostname import CertificateError + from ansible.module_utils.connection import ConnectionError -from ansible.module_utils.six.moves.urllib.error import HTTPError from ansible.module_utils.connection import Connection from ansible.module_utils._text import to_text -import json +from ansible.module_utils.six import iteritems BASE_HEADERS = { "Content-Type": "application/json", @@ -39,10 +41,75 @@ def find_dict_in_list(some_list, key, value): return None +def remove_get_keys_from_payload_dict(payload_dict, remove_key_list): + for each_key in remove_key_list: + if each_key in payload_dict: + payload_dict.pop(each_key) + return payload_dict + + +def map_params_to_obj(module_params, key_transform): + """The fn to convert the api returned params to module params + :param module_params: Module params + :param key_transform: Dict with module equivalent API params + :rtype: A dict + :returns: dict with module prams transformed having API expected params + """ + obj = {} + for k, v in iteritems(key_transform): + if k in module_params and ( + module_params.get(k) + or module_params.get(k) == 0 + or module_params.get(k) is False + ): + obj[v] = module_params.pop(k) + if module_params: + obj.update(module_params) + return obj + + +def map_obj_to_params(module_return_params, key_transform, return_param): + """The fn to convert the api returned params to module params + :param module_return_params: API returned response params + :param key_transform: Module params + :rtype: A dict + :returns: dict with api returned value to module param value + """ + temp = {} + if module_return_params.get(return_param): + temp[return_param] = [] + for each in module_return_params[return_param]: + api_temp = {} + for k, v in iteritems(key_transform): + if v in each and ( + each.get(v) or each.get(v) == 0 or each.get(v) is False + ): + api_temp[k] = each.pop(v) + if each: + api_temp.update(each) + temp[return_param].append(api_temp) + else: + for k, v in iteritems(key_transform): + if v in module_return_params and ( + module_return_params.get(v) + or module_return_params.get(v) == 0 + or module_return_params.get(v) is False + ): + temp[k] = module_return_params.pop(v) + if module_return_params: + temp.update(module_return_params) + return temp + + def check_if_config_exists( - deepsec_request, config_name, api, api_search_result, field_name="name" + deepsec_request, + config_name, + api, + api_search_result, + field_name="name", + api_request="post", ): - """ The fn check if the config_name detect based on config + """The fn check if the config_name detect based on config :param deepsec_request: the objects from which the configuration should be read :param config_name: config_name rule with which config will be searched :param api: REST API for which search POST call is made @@ -61,43 +128,79 @@ def check_if_config_exists( temp_criteria["stringValue"] = config_name search_dict["searchCriteria"].append(temp_criteria) - search_result = deepsec_request.post( - "/api/{0}/search".format(api), data=search_dict - ) + if api_request == "get": + search_result = deepsec_request.get( + "/api/{0}/{1}".format(api, config_name) + ) + else: + search_result = deepsec_request.post( + "/api/{0}/search".format(api), data=search_dict + ) if search_result.get(api_search_result): return search_result[api_search_result][0] return search_result def delete_config_with_id( - module, deepsec_request, api, config_id, api_var, api_or_rest=True + module, + deepsec_request, + api, + config_id, + api_var, + api_or_rest=True, + handle_return=False, ): - """ The fn calls the delete API based on the config id - :param module: ansible module object + """The fn calls the delete API based on the config id :param deepsec_request: connection obj for TM :param config_id: config id for the config that's supposed to be deleted - :param api_var: api_var for the response statement :param api_or_rest: Fire request for legacy or latest API call value has dict as its value :rtype: A dict :returns: Based on API response this fn. exits with appropriate msg """ if api_or_rest: - deepsec_request.delete("/api/{0}/{1}".format(api, config_id)) + delete_return = deepsec_request.delete( + "/api/{0}/{1}".format(api, config_id) + ) else: - deepsec_request.delete("/rest/{0}/{1}".format(api, config_id)) - module.exit_json( - msg="{0} with id: {1} deleted successfully!".format( - api_var, config_id - ), - changed=True, - ) + delete_return = deepsec_request.delete( + "/rest/{0}/{1}".format(api, config_id) + ) + if handle_return: + module.exit_json( + msg="{0} with id: {1} deleted successfully!".format( + api_var, config_id + ), + changed=True, + ) + else: + return delete_return class DeepSecurityRequest(object): - def __init__(self, module, headers=None, not_rest_data_keys=None): + def __init__( + self, + module=None, + connection=None, + headers=None, + not_rest_data_keys=None, + task_vars=None, + ): self.module = module - self.connection = Connection(self.module._socket_path) + if module: + # This will be removed, once all of the available modules + # are moved to use action plugin design, as otherwise test + # would start to complain without the implementation. + self.connection = Connection(self.module._socket_path) + elif connection: + self.connection = connection + try: + self.connection.load_platform_plugins( + "trendmicro.deepsec.deepsec" + ) + self.connection.set_options(var_options=task_vars) + except ConnectionError: + raise # This allows us to exclude specific argspec keys from being included by # the rest data that don't follow the deepsec_* naming convention if not_rest_data_keys: @@ -110,7 +213,8 @@ def __init__(self, module, headers=None, not_rest_data_keys=None): def _httpapi_error_handle(self, method, uri, **kwargs): # FIXME - make use of handle_httperror(self, exception) where applicable # https://docs.ansible.com/ansible/latest/network/dev_guide/developing_plugins_network.html#developing-plugins-httpapi - + code = 99999 + response = {} try: code, response = self.connection.send_request( method, uri, **kwargs @@ -124,9 +228,19 @@ def _httpapi_error_handle(self, method, uri, **kwargs): msg="certificate error occurred: {0}".format(e) ) except ValueError as e: - self.module.fail_json(msg="certificate not found: {0}".format(e)) - - return response + try: + self.module.fail_json( + msg="certificate not found: {0}".format(e) + ) + except AttributeError: + pass + # This fn. will return both code and response, once all of the available modules + # are moved to use action plugin design, as otherwise test + # would start to complain without the implementation. + if self.module: + return response + else: + return code, response def get(self, url, **kwargs): return self._httpapi_error_handle("GET", url, **kwargs) diff --git a/plugins/modules/deepsec_anti_malware.py b/plugins/modules/deepsec_anti_malware.py new file mode 100644 index 0000000..3635907 --- /dev/null +++ b/plugins/modules/deepsec_anti_malware.py @@ -0,0 +1,405 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2020 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +DOCUMENTATION = """ +module: deepsec_anti_malware +short_description: Create a new antimalware under TrendMicro Deep Security Policy +description: +- This module creates a new antimalware under TrendMicro Deep Security +version_added: 1.0.0 +deprecated: + alternative: deepsec_anti_malwares + why: Newer and updated modules released with more functionality + removed_at_date: '2023-12-01' +options: + name: + description: Name of the anti-malware configuration. + required: true + type: str + description: + description: Description of the anti-malware configuration. + type: str + scan_type: + description: The type of malware scan configuration. + choices: [real-time, on-demand] + type: str + document_exploit_protection_enabled: + description: Controls whether to scan for known critical vulnerabilities. Use + true to enable scan. + type: bool + document_exploit_protection: + description: Scan for exploits against known critical vulnerabilities only. + choices: [critical-only, critical-and-heuristic] + type: str + document_exploit_heuristic_level: + description: Controls whether to scan for exploits of known critical vulnerabilites + as well as aggessively detect suspicious behaviour that could be an unknown + exploit. + choices: [default, default-and-agressive] + type: str + machine_learning_enabled: + description: Controls whether predictive machine learning is enabled. Set to true + to enable. + type: bool + behavior_monitoring_enabled: + description: Controls whether to detect suspicious activity and unauthorized changes + (including ransomware). Set to true to detect. + type: bool + document_recovery_enabled: + description: Controls whether to back up ransomware-encrypted files. Set to true + to back up. + type: bool + intelli_trap_enabled: + description: Controls whether IntelliTrap is enabled. Set to true to enable. + type: bool + memory_scan_enabled: + description: Controls whether to scan process memory for malware. Use true to + enable scan. + type: bool + spyware_enabled: + description: Controls whether to enable spyware/grayware protection. Set to true + to enable. + type: bool + alert_enabled: + description: Controls whether to create an alert when the Malware Scan Configuration + logs an event. Set to true to enable the alert. + type: bool + directories_to_scan: + description: Specify if the scan will be peformed on all the directories or on + a subset. + choices: [all-directories, directory-list] + type: str + directory_list_id: + description: ID of the directory list to scan. + type: int + files_to_scan: + description: Specify if scan will be performed on all files, a subset or by using + IntelliScan. + choices: [all-files, intelliscan-file-types, file-extension-list] + type: str + file_extension_list_id: + description: ID of the file extension list to scan. + type: int + excluded_directory_list_id: + description: ID of the directory list to exclude from the scan. + type: int + excluded_file_list_id: + description: ID of the file list to exclude from the scan. + type: int + excluded_file_extension_list_id: + description: ID of the file extension list to exclude from the scan. + type: int + excluded_process_image_file_list_id: + description: ID of the process image file list to exclude from the scan. + type: int + real_time_scan: + description: Specify when to perform the real-time scan. + choices: [read-only, write-only, read-write] + type: str + scan_compressed_enabled: + description: Controls whether to scan compressed files. Use true to enable scan. + type: bool + scan_compressed_maximum_size: + description: Maximum size of compressed files to scan, in MB. + type: int + scan_compressed_maximum_levels: + description: The maximum number of levels of compression to scan. + type: int + scan_compressed_maximum_files: + description: Maximum number of files to extract. + type: int + microsoft_office_enabled: + description: Controls whether to scan Embedded Microsoft Office Objects. Use true + to enable scan. + type: bool + microsoft_office_layers: + description: Number of Microsoft Object Linking and Embedding (OLE) Layers to + scan. + type: int + network_directories_enabled: + description: Controls whether to scan network directories. Set to true to enable. + type: bool + custom_remediation_actions_enabled: + description: Controls whether to use the action ActiveActions recommends when + malware is detected. Set to true to use the action ActiveAction recommends. + type: bool + custom_scan_actions_enabled: + description: Controls whether to use custom actions. Use true to enable custom + actions. + type: bool + scan_action_for_virus: + description: The action to perform when a virus is detected. + choices: [pass, delete, quarantine, clean, deny-access] + type: str + scan_action_for_trojans: + description: The action to perform when a trojan is detected. + choices: [pass, delete, quarantine, deny-access] + type: str + scan_action_for_packer: + description: The action to perform when a packer is detected. + choices: [pass, delete, quarantine, deny-access] + type: str + scan_action_for_spyware: + description: The action to perform when spyware is detected. + choices: [pass, delete, quarantine, deny-access] + type: str + scan_action_for_other_threats: + description: The action to take when other threats are detected. + choices: [pass, delete, quarantine, clean, deny-access] + type: str + scan_action_for_cookies: + description: The action to take when cookies are detected. + choices: [pass, delete] + type: str + scan_action_for_cve: + description: The action to take when a CVE exploit is detected. + choices: [pass, delete, quarantine, deny-access] + type: str + scan_action_for_heuristics: + description: The action to take when malware identified with heuristics are detected. + choices: [pass, delete, quarantine, deny-access] + type: str + scan_action_for_possible_malware: + description: The action to take when possible malware is detected. + choices: [active-action, pass, delete, quarantine, deny-access] + type: str + cpu_usage: + description: CPU usage. + choices: [low, medium, high] + type: str + state: + description: + - The state the configuration should be left in + type: str + choices: + - present + - absent + default: present +author: Ansible Security Automation Team (@justjais) " +""" + +EXAMPLES = """ +- name: Create/Config a new Anti Malware config + trendmicro.deepsec.deepsec_anti_malware: + name: test_malware + description: test malware config + scan_action_for_virus: pass + alert_enabled: true + scan_type: real-time + real_time_scan: read-write + cpu_usage: low + state: present +- name: Delete/Remove the existing Anti Malware Config + trendmicro.deepsec.deepsec_anti_malware: + state: absent + name: test_malware +""" + +from ansible.module_utils.six import iteritems +from ansible.module_utils.basic import AnsibleModule + +from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( + DeepSecurityRequest, + check_if_config_exists, + delete_config_with_id, +) +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( + remove_empties, +) + +key_transform = { + "scan_type": "scanType", + "document_exploit_protection_enabled": "documentExploitProtectionEnabled", + "document_exploit_protection": "documentExploitProtection", + "document_exploit_heuristic_level": "documentExploitHeuristicLevel", + "machine_learning_enabled": "machineLearningEnabled", + "behavior_monitoring_enabled": "behaviorMonitoringEnabled", + "document_recovery_enabled": "documentRecoveryEnabled", + "intelli_trap_enabled": "intelliTrapEnabled", + "memory_scan_enabled": "memoryScanEnabled", + "spyware_enabled": "spywareEnabled", + "alert_enabled": "alertEnabled", + "directories_to_scan": "directoriesToScan", + "directory_list_id": "directoryListID", + "files_to_scan": "filesToScan", + "excluded_directory_list_id": "excludedDirectoryListID", + "excluded_file_list_id": "excludedFileListID", + "excluded_file_extension_list_id": "fileExtensionListID", + "excluded_process_image_file_list_id": "excludedProcessImageFileListID", + "real_time_scan": "realTimeScan", + "scan_compressed_enabled": "scanCompressedEnabled", + "scan_compressed_maximum_size": "scanCompressedMaximumSize", + "scan_compressed_maximum_levels": "scanCompressedMaximumLevels", + "scan_compressed_maximum_files": "scanCompressedMaximumFiles", + "microsoft_office_enabled": "microsoftOfficeEnabled", + "microsoft_office_layers": "microsoftOfficeLayers", + "network_directories_enabled": "networkDirectoriesEnabled", + "custom_remediation_actions_enabled": "customRemediationActionsEnabled", + "custom_scan_actions_enabled": "customScanActionsEnabled", + "scan_action_for_virus": "scanActionForVirus", + "scan_action_for_trojans": "scanActionForTrojans", + "scan_action_for_packer": "scanActionForPacker", + "scan_action_for_spyware": "scanActionForSpyware", + "scan_action_for_other_threats": "scanActionForOtherThreats", + "scan_action_for_cookies": "scanActionForCookies", + "scan_action_for_cve": "scanActionForCVE", + "scan_action_for_heuristics": "scanActionForHeuristics", + "scan_action_for_possible_malware": "scanActionForPossibleMalware", + "cpu_usage": "cpuUsage", +} + + +def map_params_to_obj(module_params): + obj = {} + obj["name"] = module_params["name"] + if module_params.get("description"): + obj["description"] = module_params.get("description") + for k, v in iteritems(key_transform): + if module_params.get(k): + obj[v] = module_params.get(k) + return obj + + +def main(): + + argspec = dict( + state=dict(choices=["present", "absent"], default="present"), + name=dict(required=True, type="str"), + description=dict(type="str"), + scan_type=dict(type="str", choices=["real-time", "on-demand"]), + document_exploit_protection_enabled=dict(type="bool"), + document_exploit_protection=dict( + type="str", choices=["critical-only", "critical-and-heuristic"] + ), + document_exploit_heuristic_level=dict( + type="str", choices=["default", "default-and-agressive"] + ), + machine_learning_enabled=dict(type="bool"), + behavior_monitoring_enabled=dict(type="bool"), + document_recovery_enabled=dict(type="bool"), + intelli_trap_enabled=dict(type="bool"), + memory_scan_enabled=dict(type="bool"), + spyware_enabled=dict(type="bool"), + alert_enabled=dict(type="bool"), + directories_to_scan=dict( + type="str", choices=["all-directories", "directory-list"] + ), + directory_list_id=dict(type="int"), + files_to_scan=dict( + type="str", + choices=[ + "all-files", + "intelliscan-file-types", + "file-extension-list", + ], + ), + file_extension_list_id=dict(type="int"), + excluded_directory_list_id=dict(type="int"), + excluded_file_list_id=dict(type="int"), + excluded_file_extension_list_id=dict(type="int"), + excluded_process_image_file_list_id=dict(type="int"), + real_time_scan=dict( + type="str", choices=["read-only", "write-only", "read-write"] + ), + scan_compressed_enabled=dict(type="bool"), + scan_compressed_maximum_size=dict(type="int"), + scan_compressed_maximum_levels=dict(type="int"), + scan_compressed_maximum_files=dict(type="int"), + microsoft_office_enabled=dict(type="bool"), + microsoft_office_layers=dict(type="int"), + network_directories_enabled=dict(type="bool"), + custom_remediation_actions_enabled=dict(type="bool"), + custom_scan_actions_enabled=dict(type="bool"), + scan_action_for_virus=dict( + type="str", + choices=["pass", "delete", "quarantine", "clean", "deny-access"], + ), + scan_action_for_trojans=dict( + type="str", choices=["pass", "delete", "quarantine", "deny-access"] + ), + scan_action_for_packer=dict( + type="str", choices=["pass", "delete", "quarantine", "deny-access"] + ), + scan_action_for_spyware=dict( + type="str", choices=["pass", "delete", "quarantine", "deny-access"] + ), + scan_action_for_other_threats=dict( + type="str", + choices=["pass", "delete", "quarantine", "clean", "deny-access"], + ), + scan_action_for_cookies=dict(type="str", choices=["pass", "delete"]), + scan_action_for_cve=dict( + type="str", choices=["pass", "delete", "quarantine", "deny-access"] + ), + scan_action_for_heuristics=dict( + type="str", choices=["pass", "delete", "quarantine", "deny-access"] + ), + scan_action_for_possible_malware=dict( + type="str", + choices=[ + "active-action", + "pass", + "delete", + "quarantine", + "deny-access", + ], + ), + cpu_usage=dict(type="str", choices=["low", "medium", "high"]), + ) + + module = AnsibleModule(argument_spec=argspec, supports_check_mode=True) + deepsec_request = DeepSecurityRequest(module) + want = map_params_to_obj(remove_empties(module.params)) + # Search for existing Anti Malware config via Get call + search_existing_anti_malware_config = check_if_config_exists( + deepsec_request, + want["name"], + "antimalwareconfigurations", + "antiMalwareConfigurations", + ) + + if ( + "ID" in search_existing_anti_malware_config + and module.params["state"] == "absent" + ): + delete_config_with_id( + module, + deepsec_request, + "antimalwareconfigurations", + search_existing_anti_malware_config["ID"], + "antiMalwareConfigurations", + handle_return=True, + ) + elif ( + "ID" not in search_existing_anti_malware_config + and module.params["state"] == "absent" + ): + module.exit_json(changed=False) + else: + anti_malware_config = deepsec_request.post( + "/api/antimalwareconfigurations", data=want + ) + if "ID" in search_existing_anti_malware_config: + module.exit_json( + anti_malware_config=search_existing_anti_malware_config, + changed=False, + ) + elif anti_malware_config.get("message"): + module.fail_json(msg=anti_malware_config["message"]) + else: + module.exit_json( + anti_malware_config=anti_malware_config, changed=True + ) + module.exit_json(changed=False) + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/deepsec_anti_malwares.py b/plugins/modules/deepsec_anti_malwares.py new file mode 100644 index 0000000..78342fa --- /dev/null +++ b/plugins/modules/deepsec_anti_malwares.py @@ -0,0 +1,621 @@ +#!/usr/bin/python +# Copyright: Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = """ +module: deepsec_anti_malwares +short_description: Manages AntiMalware Rule resource module +description: Configure protection against malware, viruses, trojans and spyware. +version_added: 1.2.0 +options: + config: + description: A dictionary of AntiMalware Rule Rules options + type: list + elements: dict + suboptions: + name: + description: Name of the anti-malware configuration. Searchable as String. + type: str + description: + description: Description of the anti-malware configuration. Searchable as + String. + type: str + scan_type: + description: The type of malware scan configuration. Searchable as Choice. + type: str + choices: + - real-time + - on-demand + document_exploit_protection_enabled: + description: Controls whether to scan for known critical vulnerabilities. + Use true to enable scan. + type: bool + document_exploit_protection: + description: Scan for exploits against known critical vulnerabilities only. + Searchable as Choice. + type: str + choices: + - critical-only + - critical-and-heuristic + document_exploit_heuristic_level: + description: Controls whether to scan for exploits of known critical vulnerabilites + as well as aggessively detect suspicious behaviour that could be an unknown + exploit. Searchable as Choice. + type: str + choices: + - default + - default-and-agressive + - LEVEL_THREE + - LEVEL_FOUR + machine_learning_enabled: + description: Controls whether predictive machine learning is enabled. Set + to true to enable. Searchable as Boolean. + type: bool + behavior_monitoring_enabled: + description: Controls whether to detect suspicious activity and unauthorized + changes (including ransomware). Set to true to detect. + type: bool + document_recovery_enabled: + description: Controls whether to back up ransomware-encrypted files. Set to + true to back up. Searchable as Boolean. + type: bool + intelli_trap_enabled: + description: Controls whether IntelliTrap is enabled. Set to true to enable. + Searchable as Boolean. + type: bool + memory_scan_enabled: + description: Controls whether to scan process memory for malware. Use true + to enable scan. Searchable as Boolean. + type: bool + spyware_enabled: + description: Controls whether to enable spyware/grayware protection. Set to + true to enable. Searchable as Boolean. + type: bool + alert_enabled: + description: Controls whether to create an alert when the Malware Scan Configuration + logs an event. Set to true to enable the alert. Searchable as Boolean. + type: bool + directories_to_scan: + description: Specify if the scan will be peformed on all the directories or + on a subset. Searchable as Choice. + type: str + choices: + - all-directories + - directory-list + directory_list_id: + description: ID of the directory list to scan. Set to 0 to remove any assignment. + Searchable as Numeric. + type: int + files_to_scan: + description: Specify if scan will be performed on all files, a subset or by + using IntelliScan. Searchable as Choice. + type: str + choices: + - all-files + - intelliscan-file-types + - file-extension-list + file_extension_list_id: + description: ID of the file extension list to scan. Set to 0 to remove any + assignment. Searchable as Numeric. + type: int + excluded_directory_list_id: + description: ID of the directory list to exclude from the scan. Set to 0 to + remove any assignment. Searchable as Numeric. + type: int + excluded_file_list_id: + description: ID of the file list to exclude from the scan. Set to 0 to remove + any assignment. Searchable as Numeric. + type: int + excluded_file_extension_list_id: + description: ID of the file extension list to exclude from the scan. Set to + 0 to remove any assignment. Searchable as Numeric. + type: int + excluded_process_image_file_list_id: + description: ID of the process image file list to exclude from the scan. Set + to 0 to remove any assignment. Searchable as Numeric. + type: int + real_time_scan: + description: Specify when to perform the real-time scan. Searchable as Choice. + type: str + choices: + - read-only + - write-only + - read-write + scan_compressed_enabled: + description: Controls whether to scan compressed files. Use true to enable + scan. Searchable as Boolean. + type: bool + scan_compressed_maximum_size: + description: Maximum size of compressed files to scan, in MB. Searchable as + Numeric. + type: int + scan_compressed_maximum_levels: + description: The maximum number of levels of compression to scan. Searchable + as Numeric. + type: int + scan_compressed_maximum_files: + description: Maximum number of files to extract. Searchable as Numeric. + type: int + microsoft_office_enabled: + description: Controls whether to scan Embedded Microsoft Office Objects. Use + true to enable scan. Searchable as Boolean. + type: bool + microsoft_office_layers: + description: Number of Microsoft Object Linking and Embedding (OLE) Layers + to scan. Searchable as Numeric. + type: int + network_directories_enabled: + description: Controls whether to scan network directories. Set to true to + enable. Searchable as Boolean. + type: bool + custom_remediation_actions_enabled: + description: Controls whether to use the action ActiveActions recommends when + malware is detected. Set to true to use the action ActiveAction recommends. + type: bool + custom_scan_actions_enabled: + description: Controls whether to use custom actions. Use true to enable custom + actions. Available when 'customRemediationActionsEnabled' is true. + type: bool + scan_action_for_virus: + description: The action to perform when a virus is detected. Searchable as + Choice. Available when 'customScanActionsEnabled' is true. + type: str + choices: + - pass + - delete + - quarantine + - clean + - deny-access + scan_action_for_trojans: + description: The action to perform when a trojan is detected. Searchable as + Choice. Available when 'customScanActionsEnabled' is true. + type: str + choices: + - pass + - delete + - quarantine + - deny-access + scan_action_for_packer: + description: The action to perform when a packer is detected. Searchable as + Choice. Available when 'customScanActionsEnabled' is true. + type: str + choices: + - pass + - delete + - quarantine + - deny-access + scan_action_for_spyware: + description: The action to perform when spyware is detected. Searchable as + Choice. Available when 'customScanActionsEnabled' is true. + type: str + choices: + - pass + - delete + - quarantine + - deny-access + scan_action_for_other_threats: + description: The action to take when other threats are detected. Searchable + as Choice. Available when 'customScanActionsEnabled' is true. + type: str + choices: + - pass + - delete + - quarantine + - clean + - deny-access + scan_action_for_cookies: + description: The action to take when cookies are detected. Searchable as Choice. + Available when 'customScanActionsEnabled' is true. + type: str + choices: + - pass + - delete + scan_action_for_cve: + description: The action to take when a CVE exploit is detected. Searchable + as Choice. Available when 'customScanActionsEnabled' is true. + type: str + choices: + - pass + - delete + - quarantine + - deny-access + scan_action_for_heuristics: + description: The action to take when malware identified with heuristics are + detected. Searchable as Choice. Available when 'customScanActionsEnabled' + is true. + type: str + choices: + - pass + - delete + - quarantine + - deny-access + scan_action_for_possible_malware: + description: The action to take when possible malware is detected. Searchable + as Choice. Available when 'customRemediationActionsEnabled' is true. + type: str + choices: + - active-action + - pass + - delete + - quarantine + - deny-access + amsi_scan_enabled: + description: Controls whether Windows Antimalware Scan Interface (AMSI) protection + is enabled. Set to true to enable. + type: bool + scan_action_for_behavior_monitoring: + description: The action to take when suspicious activity and unauthorized + changes are detected. Searchable as Choice. Available when 'behaviorMonitoringEnabled' + is true. + type: str + choices: + - active-action + - pass + scan_action_for_machine_learning: + description: The action to take when malware identified with machine learning + is detected. Searchable as Choice. Available when 'machineLearningEnabled' + is true. + type: str + choices: + - pass + - delete + - quarantine + id: + description: ID of the anti-malware configuration. This ID is set automatically. + Searchable as ID. + type: int + cpu_usage: + description: CPU usage + type: str + choices: + - low + - medium + - high + state: + description: + - The state the configuration should be left in + - The state I(gathered) will get the module API configuration from the device + and transform it into structured data in the format as per the module argspec + and the value is returned in the I(gathered) key within the result. + type: str + choices: + - merged + - replaced + - gathered + - deleted + +author: Ansible Security Automation Team (@justjais) +""" + +EXAMPLES = """ + +# Using MERGED state +# ------------------- + +- name: Create AntiMalware Rules + trendmicro.deepsec.deepsec_anti_malwares: + state: merged + config: + - name: test_malware_1 + description: test malware 1 description + scan_action_for_virus: pass + alert_enabled: true + scan_type: on-demand + real_time_scan: read-only + cpu_usage: medium + - name: test_malware_2 + description: test malware 2 description + scan_action_for_virus: pass + alert_enabled: true + scan_type: real-time + real_time_scan: read-write + cpu_usage: low + +# RUN output: +# ----------- + +# anti_malwares: +# after: +# - alert_enabled: true +# cpu_usage: medium +# custom_remediation_actions_enabled: false +# description: test malware 1 description +# directories_to_scan: all-directories +# document_exploit_heuristic_level: default +# document_exploit_protection: critical-only +# document_exploit_protection_enabled: true +# files_to_scan: all-files +# id: 49 +# microsoft_office_enabled: true +# microsoft_office_layers: 3 +# name: test_malware_1 +# scan_compressed_enabled: false +# scan_type: on-demand +# spyware_enabled: true +# - alert_enabled: true +# amsi_scan_enabled: true +# behavior_monitoring_enabled: false +# custom_remediation_actions_enabled: false +# description: test malware 2 description +# directories_to_scan: all-directories +# document_exploit_heuristic_level: default +# document_exploit_protection: critical-only +# document_exploit_protection_enabled: true +# files_to_scan: all-files +# id: 50 +# intelli_trap_enabled: false +# machine_learning_enabled: true +# memory_scan_enabled: false +# microsoft_office_enabled: true +# microsoft_office_layers: 3 +# name: test_malware_2 +# network_directories_enabled: false +# real_time_scan: read-write +# scan_action_for_machine_learning: pass +# scan_compressed_enabled: false +# scan_type: real-time +# spyware_enabled: true +# before: [] + +- name: Modify existing AntiMalware Rules + trendmicro.deepsec.deepsec_anti_malwares: + state: merged + config: + - name: test_malware_2 + description: UPDATE test malware 2 description + files_to_scan: intelliscan-file-types + +# RUN output: +# ----------- + +# anti_malwares: +# after: +# - alert_enabled: true +# amsi_scan_enabled: true +# behavior_monitoring_enabled: false +# custom_remediation_actions_enabled: false +# description: UPDATE test malware 2 description +# directories_to_scan: all-directories +# document_exploit_heuristic_level: default +# document_exploit_protection: critical-only +# document_exploit_protection_enabled: true +# files_to_scan: intelliscan-file-types +# id: 50 +# intelli_trap_enabled: false +# machine_learning_enabled: true +# memory_scan_enabled: false +# microsoft_office_enabled: true +# microsoft_office_layers: 3 +# name: test_malware_2 +# network_directories_enabled: false +# real_time_scan: read-write +# scan_action_for_machine_learning: pass +# scan_compressed_enabled: false +# scan_type: real-time +# spyware_enabled: true +# before: +# - alert_enabled: true +# amsi_scan_enabled: true +# behavior_monitoring_enabled: false +# custom_remediation_actions_enabled: false +# description: test malware 2 description +# directories_to_scan: all-directories +# document_exploit_heuristic_level: default +# document_exploit_protection: critical-only +# document_exploit_protection_enabled: true +# files_to_scan: all-files +# id: 50 +# intelli_trap_enabled: false +# machine_learning_enabled: true +# memory_scan_enabled: false +# microsoft_office_enabled: true +# microsoft_office_layers: 3 +# name: test_malware_2 +# network_directories_enabled: false +# real_time_scan: read-write +# scan_action_for_machine_learning: pass +# scan_compressed_enabled: false +# scan_type: real-time +# spyware_enabled: true + +# Using REPLACED state +# -------------------- + +- name: Replaced AntiMalware Rules + trendmicro.deepsec.deepsec_anti_malwares: + state: replaced + config: + - name: test_malware_2 + description: REPLACE test malware 2 description + scan_action_for_virus: quarantine + alert_enabled: true + files_to_scan: intelliscan-file-types + scan_type: real-time + real_time_scan: read-only + cpu_usage: medium + +# RUN output: +# ----------- + +# anti_malwares: +# after: +# - alert_enabled: true +# amsi_scan_enabled: true +# behavior_monitoring_enabled: false +# custom_remediation_actions_enabled: false +# description: REPLACE test malware 2 description +# directories_to_scan: all-directories +# document_exploit_heuristic_level: default +# document_exploit_protection: critical-only +# document_exploit_protection_enabled: true +# files_to_scan: intelliscan-file-types +# id: 51 +# intelli_trap_enabled: false +# machine_learning_enabled: true +# memory_scan_enabled: false +# microsoft_office_enabled: true +# microsoft_office_layers: 3 +# name: test_malware_2 +# network_directories_enabled: false +# real_time_scan: read-only +# scan_action_for_machine_learning: pass +# scan_compressed_enabled: false +# scan_type: real-time +# spyware_enabled: true +# before: +# - alert_enabled: true +# amsi_scan_enabled: true +# behavior_monitoring_enabled: false +# custom_remediation_actions_enabled: false +# description: UPDATE test malware 2 description +# directories_to_scan: all-directories +# document_exploit_heuristic_level: default +# document_exploit_protection: critical-only +# document_exploit_protection_enabled: true +# files_to_scan: intelliscan-file-types +# id: 50 +# intelli_trap_enabled: false +# machine_learning_enabled: true +# memory_scan_enabled: false +# microsoft_office_enabled: true +# microsoft_office_layers: 3 +# name: test_malware_2 +# network_directories_enabled: false +# real_time_scan: read-write +# scan_action_for_machine_learning: pass +# scan_compressed_enabled: false +# scan_type: real-time +# spyware_enabled: true + +# Using GATHERED state +# -------------------- + +- name: Gather AntiMalware Rules by AntiMalware names + trendmicro.deepsec.deepsec_anti_malwares: + state: gathered + config: + - name: test_malware_1 + - name: test_malware_2 + +# RUN output: +# ----------- + +# gathered: +# - alert_enabled: true +# cpu_usage: medium +# custom_remediation_actions_enabled: false +# description: test malware 1 description +# directories_to_scan: all-directories +# document_exploit_heuristic_level: default +# document_exploit_protection: critical-only +# document_exploit_protection_enabled: true +# files_to_scan: all-files +# id: 49 +# microsoft_office_enabled: true +# microsoft_office_layers: 3 +# name: test_malware_1 +# scan_compressed_enabled: false +# scan_type: on-demand +# spyware_enabled: true +# - alert_enabled: true +# amsi_scan_enabled: true +# behavior_monitoring_enabled: false +# custom_remediation_actions_enabled: false +# description: test malware 2 description +# directories_to_scan: all-directories +# document_exploit_heuristic_level: default +# document_exploit_protection: critical-only +# document_exploit_protection_enabled: true +# files_to_scan: intelliscan-file-types +# id: 51 +# intelli_trap_enabled: false +# machine_learning_enabled: true +# memory_scan_enabled: false +# microsoft_office_enabled: true +# microsoft_office_layers: 3 +# name: test_malware_2 +# network_directories_enabled: false +# real_time_scan: read-only +# scan_action_for_machine_learning: pass +# scan_compressed_enabled: false +# scan_type: real-time +# spyware_enabled: true + +- name: Gather ALL of the AntiMalware Rules + trendmicro.deepsec.deepsec_anti_malwares: + state: gathered + +# Using DELETED state +# ------------------- + +- name: Delete AntiMalware Rules + trendmicro.deepsec.deepsec_anti_malwares: + state: deleted + config: + - name: test_malware_1 + - name: test_malware_2 + +# RUN output: +# ----------- + +# anti_malwares: +# after: [] +# before: +# - alert_enabled: true +# cpu_usage: medium +# custom_remediation_actions_enabled: false +# description: test malware 1 description +# directories_to_scan: all-directories +# document_exploit_heuristic_level: default +# document_exploit_protection: critical-only +# document_exploit_protection_enabled: true +# files_to_scan: all-files +# id: 49 +# microsoft_office_enabled: true +# microsoft_office_layers: 3 +# name: test_malware_1 +# scan_compressed_enabled: false +# scan_type: on-demand +# spyware_enabled: true +# - alert_enabled: true +# amsi_scan_enabled: true +# behavior_monitoring_enabled: false +# custom_remediation_actions_enabled: false +# description: test malware 2 description +# directories_to_scan: all-directories +# document_exploit_heuristic_level: default +# document_exploit_protection: critical-only +# document_exploit_protection_enabled: true +# files_to_scan: intelliscan-file-types +# id: 51 +# intelli_trap_enabled: false +# machine_learning_enabled: true +# memory_scan_enabled: false +# microsoft_office_enabled: true +# microsoft_office_layers: 3 +# name: test_malware_2 +# network_directories_enabled: false +# real_time_scan: read-only +# scan_action_for_machine_learning: pass +# scan_compressed_enabled: false +# scan_type: real-time +# spyware_enabled: true + +""" + +RETURN = """ +before: + description: The configuration as structured data prior to module invocation. + returned: always + type: list + sample: The configuration returned will always be in the same format of the parameters above. +after: + description: The configuration as structured data after module completion. + returned: when changed + type: list + sample: The configuration returned will always be in the same format of the parameters above. +""" diff --git a/plugins/modules/deepsec_apikey.py b/plugins/modules/deepsec_apikey.py new file mode 100644 index 0000000..28a7769 --- /dev/null +++ b/plugins/modules/deepsec_apikey.py @@ -0,0 +1,343 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = """ +module: deepsec_apikey +short_description: Create a new and manage API Keys. +description: +- This module create and manages API key under TrendMicro Deep Security. +version_added: 1.0.0 +options: + api_keys: + description: List of API keys that needs to be configured + type: list + elements: dict + suboptions: + key_name: + description: Display name of the APIKey. + type: str + id: + description: The ID number of the API key to modify. Required when modifying + the API key + type: str + description: + description: Description of the APIKey. + type: str + locale: + description: Country and language for the APIKey. + choices: [en-US, ja-JP] + type: str + role_id: + description: ID of the role assigned to the APIKey. + type: int + time_zone: + description: Display name of the APIKey's time zone, e.g. America/New_York. + type: str + active: + description: If true, the APIKey can be used to authenticate. If false, the + APIKey is locked out. + type: bool + created: + description: Timestamp of the APIKey's creation, in milliseconds since epoch. + type: int + last_sign_in: + description: Timestamp of the APIKey's last successful authentication, in + milliseconds since epoch. + type: int + unlock_time: + description: Timestamp of when a locked out APIKey will be unlocked, in milliseconds + since epoch. + type: int + unsuccessful_sign_in_attempts: + description: Number of unsuccessful authentication attempts made since the + last successful authentication. + type: int + expiry_date: + description: Timestamp of the APIKey's expiry date, in milliseconds since + epoch. + type: int + secret_key: + description: + - Secret key used to authenticate API requests. Only returned when creating + a new APIKey or regenerating the secret key. + - With secret key generation as everytime request is fired it'll try to create + a new secret key, so with secret key idempotency will not be maintained + type: str + service_account: + description: + - If true, the APIKey was created by the primary tenant (T0) to authenticate + API calls against other tenants' databases. + - Valid param only with secret_key. + type: bool + current: + description: + - If true, generates a new secret key for the current API key. + - Valid param only with secret_key. + type: bool + state: + description: + - The state the configuration should be left in + - The state I(gathered) will get the module API configuration from the device + and transform it into structured data in the format as per the module argspec + and the value is returned in the I(gathered) key within the result. + type: str + choices: + - present + - absent + - gathered + default: present +author: Ansible Security Automation Team (@justjais) " +""" + +EXAMPLES = """ +- name: Create a new API key + trendmicro.deepsec.deepsec_apikey: + state: present + api_keys: + - key_name: admin_apiKeys + description: test API keys 1 + active: true + role_id: 1 + locale: en-US + - key_name: auditor_apiKeys + description: test API keys 2 + active: true + role_id: 2 + locale: en-US +- name: Generate Secret key for current API key + trendmicro.deepsec.deepsec_apikey: + state: present + api_keys: + - current: true +- name: Generate Secret key for specified API key + trendmicro.deepsec.deepsec_apikey: + state: present + api_keys: + - key_name: admin_apiKeys + secret_key: test_secret +- name: Get the API keys by Name + trendmicro.deepsec.deepsec_apikey: + api_keys: + - key_name: admin_apiKeys + state: gathered +- name: Get all the API keys + trendmicro.deepsec.deepsec_apikey: + state: gathered +- name: Delete/Remove the API key by name + trendmicro.deepsec.deepsec_apikey: + state: absent + key_name: test_apiKeys +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( + DeepSecurityRequest, + check_if_config_exists, + delete_config_with_id, + map_params_to_obj, + map_obj_to_params, +) +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) + +key_transform = { + "key_name": "keyName", + "description": "description", + "id": "ID", + "locale": "locale", + "role_id": "roleID", + "time_zone": "timeZone", + "active": "active", + "created": "created", + "last_sign_in": "lastSignIn", + "unlock_time": "unlockTime", + "unsuccessful_sign_in_attempts": "unsuccessfulSignInAttempts", + "expiry_date": "expiryDate", + "secret_key": "secretKey", + "service_account": "serviceAccount", +} + +api_object = "/api/apikeys" +api_get_object = "/api/apikeys/search" +api_secretkey_current_object = "/api/apikeys/current/secretkey" +api_return = "apiKeys" + + +def display_gathered_result(argspec, module, deepsec_request): + return_val = {} + if module.params and module.params.get("api_keys"): + return_val["api_keys"] = [] + for each in module.params["api_keys"]: + want = map_params_to_obj(each, key_transform) + search_by_id = search_for_pre_existing_key(want, deepsec_request) + if search_by_id.get("id"): + request_api = "{0}/{1}".format(api_object, search_by_id["id"]) + get_key_by_id = deepsec_request.get("{0}".format(request_api)) + get_key_by_id = map_obj_to_params( + get_key_by_id, key_transform, api_return + ) + return_val["api_keys"].append(get_key_by_id) + if get_key_by_id.get("message"): + module.fail_json(msg=get_key_by_id["message"]) + else: + return_get = deepsec_request.post(api_get_object) + if return_get: + return_val["api_keys"] = map_obj_to_params( + return_get, key_transform, api_return + )[api_return] + + utils.validate_config(argspec, return_val) + module.exit_json(gathered=return_val, changed=False) + + +def search_for_pre_existing_key(want, deepsec_api_request): + search_existing_apikey = check_if_config_exists( + deepsec_api_request, + want["keyName"], + api_object.split("/")[2], + api_return, + "keyName", + ) + return map_obj_to_params(search_existing_apikey, key_transform, api_return) + + +def delete_module_api_config(argspec, module, deepsec_request): + if module.params and module.params.get("api_keys"): + deleted_key = [] + for each in module.params["api_keys"]: + key_name = each["key_name"] + want = map_params_to_obj(each, key_transform) + search_by_id = search_for_pre_existing_key(want, deepsec_request) + if "id" in search_by_id: + delete_return = delete_config_with_id( + module, + deepsec_request, + api_object.split("/")[2], + search_by_id["id"], + api_return, + ) + if delete_return.get("message"): + error_msg = "Delete for ApiKey with key_name: {0}, failed with error: {1}".format( + key_name, delete_return["message"] + ) + module.fail_json(msg=error_msg) + deleted_key.append(key_name) + if deleted_key: + module.exit_json( + msg="{0} with name: {1} deleted successfully!".format( + api_return, deleted_key + ), + changed=True, + ) + else: + module.exit_json(changed=False) + + +def configure_module_api(argspec, module, deepsec_request): + if module.params and module.params.get("api_keys"): + return_val = {} + return_val["api_keys"] = [] + changed = False + for each in module.params["api_keys"]: + want = map_params_to_obj(each, key_transform) + if not each.get("current"): + search_existing_apikey = search_for_pre_existing_key( + want, deepsec_request + ) + if each.get("current") or each.get("secret_key"): + if each.get("current"): + api_key = deepsec_request.post( + "{0}".format(api_secretkey_current_object), data=want + ) + elif "id" in search_existing_apikey: + id = search_existing_apikey["id"] + request_api = "/api/apikeys/{0}/secretkey".format(id) + api_key = deepsec_request.post( + "{0}".format(request_api), data=want + ) + if api_key.get("message"): + module.fail_json(msg=api_key["message"]) + else: + changed = True + api_key = map_obj_to_params( + api_key, key_transform, api_return + ) + return_val["api_keys"].append(api_key) + else: + if "id" in search_existing_apikey: + return_val["api_keys"].append(search_existing_apikey) + continue + apikey = deepsec_request.post( + "{0}".format(api_object), data=want + ) + if apikey.get("message"): + module.fail_json(msg=apikey["message"]) + else: + changed = True + apikey = map_obj_to_params( + apikey, key_transform, api_return + ) + return_val["api_keys"].append(apikey) + utils.validate_config(argspec, return_val) + module.exit_json(config=return_val, changed=changed) + + +def main(): + api_keys_list_spec = { + "key_name": dict(type="str"), + "id": dict(type="str"), + "description": dict(type="str"), + "locale": dict(type="str", choices=["en-US", "ja-JP"]), + "role_id": dict(type="int"), + "time_zone": dict(type="str"), + "active": dict(type="bool"), + "created": dict(type="int"), + "last_sign_in": dict(type="int"), + "unlock_time": dict(type="int"), + "unsuccessful_sign_in_attempts": dict(type="int"), + "expiry_date": dict(type="int"), + "secret_key": dict(no_log=True, type="str"), + "service_account": dict(type="bool"), + "current": dict(type="bool"), + } + + argspec = dict( + state=dict( + choices=["present", "absent", "gathered"], default="present" + ), + api_keys=dict( + type="list", + elements="dict", + options=api_keys_list_spec, + no_log=False, + ), + ) + + module = AnsibleModule(argument_spec=argspec, supports_check_mode=True) + deepsec_request = DeepSecurityRequest(module) + module.params = utils.remove_empties(module.params) + + if module.params["state"] == "gathered": + display_gathered_result( + argspec=argspec, module=module, deepsec_request=deepsec_request + ) + elif module.params["state"] == "absent": + delete_module_api_config( + argspec=argspec, module=module, deepsec_request=deepsec_request + ) + elif module.params["state"] == "present": + configure_module_api( + argspec=argspec, module=module, deepsec_request=deepsec_request + ) + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/deepsec_firewall_rules.py b/plugins/modules/deepsec_firewall_rules.py new file mode 100644 index 0000000..a79bd47 --- /dev/null +++ b/plugins/modules/deepsec_firewall_rules.py @@ -0,0 +1,711 @@ +#!/usr/bin/python +# Copyright: Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = """ +module: deepsec_firewall_rules +short_description: Manages Firewall Rule resource module +description: Firewall rule details. +version_added: 1.2.0 +options: + config: + description: A dictionary of Firewall Rules options + type: list + elements: dict + suboptions: + name: + description: Name of the firewall rule. Searchable as String. + type: str + description: + description: Description of the firewall rule. Searchable as String. + type: str + action: + description: Action of the packet filter. Searchable as Choice. + type: str + choices: + - log-only + - allow + - deny + - force-allow + - bypass + priority: + description: Priority of the packet filter. Searchable as Choice. + type: str + choices: + - '0' + - '1' + - '2' + - '3' + - '4' + direction: + description: Packet direction. Searchable as Choice. + type: str + choices: + - incoming + - outgoing + frame_type: + description: Supported frame types. Searchable as Choice. + type: str + choices: + - any + - ip + - arp + - revarp + - ipv4 + - ipv6 + - other + frame_number: + description: Ethernet frame number. Only required for FrameType "other". Searchable + as Numeric. + type: int + frame_not: + description: Controls if the frame setting should be inverted. Set to true + to invert. Searchable as Boolean. + type: bool + protocol: + description: Protocol. Searchable as Choice. + type: str + choices: + - any + - icmp + - igmp + - ggp + - tcp + - pup + - udp + - idp + - nd + - raw + - tcp-udp + - icmpv6 + - other + protocol_number: + description: Two-byte protocol number. Searchable as Numeric. + type: int + protocol_not: + description: Controls if the protocol setting should be inverted. Set to true + to invert. Searchable as Boolean. + type: bool + source_iptype: + description: Source IP type. Default is "any". Searchable as Choice. + type: str + choices: + - any + - masked-ip + - range + - ip-list + - single + - multiple + source_ipvalue: + description: Source IP. Only applies to source IP type "masked-ip" or "single". + Searchable as String. + type: str + source_ipmask: + description: Source IP mask. Only applies to source IP type "masked-ip". Searchable + as String. + type: str + source_iprange_from: + description: The first value for a range of source IP addresses. Only applies + to source IP type "range". Searchable as String. + type: str + source_iprange_to: + description: The last value for a range of source IP addresses. Only applies + to source IP type "range". Searchable as String. + type: str + source_ipmultiple: + description: List of source IP addresses. Only applies to source IP type "multiple". + Searchable as String. + type: list + elements: str + source_iplist_id: + description: ID of source IP list. Only applies to source IP type "ip-list". + Set to 0 to remove any assignment. Searchable as Numeric. + type: int + source_ipnot: + description: Controls if the source IP setting should be inverted. Set to + true to invert. Searchable as Boolean. + type: bool + source_mactype: + description: Source MAC type. Default is "any". Searchable as Choice. + type: str + choices: + - any + - single + - mac-list + - multiple + source_macvalue: + description: Source MAC address. Only applies to MAC type "single". Searchable + as String. + type: str + source_macmultiple: + description: List of MAC addresses. Only applies to MAC type "multiple". Searchable + as String. + type: list + elements: str + source_maclist_id: + description: ID of MAC address list. Only applies to MAC type "mac-list". + Set to 0 to remove any assignment. Searchable as Numeric. + type: int + source_macnot: + description: Controls if the source MAC setting should be inverted. Set to + true to invert. Searchable as Boolean. + type: bool + source_port_type: + description: The type of source port. Searchable as Choice. + type: str + choices: + - any + - multiple + - port-list + source_port_multiple: + description: List of comma-delimited source ports. Only applies to source + type "multiple". Searchable as String. + type: list + elements: str + source_port_list_id: + description: ID of source port list. Only applies to source type "port-list". + Set to 0 to remove any assignment. Searchable as Numeric. + type: int + source_port_not: + description: Controls if the source port setting should be inverted. Set to + true to invert. Searchable as Boolean. + type: bool + destination_iptype: + description: Destination IP type. Default is "any". Searchable as Choice. + type: str + choices: + - any + - masked-ip + - range + - ip-list + - single + - multiple + destination_ipvalue: + description: Destination IP. Only applies to destination IP type "masked-ip" + or "single". Searchable as String. + type: str + destination_ipmask: + description: Destination IP mask. Only applies to destination IP type "masked-ip". + Searchable as String. + type: str + destination_iprange_from: + description: The first value for a range of destination IP addresses. Only + applies to estination IP type "range". Searchable as String. + type: str + destination_iprange_to: + description: The last value for a range of destination IP addresses. Only + applies to destination IP type "range". Searchable as String. + type: str + destination_ipmultiple: + description: List of comma-delimited destination IP addresses. Only applies + to destination IP type "multiple". Searchable as String. + type: list + elements: str + destination_iplist_id: + description: ID of destination IP list. Only applies to destination IP type + "ip-list". Set to 0 to remove any assignment. Searchable as Numeric. + type: int + destination_ipnot: + description: Controls if the destination IP setting should be inverted. Set + to true to invert. Searchable as Boolean. + type: bool + destination_mactype: + description: Destination MAC type. Default is "any". Searchable as Choice. + type: str + choices: + - any + - single + - mac-list + - multiple + destination_macvalue: + description: Destination MAC address. Only applies to MAC type "single". Searchable + as String. + type: str + destination_macmultiple: + description: List of comma-delimited MAC addresses. Only applies to MAC type + "multiple". Searchable as String. + type: list + elements: str + destination_maclist_id: + description: ID of MAC address list. Only applies to MAC type "mac-list". + Set to 0 to remove any assignment. Searchable as Numeric. + type: int + destination_macnot: + description: Controls if the destination MAC setting should be inverted. Set + to true to invert. Searchable as Boolean. + type: bool + destination_port_type: + description: The type of destination port. Searchable as Choice. + type: str + choices: + - any + - multiple + - port-list + destination_port_multiple: + description: List of comma-delimited destination ports. Only applies to destination + type "multiple". Searchable as String. + type: list + elements: str + destination_port_list_id: + description: ID of destination port list. Only applies to destination type + "port-list". Set to 0 to remove any assignment. Searchable as Numeric. + type: int + destination_port_not: + description: Controls if the destination port setting should be inverted. + Set to true to invert. Searchable as Boolean. + type: bool + any_flags: + description: True if any flags are used. Searchable as Boolean. + type: bool + log_disabled: + description: Controls if logging for this filter is disabled. Only applies + to filter action "log-only" or "deny". Searchable as Boolean. + type: bool + include_packet_data: + description: Controls if this filter should capture data for every log. Searchable + as Boolean. + type: bool + alert_enabled: + description: Controls if this filter should be alerted on. Searchable as Boolean. + type: bool + schedule_id: + description: ID of the schedule to control when this filter is "on". Set to + 0 to remove any assignment. Searchable as Numeric. + type: int + context_id: + description: RuleContext that is applied to this filter. Set to 0 to remove + any assignment. Searchable as Numeric. + type: int + tcpflags: + description: TCP flags + type: list + elements: str + id: + description: ID of the firewall rule. Searchable as ID. + type: int + tcpnot: + description: TCP not + type: bool + icmptype: + description: ICMP type + type: int + icmpcode: + description: ICMP code + type: int + icmpnot: + description: ICMP not + type: bool + state: + description: + - The state the configuration should be left in + - The state I(gathered) will get the module API configuration from the device + and transform it into structured data in the format as per the module argspec + and the value is returned in the I(gathered) key within the result. + type: str + choices: + - merged + - replaced + - overridden + - gathered + - deleted + +author: Ansible Security Automation Team (@justjais) +""" + +EXAMPLES = """ + +# Using MERGED state +# ------------------- + +- name: Create Firewall Rules + trendmicro.deepsec.deepsec_firewall_rules: + state: merged + config: + - name: test_firewallrule_1 + description: incoming firewall 1 rule description + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: incoming + protocol: tcp + log_disabled: true + - name: test_firewallrule_2 + description: incoming firewall 2 rule description + action: deny + priority: 0 + source_iptype: any + source_ipnot: false + source_port_type: any + destination_iptype: any + direction: incoming + protocol: tcp + +# RUN output: +# ----------- + +# firewall_rules: +# after: +# - action: deny +# alert_enabled: false +# any_flags: true +# description: incoming firewall 1 rule description +# destination_ipnot: false +# destination_iptype: any +# destination_macnot: false +# destination_mactype: any +# destination_port_not: false +# destination_port_type: any +# direction: incoming +# frame_not: false +# frame_number: 2048 +# frame_type: ip +# id: 148 +# include_packet_data: false +# log_disabled: true +# name: test_firewallrule_1 +# priority: '0' +# protocol: tcp +# protocol_not: false +# source_ipnot: false +# source_iptype: any +# source_macnot: false +# source_mactype: any +# source_port_not: false +# source_port_type: any +# - action: deny +# alert_enabled: false +# any_flags: true +# description: incoming firewall 2 rule description +# destination_ipnot: false +# destination_iptype: any +# destination_macnot: false +# destination_mactype: any +# destination_port_not: false +# destination_port_type: any +# direction: incoming +# frame_not: false +# frame_number: 2048 +# frame_type: ip +# id: 149 +# include_packet_data: false +# log_disabled: false +# name: test_firewallrule_2 +# priority: '0' +# protocol: tcp +# protocol_not: false +# source_ipnot: false +# source_iptype: any +# source_macnot: false +# source_mactype: any +# source_port_not: false +# source_port_type: any +# before: [] + +- name: Modify the severity of Firewall Rule by name + trendmicro.deepsec.deepsec_firewall_rules: + state: merged + config: + - name: test_firewallrule_1 + action: allow + +# RUN output: +# ----------- + +# firewall_rules: +# after: +# - action: allow +# alert_enabled: false +# any_flags: true +# description: incoming firewall 1 rule description +# destination_ipnot: false +# destination_iptype: any +# destination_macnot: false +# destination_mactype: any +# destination_port_not: false +# destination_port_type: any +# direction: incoming +# frame_not: false +# frame_number: 2048 +# frame_type: ip +# id: 148 +# include_packet_data: false +# log_disabled: true +# name: test_firewallrule_1 +# priority: '0' +# protocol: tcp +# protocol_not: false +# source_ipnot: false +# source_iptype: any +# source_macnot: false +# source_mactype: any +# source_port_not: false +# source_port_type: any +# before: +# - action: deny +# alert_enabled: false +# any_flags: true +# description: incoming firewall 1 rule description +# destination_ipnot: false +# destination_iptype: any +# destination_macnot: false +# destination_mactype: any +# destination_port_not: false +# destination_port_type: any +# direction: incoming +# frame_not: false +# frame_number: 2048 +# frame_type: ip +# id: 148 +# include_packet_data: false +# log_disabled: true +# name: test_firewallrule_1 +# priority: '0' +# protocol: tcp +# protocol_not: false +# source_ipnot: false +# source_iptype: any +# source_macnot: false +# source_mactype: any +# source_port_not: false +# source_port_type: any + +# Using REPLACED state +# -------------------- + +- name: Replace existing Firewall Rules + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: replaced + config: + - name: test_firewallrule_1 + description: outgoing firewall 1 REPLACED rule + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: outgoing + protocol: any + log_disabled: true + +# RUN output: +# ----------- + +# firewall_rules: +# after: +# - action: deny +# alert_enabled: false +# any_flags: true +# description: outgoing firewall 1 REPLACED rule +# destination_ipnot: false +# destination_iptype: any +# destination_macnot: false +# destination_mactype: any +# destination_port_not: false +# destination_port_type: any +# direction: outgoing +# frame_not: false +# frame_number: 2048 +# frame_type: ip +# id: 150 +# include_packet_data: false +# log_disabled: true +# name: test_firewallrule_1 +# priority: '0' +# protocol: any +# protocol_not: false +# source_ipnot: false +# source_iptype: any +# source_macnot: false +# source_mactype: any +# source_port_not: false +# source_port_type: any +# before: +# - action: allow +# alert_enabled: false +# any_flags: true +# description: incoming firewall 1 rule description +# destination_ipnot: false +# destination_iptype: any +# destination_macnot: false +# destination_mactype: any +# destination_port_not: false +# destination_port_type: any +# direction: incoming +# frame_not: false +# frame_number: 2048 +# frame_type: ip +# id: 148 +# include_packet_data: false +# log_disabled: true +# name: test_firewallrule_1 +# priority: '0' +# protocol: tcp +# protocol_not: false +# source_ipnot: false +# source_iptype: any +# source_macnot: false +# source_mactype: any +# source_port_not: false +# source_port_type: any + +# Using GATHERED state +# -------------------- + +- name: Gather Firewall Rules by FW names + trendmicro.deepsec.deepsec_firewall_rules: + state: gathered + config: + - name: test_firewallrule_1 + - name: test_firewallrule_2 + +# RUN output: +# ----------- + +# gathered: +# - action: deny +# alert_enabled: false +# any_flags: true +# description: incoming firewall 1 rule description +# destination_ipnot: false +# destination_iptype: any +# destination_macnot: false +# destination_mactype: any +# destination_port_not: false +# destination_port_type: any +# direction: incoming +# frame_not: false +# frame_number: 2048 +# frame_type: ip +# id: 150 +# include_packet_data: false +# log_disabled: true +# name: test_firewallrule_1 +# priority: '0' +# protocol: tcp +# protocol_not: false +# source_ipnot: false +# source_iptype: any +# source_macnot: false +# source_mactype: any +# source_port_not: false +# source_port_type: any +# - action: deny +# alert_enabled: false +# any_flags: true +# description: incoming firewall 2 rule description +# destination_ipnot: false +# destination_iptype: any +# destination_macnot: false +# destination_mactype: any +# destination_port_not: false +# destination_port_type: any +# direction: incoming +# frame_not: false +# frame_number: 2048 +# frame_type: ip +# id: 149 +# include_packet_data: false +# log_disabled: false +# name: test_firewallrule_2 +# priority: '0' +# protocol: tcp +# protocol_not: false +# source_ipnot: false +# source_iptype: any +# source_macnot: false +# source_mactype: any +# source_port_not: false +# source_port_type: any + +- name: Gather ALL of the Firewall Rules + trendmicro.deepsec.deepsec_firewall_rules: + state: gathered + +# Using DELETED state +# ------------------- + +- name: Delete Firewall Rules + trendmicro.deepsec.deepsec_firewall_rules: + state: deleted + config: + - name: test_firewallrule_1 + - name: test_firewallrule_2 + +# RUN output: +# ----------- + +# firewall_rules: +# after: [] +# before: +# - action: deny +# alert_enabled: false +# any_flags: true +# description: incoming firewall 1 rule description +# destination_ipnot: false +# destination_iptype: any +# destination_macnot: false +# destination_mactype: any +# destination_port_not: false +# destination_port_type: any +# direction: incoming +# frame_not: false +# frame_number: 2048 +# frame_type: ip +# id: 150 +# include_packet_data: false +# log_disabled: true +# name: test_firewallrule_1 +# priority: '0' +# protocol: tcp +# protocol_not: false +# source_ipnot: false +# source_iptype: any +# source_macnot: false +# source_mactype: any +# source_port_not: false +# source_port_type: any +# - action: deny +# alert_enabled: false +# any_flags: true +# description: incoming firewall 2 rule description +# destination_ipnot: false +# destination_iptype: any +# destination_macnot: false +# destination_mactype: any +# destination_port_not: false +# destination_port_type: any +# direction: incoming +# frame_not: false +# frame_number: 2048 +# frame_type: ip +# id: 149 +# include_packet_data: false +# log_disabled: false +# name: test_firewallrule_2 +# priority: '0' +# protocol: tcp +# protocol_not: false +# source_ipnot: false +# source_iptype: any +# source_macnot: false +# source_mactype: any +# source_port_not: false +# source_port_type: any +""" + +RETURN = """ +before: + description: The configuration as structured data prior to module invocation. + returned: always + type: list + sample: The configuration returned will always be in the same format of the parameters above. +after: + description: The configuration as structured data after module completion. + returned: when changed + type: list + sample: The configuration returned will always be in the same format of the parameters above. +""" diff --git a/plugins/modules/deepsec_firewallrules.py b/plugins/modules/deepsec_firewallrules.py new file mode 100644 index 0000000..888fd2f --- /dev/null +++ b/plugins/modules/deepsec_firewallrules.py @@ -0,0 +1,508 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +DOCUMENTATION = """ +module: deepsec_firewallrules +short_description: Create a new firewall rule. +description: This module creates a new firewall rule under TrendMicro Deep Security. +version_added: 1.0.0 +deprecated: + alternative: deepsec_firewall_rules + why: Newer and updated modules released with more functionality + removed_at_date: '2023-12-01' +author: Ansible Security Automation Team (@justjais) +options: + name: + description: Name of the firewall rule + required: true + type: str + description: + description: Description of the firewall rule + type: str + action: + description: Action of the packet filter. + type: str + choices: + - log-only + - allow + - deny + - force-allow + - bypass + priority: + description: Priority of the packet filter. + choices: ['0', '1', '2', '3', '4'] + type: str + direction: + description: Packet direction. + choices: [incoming, outgoing] + type: str + frame_type: + description: Supported frame types. + choices: [any, ip, arp, revarp, ipv4, ipv6, other] + type: str + frame_number: + description: Ethernet frame number. Only required for FrameType 'other'. + type: int + frame_not: + description: Controls if the frame setting should be inverted. Set to true to + invert. + type: bool + protocol: + description: Protocol. + choices: [any, icmp, igmp, ggp, tcp, pup, udp, idp, nd, raw, tcp-udp, icmpv6, + other] + type: str + protocol_number: + description: Two-byte protocol number. + type: int + protocol_not: + description: Controls if the protocol setting should be inverted. Set to true + to invert. + type: bool + source_iptype: + description: Source IP type. + choices: [any, masked-ip, range, ip-list, single, multiple] + type: str + source_ipvalue: + description: Source IP. Only applies to source IP type 'masked-ip' or 'single'. + type: str + source_ipmask: + description: Source IP mask. Only applies to source IP type 'masked-ip'. + type: str + source_iprange_from: + description: The first value for a range of source IP addresses. Only applies + to source IP type 'range'. + type: str + source_iprange_to: + description: The last value for a range of source IP addresses. Only applies to + source IP type 'range'. + type: str + source_ipmultiple: + description: List of source IP addresses. Only applies to source IP type 'multiple'. + type: list + elements: str + source_iplist_id: + description: ID of source IP list. Only applies to source IP type 'ip-list'. + type: int + source_ipnot: + description: Controls if the source IP setting should be inverted. Set to true + to invert. + type: bool + source_mactype: + description: Source MAC type. + choices: [any, single, mac-list, multiple] + type: str + source_macvalue: + description: Source MAC address. Only applies to MAC type 'single'. + type: str + source_macmultiple: + description: List of MAC addresses. Only applies to MAC type 'multiple'. + type: list + elements: str + source_maclist_id: + description: ID of MAC address list. Only applies to MAC type 'mac-list'. + type: int + source_macnot: + description: Controls if the source MAC setting should be inverted. Set to true + to invert. + type: bool + source_port_type: + description: The type of source port. + choices: [any, multiple, port-list] + type: str + source_port_multiple: + description: List of comma-delimited source ports. Only applies to source type + 'multiple'. + type: list + elements: str + source_port_list_id: + description: ID of source port list. Only applies to source type 'port-list'. + type: int + source_port_not: + description: Controls if the source MAC setting should be inverted. Set to true + to invert. + type: bool + destination_iptype: + description: Destination IP type. + choices: [any, masked-ip, range, ip-list, single, multiple] + type: str + destination_ipvalue: + description: Destination IP. Only applies to destination IP type 'masked-ip' or + 'single'. + type: str + destination_ipmask: + description: Destination IP mask. Only applies to destination IP type 'masked-ip'. + type: str + destination_iprange_from: + description: The first value for a range of destination IP addresses. Only applies + to estination IP type 'range'. + type: str + destination_iprange_to: + description: The last value for a range of destination IP addresses. Only applies + to destination IP type 'range'. + type: str + destination_ipmultiple: + description: List of comma-delimited destination IP addresses. Only applies to + destination IP type 'multiple'. + type: list + elements: str + destination_iplist_id: + description: ID of destination IP list. Only applies to destination IP type 'ip-list'. + type: int + destination_ipnot: + description: Controls if the destination IP setting should be inverted. Set to + true to invert. + type: bool + destination_mactype: + description: Destination MAC type. + choices: [any, single, mac-list, multiple] + type: str + destination_macvalue: + description: Destination MAC address. Only applies to MAC type 'single'. + type: str + destination_macmultiple: + description: List of comma-delimited MAC addresses. Only applies to MAC type 'multiple'. + type: list + elements: str + destination_maclist_id: + description: ID of MAC address list. Only applies to MAC type 'mac-list'. + type: int + destination_macnot: + description: Controls if the destination MAC setting should be inverted. Set to + true to invert. + type: bool + destination_port_type: + description: The type of destination port. + choices: [any, multiple, port-list] + type: str + destination_port_multiple: + description: List of comma-delimited destination ports. Only applies to destination + type 'multiple'. + type: list + elements: str + destination_port_list_id: + description: ID of destination port list. Only applies to destination type 'port-list'. + type: int + destination_port_not: + description: Controls if the destination port setting should be inverted. Set + to true to invert. + type: bool + any_flags: + description: True if any flags are used. + type: bool + log_disabled: + description: Controls if logging for this filter is disabled. Only applies to + filter action 'log-only' or 'deny'. + type: bool + include_packet_data: + description: Controls if this filter should capture data for every log. + type: bool + alert_enabled: + description: Controls if this filter should be alerted on. + type: bool + context_id: + description: ID of the schedule to control when this filter is 'on'. + type: int + tcpflags: + description: TCP flags + choices: [fin, syn, rst, psh, ack, urg] + type: list + elements: str + tcpnot: + description: TCP Not + type: bool + icmptype: + description: ICMP Type + type: int + icmpcode: + description: ICMPCode + type: int + icmpnot: + description: ICMP Not + type: bool + state: + description: + - The state the configuration should be left in + type: str + choices: + - present + - absent + default: present +""" + +EXAMPLES = """ +- name: Create/Config a new Firewall Rule Config + trendmicro.deepsec.deepsec_firewallrules: + state: present + name: test_firewallrule config + description: test firewall description + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: incoming + protocol: tcp + tcpflags: + - syn + +- name: Delete/Remove the existing Firewall rule Config + trendmicro.deepsec.deepsec_firewallrules: + state: absent + name: test_firewallrule config +""" + +from ansible.module_utils.six import iteritems +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( + DeepSecurityRequest, + check_if_config_exists, + delete_config_with_id, +) +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( + remove_empties, +) + +key_transform = { + "id": "ID", + "frame_type": "frameType", + "frame_number": "frameNumber", + "frame_not": "frameNot", + "protocol_number": "protocolNumber", + "protocol_not": "protocolNot", + "source_iptype": "sourceIPType", + "source_ipvalue": "sourceIPValue", + "source_ipmask": "sourceIPMask", + "source_iprange_from": "sourceIPRangeFrom", + "source_iprange_to": "sourceIPRangeTo", + "source_ipmultiple": "sourceIPMultiple", + "source_iplist_id": "sourceIPListID", + "source_ipnot": "sourceIPNot", + "source_mactype": "sourceMACType", + "source_macvalue": "sourceMACValue", + "source_macmultiple": "sourceMACMultiple", + "source_maclist_id": "sourceMACListID", + "source_macnot": "sourceMACNot", + "source_port_type": "sourcePortType", + "source_port_multiple": "sourcePortMultiple", + "source_port_list_id": "sourcePortListID", + "source_port_not": "sourcePortNot", + "destination_iptype": "destinationIPType", + "destination_ipvalue": "destinationIPValue", + "destination_ipmask": "destinationIPMask", + "destinationIPRangeFrom": "destination_iprange_from", + "destination_iprange_to": "destinationIPRangeTo", + "destination_ipmultiple": "destinationIPMultiple", + "destination_iplist_id": "destinationIPListID", + "destination_ipnot": "destinationIPNot", + "destination_mactype": "destinationMACType", + "destination_macvalue": "destinationMACValue", + "destination_macmultiple": "destinationMACMultiple", + "destination_maclist_id": "destinationMACListID", + "destination_macnot": "destinationMACNot", + "destination_port_type": "destinationPortType", + "destination_port_multiple": "destinationPortMultiple", + "destination_port_list_id": "destinationPortListID", + "destination_port_not": "destinationPortNot", + "any_flags": "anyFlags", + "log_disabled": "logDisabled", + "include_packet_data": "includePacketData", + "alert_enabled": "alertEnabled", + "schedule_id": "scheduleID", + "context_id": "contextID", + "tcpnot": "TCPNot", + "icmptype": "ICMPType", + "icmpcode": "ICMPCode", + "icmpnot": "ICMPNot", +} + + +def map_params_to_obj(module_params): + # populate the firewall rules dict with actual api expected values + obj = {} + obj["name"] = module_params["name"] + if module_params.get("description"): + obj["description"] = module_params.get("description") + if module_params.get("action"): + obj["action"] = module_params.get("action") + if module_params.get("priority"): + obj["priority"] = module_params.get("priority") + if module_params.get("direction"): + obj["direction"] = module_params.get("direction") + if module_params.get("protocol"): + obj["protocol"] = module_params.get("protocol") + if module_params.get("tcpflags"): + obj["tcpflags"] = module_params.get("tcpflags") + for k, v in iteritems(key_transform): + if module_params.get(k): + obj[v] = module_params.get(k) + return obj + + +def main(): + argspec = dict( + state=dict(choices=["present", "absent"], default="present"), + name=dict(required=True, type="str"), + description=dict(type="str"), + action=dict( + type="str", + choices=["log-only", "allow", "deny", "force-allow", "bypass"], + ), + priority=dict(type="str", choices=["0", "1", "2", "3", "4"]), + direction=dict(type="str", choices=["incoming", "outgoing"]), + frame_type=dict( + type="str", + choices=["any", "ip", "arp", "revarp", "ipv4", "ipv6", "other"], + ), + frame_number=dict(type="int"), + frame_not=dict(type="bool"), + protocol=dict( + type="str", + choices=[ + "any", + "icmp", + "igmp", + "ggp", + "tcp", + "pup", + "udp", + "idp", + "nd", + "raw", + "tcp-udp", + "icmpv6", + "other", + ], + ), + protocol_number=dict(type="int"), + protocol_not=dict(type="bool"), + source_iptype=dict( + type="str", + choices=[ + "any", + "masked-ip", + "range", + "ip-list", + "single", + "multiple", + ], + ), + source_ipvalue=dict(type="str"), + source_ipmask=dict(type="str"), + source_iprange_from=dict(type="str"), + source_iprange_to=dict(type="str"), + source_ipmultiple=dict(type="list", elements="str"), + source_iplist_id=dict(type="int"), + source_ipnot=dict(type="bool"), + source_mactype=dict( + type="str", choices=["any", "single", "mac-list", "multiple"] + ), + source_macvalue=dict(type="str"), + source_macmultiple=dict(type="list", elements="str"), + source_maclist_id=dict(type="int"), + source_macnot=dict(type="bool"), + source_port_type=dict( + type="str", choices=["any", "multiple", "port-list"] + ), + source_port_multiple=dict(type="list", elements="str"), + source_port_list_id=dict(type="int"), + source_port_not=dict(type="bool"), + destination_iptype=dict( + type="str", + choices=[ + "any", + "masked-ip", + "range", + "ip-list", + "single", + "multiple", + ], + ), + destination_ipvalue=dict(type="str"), + destination_ipmask=dict(type="str"), + destination_iprange_from=dict(type="str"), + destination_iprange_to=dict(type="str"), + destination_ipmultiple=dict(type="list", elements="str"), + destination_iplist_id=dict(type="int"), + destination_ipnot=dict(type="bool"), + destination_mactype=dict( + type="str", choices=["any", "single", "mac-list", "multiple"] + ), + destination_macvalue=dict(type="str"), + destination_macmultiple=dict(type="list", elements="str"), + destination_maclist_id=dict(type="int"), + destination_macnot=dict(type="bool"), + destination_port_type=dict( + type="str", choices=["any", "multiple", "port-list"] + ), + destination_port_multiple=dict(type="list", elements="str"), + destination_port_list_id=dict(type="int"), + destination_port_not=dict(type="bool"), + any_flags=dict(type="bool"), + log_disabled=dict(type="bool"), + include_packet_data=dict(type="bool"), + alert_enabled=dict(type="bool"), + context_id=dict(type="int"), + tcpflags=dict( + type="list", + elements="str", + choices=["fin", "syn", "rst", "psh", "ack", "urg"], + ), + tcpnot=dict(type="bool"), + icmptype=dict(type="int"), + icmpcode=dict(type="int"), + icmpnot=dict(type="bool"), + ) + + api_object = "/api/firewallrules" + api_return = "firewallRules" + + module = AnsibleModule(argument_spec=argspec, supports_check_mode=True) + deepsec_request = DeepSecurityRequest(module) + want = map_params_to_obj(remove_empties(module.params)) + # Search for existing firewall rules config via Get call + search_existing_firewallrules = check_if_config_exists( + deepsec_request, want["name"], api_object.split("/")[2], api_return + ) + + if ( + "ID" in search_existing_firewallrules + and module.params["state"] == "absent" + ): + delete_config_with_id( + module, + deepsec_request, + api_object.split("/")[2], + search_existing_firewallrules["ID"], + api_return, + handle_return=True, + ) + elif ( + "ID" not in search_existing_firewallrules + and module.params["state"] == "absent" + ): + module.exit_json(changed=False) + else: + firewallrules = deepsec_request.post( + "{0}".format(api_object), data=want + ) + if "ID" in search_existing_firewallrules: + module.exit_json( + firewallrules=search_existing_firewallrules, changed=False + ) + elif firewallrules.get("message"): + module.fail_json(msg=firewallrules["message"]) + else: + module.exit_json(firewallrules=firewallrules, changed=True) + module.exit_json(changed=False) + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/hosts_info.py b/plugins/modules/deepsec_hosts_info.py similarity index 72% rename from plugins/modules/hosts_info.py rename to plugins/modules/deepsec_hosts_info.py index 4c32dd8..8557db5 100644 --- a/plugins/modules/hosts_info.py +++ b/plugins/modules/deepsec_hosts_info.py @@ -9,42 +9,30 @@ __metaclass__ = type -ANSIBLE_METADATA = { - "metadata_version": "1.1", - "status": ["preview"], - "supported_by": "community", -} DOCUMENTATION = """ ---- -module: hosts_info -short_description: Obtain information about one or many Hosts defined by TrendMicro Deep Security +module: deepsec_hosts_info +short_description: Obtain information about one or many Hosts defined by TrendMicro + Deep Security description: - - This module obtains information about Hosts defined by TrendMicro Deep Security -version_added: "2.9" +- This module obtains information about Hosts defined by TrendMicro Deep Security +version_added: 1.0.0 +author: Ansible Security Automation Team (@maxamillion) options: id: description: - - Obtain only information of the Rule with provided ID + - Obtain only information of the Rule with provided ID required: false type: int - -author: Ansible Security Automation Team (@maxamillion) " """ EXAMPLES = """ - name: Get the Host Info - trendmicro.deepsec.hosts_info: + trendmicro.deepsec.deepsec_hosts_info: - name: Get the Host Info by ID - trendmicro.deepsec.hosts_info: + trendmicro.deepsec.deepsec_hosts_info: id: 1 """ -RETURN = """ -updates: - description: The set of commands that will be pushed to the remote device - returned: always -""" - from ansible.module_utils.basic import AnsibleModule from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( DeepSecurityRequest, diff --git a/plugins/modules/deepsec_integrity_monitoring_rules.py b/plugins/modules/deepsec_integrity_monitoring_rules.py new file mode 100644 index 0000000..7cfe125 --- /dev/null +++ b/plugins/modules/deepsec_integrity_monitoring_rules.py @@ -0,0 +1,519 @@ +#!/usr/bin/python +# Copyright: Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = """ +module: deepsec_integrity_monitoring_rules +short_description: Manages Integrity Monitoring Rule resource module +description: Integrity monitoring rules describe how Deep Security Agents should scan + for and detect changes to a computer's files, directories and registry keys and + values as well as changes in installed software, processes, listening ports and + running services. Integrity monitoring rules can be assigned directly to computers + or can be made part of a policy. +version_added: 1.2.0 +options: + config: + description: A dictionary of Integrity Monitoring Rules options + type: list + elements: dict + suboptions: + name: + description: Name of the IntegrityMonitoringRule. Searchable as String. + type: str + description: + description: Description of the IntegrityMonitoringRule. Searchable as String. + type: str + minimum_agent_version: + description: Minimum Deep Security Agent version that supports the IntegrityMonitoringRule. + This value is provided in the X.X.X.X format. Defaults to '6.0.0.0'. If + an agent is not the minimum required version, the manager does not send + the rule to the agent, and generates an alert. Searchable as String. + type: str + minimum_manager_version: + description: Minimum Deep Security Manager version that supports the IntegrityMonitoringRule. + This value is provided in the X.X.X format. Defaults to '6.0.0'. An alert + will be raised if a manager that fails to meet the minimum manager version + value tries to assign this rule to a host or profile. Searchable as String. + type: str + severity: + description: Severity level of the event is multiplied by the computer's asset + value to determine ranking. Ranking can be used to sort events with more + business impact. Searchable as Choice. + type: str + choices: + - low + - medium + - high + - critical + type: + description: Type of the IntegrityMonitoringRule. If the rule is predefined + by Trend Micro, it is set to '2'. If it is user created, it is set to '1'. + Searchable as String. + type: str + original_issue: + description: Timestamp when the IntegrityMonitoringRule was originally issued + by Trend Micro, in milliseconds since epoch. Empty if the IntegrityMonitoringRule + is user created. Searchable as Date. + type: int + last_updated: + description: Timestamp when the IntegrityMonitoringRule was last updated, + in milliseconds since epoch. Searchable as Date. + type: int + identifier: + description: Identifier of the IntegrityMonitoringRule from Trend Micro. Empty + if the IntegrityMonitoringRule is user created. Searchable as String. + type: str + template: + description: Template which the IntegrityMonitoringRule follows. + type: str + choices: + - registry + - file + - custom + registry_key_root: + description: Registry hive which is monitored by the IntegrityMonitoringRule. + Empty if the IntegrityMonitoringRule does not monitor a registry key. + type: str + registry_key_value: + description: Registry key which is monitored by the IntegrityMonitoringRule. + Empty if the IntegrityMonitoringRule does not monitor a registry key. Ignored + if the IntegrityMonitoringRule does not monitor a registry key. + type: str + registry_include_sub_keys: + description: Controls whether the IntegrityMonitoringRule should also include + subkeys of the registry key it monitors. Defaults to 'false'. Ignored if + the IntegrityMonitoringRule does not monitor a registry key. + type: bool + registry_included_values: + description: Registry key values to be monitored by the IntegrityMonitoringRule. + JSON array or delimited by new line. Question mark matches a single character, + while '*' matches zero or more characters. Ignored if the IntegrityMonitoringRule + does not monitor a registry key. + type: list + elements: str + registry_include_default_value: + description: Controls whether the rule should monitor default registry key + values. Defaults to 'true'. Ignored if the IntegrityMonitoringRule does + not monitor a registry key. + type: bool + registry_excluded_values: + description: Registry key values to be ignored by the IntegrityMonitoringRule. + JSON array or delimited by new line. Question mark matches a single character, + while '*' matches zero or more characters. Ignored if the IntegrityMonitoringRule + does not monitor a registry key. + type: list + elements: str + registry_attributes: + description: Registry key attributes to be monitored by the IntegrityMonitoringRule. + JSON array or delimited by new line. Defaults to 'STANDARD' which will monitor + changes in registry size, content and type. Ignored if the IntegrityMonitoringRule + does not monitor a registry key. + type: list + elements: str + file_base_directory: + description: Base of the file directory to be monitored by the IntegrityMonitoringRule. + Ignored if the IntegrityMonitoringRule does not monitor a file directory. + type: str + file_include_sub_directories: + description: Controls whether the IntegrityMonitoringRule should also monitor + sub-directories of the base file directory that is associated with it. Defaults + to 'false'. Ignored if the IntegrityMonitoringRule does not monitor a file + directory. + type: bool + file_included_values: + description: File name values to be monitored by the IntegrityMonitoringRule. + JSON array or delimited by new line. Question mark matches a single character, + while '*' matches zero or more characters. Leaving this field blank when + monitoring file directories will cause the IntegrityMonitoringRule to monitor + all files in a directory. This can use significant system resources if the + base directory contains numerous or large files. Ignored if the IntegrityMonitoringRule + does not monitor a file directory. + type: list + elements: str + file_excluded_values: + description: File name values to be ignored by the IntegrityMonitoringRule. + JSON array or delimited by new line. Question mark matches a single character, + while '*' matches zero or more characters. Ignored if the IntegrityMonitoringRule + does not monitor a file directory. + type: list + elements: str + file_attributes: + description: File attributes to be monitored by the IntegrityMonitoringRule. + JSON array or delimited by new line. Defaults to 'STANDARD' which will monitor + changes in file creation date, last modified date, permissions, owner, group, + size, content, flags (Windows) and SymLinkPath (Linux). Ignored if the IntegrityMonitoringRule + does not monitor a file directory. + type: list + elements: str + custom_xml: + description: Custom XML rules to be used by the IntegrityMonitoringRule. Custom + XML rules must be encoded in the Base64 format. Ignored if the IntegrityMonitoringRule + does not follow the 'custom' template. + type: str + alert_enabled: + description: Controls whether an alert should be made if an event related + to the IntegrityMonitoringRule is logged. Defaults to 'false'. Searchable + as Boolean. + type: bool + real_time_monitoring_enabled: + description: Controls whether the IntegrityMonitoringRule is monitored in + real time or during every scan. Defaults to 'true' which indicates that + it is monitored in real time. A value of 'false' indicates that it will + only be checked during scans. Searchable as Boolean. + type: bool + recommendations_mode: + description: Indicates whether recommendation scans consider the IntegrityMonitoringRule. + Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable + as Choice. + type: str + choices: + - enabled + - ignored + - unknown + - disabled + id: + description: ID of the IntegrityMonitoringRule. Searchable as ID. + type: int + state: + description: + - The state the configuration should be left in + - The state I(gathered) will get the module API configuration from the device + and transform it into structured data in the format as per the module argspec + and the value is returned in the I(gathered) key within the result. + type: str + choices: + - merged + - replaced + - overridden + - gathered + - deleted + +author: Ansible Security Automation Team (@justjais) +""" + +EXAMPLES = """ + +# Using MERGED state +# ------------------- + +- name: Create Integrity Monitoring Rules + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + state: merged + config: + - name: THIS IS TEST IMR - 1 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 1 + real_time_monitoring_enabled: true + registry_included_values: + - test_1 + - test_2 + severity: medium + template: registry + - name: THIS IS TEST IMR - 2 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 2 + real_time_monitoring_enabled: true + registry_attributes: + - test + severity: low + template: registry + +# RUN output: +# ----------- + +# integrity_monitoring_rules: +# after: +# - alert_enabled: false +# description: THIS IS TEST IMR DESCRIPTION - 1 +# id: 328 +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: THIS IS TEST IMR - 1 +# real_time_monitoring_enabled: true +# registry_attributes: +# - STANDARD +# registry_excluded_values: +# - '' +# registry_include_default_value: true +# registry_include_sub_keys: false +# registry_included_values: +# - test_1 +# - test_2 +# registry_key_root: HKEY_CLASSES_ROOT +# registry_key_value: \ +# severity: medium +# template: registry +# - alert_enabled: false +# description: THIS IS TEST IMR DESCRIPTION - 2 +# id: 329 +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: THIS IS TEST IMR - 2 +# real_time_monitoring_enabled: true +# registry_attributes: +# - test +# registry_excluded_values: +# - '' +# registry_include_default_value: true +# registry_include_sub_keys: false +# registry_included_values: +# - '' +# registry_key_root: HKEY_CLASSES_ROOT +# registry_key_value: \ +# severity: low +# template: registry +# before: [] + +- name: Modify the severity of Integrity Monitoring Rule by name + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + state: merged + config: + - name: THIS IS TEST IMR - 2 + description: UPDATE TEST IMR DESCRIPTION - 2 + severity: medium + +# RUN output: +# ----------- + +# integrity_monitoring_rules: +# after: +# - alert_enabled: false +# description: UPDATE TEST IMR DESCRIPTION - 2 +# id: 329 +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: THIS IS TEST IMR - 2 +# real_time_monitoring_enabled: true +# registry_attributes: +# - test +# registry_excluded_values: +# - '' +# registry_include_default_value: true +# registry_include_sub_keys: false +# registry_included_values: +# - '' +# registry_key_root: HKEY_CLASSES_ROOT +# registry_key_value: \ +# severity: medium +# template: registry +# before: +# - alert_enabled: false +# description: THIS IS TEST IMR DESCRIPTION - 2 +# id: 329 +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: THIS IS TEST IMR - 2 +# real_time_monitoring_enabled: true +# registry_attributes: +# - test +# registry_excluded_values: +# - '' +# registry_include_default_value: true +# registry_include_sub_keys: false +# registry_included_values: +# - '' +# registry_key_root: HKEY_CLASSES_ROOT +# registry_key_value: \ +# severity: low +# template: registry + +# Using REPLACED state +# -------------------- + +- name: Replace existing Integrity Monitoring Rule + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + state: replaced + config: + - name: THIS IS TEST IMR - 1 + alert_enabled: false + description: THIS IS REPLACED TEST IMR DESCRIPTION - 1 + real_time_monitoring_enabled: true + registry_included_values: + - test_3 + - test_4 + severity: low + template: registry + +# RUN output: +# ----------- + +# integrity_monitoring_rules: +# after: +# - alert_enabled: false +# description: THIS IS REPLACED TEST IMR DESCRIPTION - 1 +# id: 330 +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: THIS IS TEST IMR - 1 +# real_time_monitoring_enabled: true +# registry_attributes: +# - STANDARD +# registry_excluded_values: +# - '' +# registry_include_default_value: true +# registry_include_sub_keys: false +# registry_included_values: +# - test_3 +# - test_4 +# registry_key_root: HKEY_CLASSES_ROOT +# registry_key_value: \ +# severity: low +# template: registry +# before: +# - alert_enabled: false +# description: THIS IS TEST IMR DESCRIPTION - 1 +# id: 328 +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: THIS IS TEST IMR - 1 +# real_time_monitoring_enabled: true +# registry_attributes: +# - STANDARD +# registry_excluded_values: +# - '' +# registry_include_default_value: true +# registry_include_sub_keys: false +# registry_included_values: +# - test_1 +# - test_2 +# registry_key_root: HKEY_CLASSES_ROOT +# registry_key_value: \ +# severity: medium +# template: registry + +# Using GATHERED state +# -------------------- + +- name: Gather Integrity Monitoring Rule by IMR names + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + state: gathered + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 + +# RUN output: +# ----------- + +# gathered: +# - alert_enabled: false +# description: THIS IS TEST IMR DESCRIPTION - 1 +# id: 330 +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: THIS IS TEST IMR - 1 +# real_time_monitoring_enabled: true +# registry_attributes: +# - STANDARD +# registry_excluded_values: +# - '' +# registry_include_default_value: true +# registry_include_sub_keys: false +# registry_included_values: +# - test_1 +# - test_3 +# - test_4 +# - test_2 +# registry_key_root: HKEY_CLASSES_ROOT +# registry_key_value: \ +# severity: medium +# template: registry +# - alert_enabled: false +# description: THIS IS TEST IMR DESCRIPTION - 2 +# id: 329 +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: THIS IS TEST IMR - 2 +# real_time_monitoring_enabled: true +# registry_attributes: +# - test +# registry_excluded_values: +# - '' +# registry_include_default_value: true +# registry_include_sub_keys: false +# registry_included_values: +# - '' +# registry_key_root: HKEY_CLASSES_ROOT +# registry_key_value: \ +# severity: low +# template: registry + +- name: Gather ALL of the Integrity Monitoring Rule + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + state: gathered + +# Using DELETED state +# ------------------- + +- name: Delete Integrity Monitoring Rule + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + state: deleted + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 + +# RUN output: +# ----------- + +# integrity_monitoring_rules: +# after: [] +# before: +# - alert_enabled: false +# description: THIS IS TEST IMR DESCRIPTION - 1 +# id: 330 +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: THIS IS TEST IMR - 1 +# real_time_monitoring_enabled: true +# registry_attributes: +# - STANDARD +# registry_excluded_values: +# - '' +# registry_include_default_value: true +# registry_include_sub_keys: false +# registry_included_values: +# - test_1 +# - test_3 +# - test_4 +# - test_2 +# registry_key_root: HKEY_CLASSES_ROOT +# registry_key_value: \ +# severity: medium +# template: registry +# - alert_enabled: false +# description: THIS IS TEST IMR DESCRIPTION - 2 +# id: 329 +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: THIS IS TEST IMR - 2 +# real_time_monitoring_enabled: true +# registry_attributes: +# - test +# registry_excluded_values: +# - '' +# registry_include_default_value: true +# registry_include_sub_keys: false +# registry_included_values: +# - '' +# registry_key_root: HKEY_CLASSES_ROOT +# registry_key_value: \ +# severity: low +# template: registry + +""" + +RETURN = """ +before: + description: The configuration as structured data prior to module invocation. + returned: always + type: list + sample: The configuration returned will always be in the same format of the parameters above. +after: + description: The configuration as structured data after module completion. + returned: when changed + type: list + sample: The configuration returned will always be in the same format of the parameters above. +""" diff --git a/plugins/modules/deepsec_integrity_monitoringrules.py b/plugins/modules/deepsec_integrity_monitoringrules.py new file mode 100644 index 0000000..33a9c29 --- /dev/null +++ b/plugins/modules/deepsec_integrity_monitoringrules.py @@ -0,0 +1,499 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +DOCUMENTATION = """ +module: deepsec_integrity_monitoringrules +short_description: Create/Configure Integrity Monitoring Rules. +description: +- This module creates and configure Integrity Monitoring Rules under TrendMicro Deep + Security. +version_added: 1.0.0 +deprecated: + alternative: deepsec_integrity_monitoring_rules + why: Newer and updated modules released with more functionality + removed_at_date: '2023-12-01' +options: + config: + description: Integrity Monitoring Rules config + type: list + elements: dict + suboptions: + name: + description: Name of the IntegrityMonitoringRule. + type: str + description: + description: Description of the IntegrityMonitoringRule. + type: str + severity: + description: Severity level of the event is multiplied by the computer's asset + value to determine ranking. Ranking can be used to sort events with more + business impact. + choices: [low, medium, high, critical] + type: str + template: + description: Template which the IntegrityMonitoringRule follows. + choices: [registry, file, custom] + type: str + registry_key_root: + description: Registry hive which is monitored by the IntegrityMonitoringRule. + Empty if the IntegrityMonitoringRule does not monitor a registry key. + type: str + registry_key_value: + description: Registry key which is monitored by the IntegrityMonitoringRule. + Empty if the IntegrityMonitoringRule does not monitor a registry key. Ignored + if the IntegrityMonitoringRule does not monitor a registry key. + type: str + registry_include_subkeys: + description: Controls whether the IntegrityMonitoringRule should also include + subkeys of the registry key it monitors. Ignored if the IntegrityMonitoringRule + does not monitor a registry key. + type: bool + registry_included_values: + description: Registry key values to be monitored by the IntegrityMonitoringRule. + Ignored if the IntegrityMonitoringRule does not monitor a registry key. + type: list + elements: str + registry_include_default_value: + description: Controls whether the rule should monitor default registry key + values. Ignored if the IntegrityMonitoringRule does not monitor a registry + key. + type: bool + registry_excluded_values: + description: Registry key values to be ignored by the IntegrityMonitoringRule. + Ignored if the IntegrityMonitoringRule does not monitor a registry key. + type: list + elements: str + registry_attributes: + description: Registry key attributes to be monitored by the IntegrityMonitoringRule. + Ignored if the IntegrityMonitoringRule does not monitor a registry key. + type: list + elements: str + filebase_directory: + description: Base of the file directory to be monitored by the IntegrityMonitoringRule. + Ignored if the IntegrityMonitoringRule does not monitor a file directory. + type: str + fileinclude_subdirectories: + description: Controls whether the IntegrityMonitoringRule should also monitor + sub-directories of the base file directory that is associated with it. Ignored + if the IntegrityMonitoringRule does not monitor a file directory. + type: bool + file_included_values: + description: File name values to be monitored by the IntegrityMonitoringRule. + Leaving this field blank when monitoring file directories will cause the + IntegrityMonitoringRule to monitor all files in a directory. This can use + significant system resources if the base directory contains numerous or + large files. Ignored if the IntegrityMonitoringRule does not monitor a file + directory. + type: list + elements: str + file_excluded_values: + description: File name values to be ignored by the IntegrityMonitoringRule. + Ignored if the IntegrityMonitoringRule does not monitor a file directory. + type: list + elements: str + file_attributes: + description: File attributes to be monitored by the IntegrityMonitoringRule. + Defaults to STANDARD which will monitor changes in file creation date, last + modified date, permissions, owner, group, size, content, flags (Windows) + and SymLinkPath (Linux). Ignored if the IntegrityMonitoringRule does not + monitor a file directory. + type: list + elements: str + custom_xml: + description: Custom XML rules to be used by the IntegrityMonitoringRule. Custom + XML rules must be encoded in the Base64 format. Ignored if the IntegrityMonitoringRule + does not follow the custom template. + type: str + alert_enabled: + description: Controls whether an alert should be made if an event related + to the IntegrityMonitoringRule is logged. Defaults to false. + type: bool + real_time_monitoring_enabled: + description: Controls whether the IntegrityMonitoringRule is monitored in + real time or during every scan. Defaults to true which indicates that it + is monitored in real time. A value of false indicates that it will only + be checked during scans. + type: bool + recommendations_mode: + description: Indicates whether recommendation scans consider the IntegrityMonitoringRule. + Can be set to enabled or ignored. Custom rules cannot be recommended. + choices: [enabled, ignored, unknown, disabled] + type: str + minimum_agent_version: + description: Minimum Deep Security Agent version that supports the IntegrityMonitoringRule. + This value is provided in the X.X.X.X format. Defaults to 6.0.0.0. If an + agent is not the minimum required version, the manager does not send the + rule to the agent, and generates an alert. APPLICABLE ONLY with GET call. + NOT APPLICABLE param with Create/Modify POST call. + type: str + minimum_manager_version: + description: Minimum Deep Security Manager version that supports the IntegrityMonitoringRule. + This value is provided in the X.X.X format. Defaults to 6.0.0. An alert + will be raised if a manager that fails to meet the minimum manager version + value tries to assign this rule to a host or profile. APPLICABLE ONLY with + GET call. NOT APPLICABLE param with Create/Modify POST call. + type: str + identifier: + description: Identifier of the IntegrityMonitoringRule from Trend Micro. Empty + if the IntegrityMonitoringRule is user created. APPLICABLE ONLY with GET + call. NOT APPLICABLE param with Create/Modify POST call. + type: str + type: + description: Type of the IntegrityMonitoringRule. If the rule is predefined + by Trend Micro, it is set to 2. If it is user created, it is set to 1. APPLICABLE + ONLY with GET call. NOT APPLICABLE param with Create/Modify POST call. + type: str + original_issue: + description: Timestamp when the IntegrityMonitoringRule was originally issued + by Trend Micro, in milliseconds since epoch. Empty if the IntegrityMonitoringRule + is user created. APPLICABLE ONLY with GET call. NOT APPLICABLE param with + Create/Modify POST call. + type: int + last_updated: + description: Timestamp when the IntegrityMonitoringRule was last updated, + in milliseconds since epoch. APPLICABLE ONLY with GET call. NOT APPLICABLE + param with Create/Modify POST call. + type: int + id: + description: ID of the IntegrityMonitoringRule. APPLICABLE ONLY with GET call. + NOT APPLICABLE param with Create/Modify POST call. + type: int + state: + description: + - The state the configuration should be left in + - The state I(gathered) will get the module API configuration from the device + and transform it into structured data in the format as per the module argspec + and the value is returned in the I(gathered) key within the result. + type: str + choices: + - present + - absent + - gathered + default: present +author: Ansible Security Automation Team (@justjais) " +""" + +EXAMPLES = """ + +# Using PRESENT state +# ------------------- + +- name: Create and Configure Integrity Monitoring Rules + trendmicro.deepsec.deepsec_integrity_monitoringrules: + state: present + config: + - name: THIS IS TEST IMR - 1 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 1 + real_time_monitoring_enabled: true + registry_included_values: + - test_1 + - test_2 + severity: medium + template: registry + - name: THIS IS TEST IMR - 2 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 2 + real_time_monitoring_enabled: true + registry_attributes: + - test + severity: low + template: registry +- name: Modify the severity of Integrity Monitoring Rule by name + trendmicro.deepsec.deepsec_integrity_monitoringrules: + state: present + config: + - name: THIS IS TEST IMR - 2 + severity: medium +- name: Gather Integrity Monitoring Rules by IMR names + trendmicro.deepsec.deepsec_integrity_monitoringrules: + state: gathered + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 +- name: Gather ALL of the Integrity Monitoring Rules + trendmicro.deepsec.deepsec_integrity_monitoringrules: + state: gathered +- name: Delete existing Integrity Monitoring Rules + trendmicro.deepsec.deepsec_integrity_monitoringrules: + state: absent + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 +""" + +import copy +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( + DeepSecurityRequest, + map_obj_to_params, + map_params_to_obj, + remove_get_keys_from_payload_dict, +) +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) + +key_transform = { + "id": "ID", + "registry_key_root": "registryKeyRoot", + "registry_key_value": "registryKeyValue", + "registry_include_subkeys": "registryIncludeSubKeys", + "registry_included_values": "registryIncludedValues", + "registry_include_default_value": "registryIncludeDefaultValue", + "registry_excluded_values": "registryExcludedValues", + "registry_attributes": "registryAttributes", + "filebase_directory": "fileBaseDirectory", + "fileinclude_subdirectories": "fileIncludeSubDirectories", + "file_included_values": "fileIncludedValues", + "file_excluded_values": "fileExcludedValues", + "file_attributes": "fileAttributes", + "custom_xml": "customXML", + "alert_enabled": "alertEnabled", + "real_time_monitoring_enabled": "realTimeMonitoringEnabled", + "recommendations_mode": "recommendationsMode", + "minimum_agent_version": "minimumAgentVersion", + "minimum_manager_version": "minimumManagerVersion", + "original_issue": "originalIssue", + "last_updated": "lastUpdated", +} + +get_supported_keys = [ + "minimum_agent_version", + "minimum_manager_version", + "identifier", + "type", + "original_issue", + "last_updated", + "id", +] + +api_object = "/api/integritymonitoringrules" +api_object_search = "/api/integritymonitoringrules/search" +api_return = "integrityMonitoringRules" +module_return = "integrity_monitoringrules" + + +def search_for_imr_by_name(deepsec_request, name): + search_payload = { + "maxItems": 1, + "searchCriteria": [ + {"fieldName": "name", "stringTest": "equal", "stringValue": name} + ], + } + search_result = search_for_integrity_monitoring_rules( + deepsec_request, search_payload + ) + return search_result + + +def display_gathered_result(module, deepsec_request): + return_config = {} + if module.params.get("config"): + return_config["config"] = [] + for each in module.params.get("config"): + search_result = search_for_imr_by_name( + deepsec_request, each["name"] + ) + return_config["config"].extend( + map_obj_to_params(search_result, key_transform, api_return)[ + api_return + ] + ) + else: + search_result = search_for_integrity_monitoring_rules(deepsec_request) + return_config["config"] = map_obj_to_params( + search_result, key_transform, api_return + )[api_return] + module.exit_json(gathered=return_config["config"], changed=False) + + +def search_for_integrity_monitoring_rules( + deepsec_api_request, search_payload=None +): + search_for_integrity_monitoring_rules = deepsec_api_request.post( + api_object_search, data=search_payload + ) + return search_for_integrity_monitoring_rules + + +def reset_module_api_config(module, deepsec_request): + if module.params.get("config"): + config = {} + before = [] + after = [] + changed = False + for each in module.params["config"]: + search_by_name = search_for_imr_by_name( + deepsec_request, each["name"] + ) + if search_by_name.get(api_return): + every = map_obj_to_params( + search_by_name[api_return][0], key_transform, api_return + ) + before.append(every) + api_request = deepsec_request.delete( + "{0}/{1}".format(api_object, every["id"]), data=each + ) + if api_request.get("errors"): + module.fail_json(msg=api_request["errors"]) + elif api_request.get("message"): + module.fail_json(msg=api_request["message"]) + changed = True + if api_request: + after.append( + map_obj_to_params( + api_request, key_transform, api_return + ) + ) + if changed: + config.update({"before": before, "after": after}) + module.exit_json(integrity_monitoringrules=config, changed=changed) + else: + config.update({"before": before}) + module.exit_json(integrity_monitoringrules=config, changed=changed) + + +def configure_module_api(argspec, module, deepsec_request): + if module.params.get("config"): + config = {} + before = [] + after = [] + changed = False + temp_name = [] + for each in module.params["config"]: + search_by_name = search_for_imr_by_name( + deepsec_request, each["name"] + ) + if search_by_name.get(api_return): + each_result = search_by_name[api_return] + temp = copy.deepcopy(each_result) + for every in temp: + every = map_obj_to_params(every, key_transform, api_return) + if every["name"] == each["name"]: + diff = utils.dict_diff(every, each) + if diff: + diff = remove_get_keys_from_payload_dict( + diff, get_supported_keys + ) + if diff: + if each["name"] not in temp_name: + after.extend(before) + before.append(every) + # Check for actual modification and if present fire + # the request over that IPR ID + each = utils.remove_empties( + utils.dict_merge(every, each) + ) + each = remove_get_keys_from_payload_dict( + each, get_supported_keys + ) + changed = True + utils.validate_config(argspec, {"config": [each]}) + payload = map_params_to_obj(each, key_transform) + api_request = deepsec_request.post( + "{0}/{1}".format(api_object, every["id"]), + data=payload, + ) + if api_request.get("errors"): + module.fail_json(msg=api_request["errors"]) + elif api_request.get("message"): + module.fail_json(msg=api_request["message"]) + after.append( + map_obj_to_params( + api_request, key_transform, api_return + ) + ) + else: + before.append(every) + temp_name.append(every["name"]) + else: + before.append(every) + else: + changed = True + each = remove_get_keys_from_payload_dict( + each, get_supported_keys + ) + utils.validate_config(argspec, {"config": [each]}) + payload = map_params_to_obj(each, key_transform) + api_request = deepsec_request.post( + "{0}".format(api_object), data=payload + ) + if api_request.get("errors"): + module.fail_json(msg=api_request["errors"]) + elif api_request.get("message"): + module.fail_json(msg=api_request["message"]) + after.append( + map_obj_to_params(api_request, key_transform, api_return) + ) + config.update({"before": before, "after": after}) + module.exit_json(integrity_monitoringrules=config, changed=changed) + + +def main(): + + imr_spec = { + "name": dict(type="str"), + "description": dict(type="str"), + "severity": dict( + type="str", choices=["low", "medium", "high", "critical"] + ), + "template": dict(type="str", choices=["registry", "file", "custom"]), + "registry_key_root": dict(type="str", no_log=True), + "registry_key_value": dict(type="str", no_log=True), + "registry_include_subkeys": dict(type="bool"), + "registry_included_values": dict(type="list", elements="str"), + "registry_include_default_value": dict(type="bool"), + "registry_excluded_values": dict(type="list", elements="str"), + "registry_attributes": dict(type="list", elements="str"), + "filebase_directory": dict(type="str"), + "fileinclude_subdirectories": dict(type="bool"), + "file_included_values": dict(type="list", elements="str"), + "file_excluded_values": dict(type="list", elements="str"), + "file_attributes": dict(type="list", elements="str"), + "custom_xml": dict(type="str"), + "alert_enabled": dict(type="bool"), + "real_time_monitoring_enabled": dict(type="bool"), + "recommendations_mode": dict( + type="str", choices=["enabled", "ignored", "unknown", "disabled"] + ), + "minimum_agent_version": dict(type="str"), + "minimum_manager_version": dict(type="str"), + "original_issue": dict(type="int"), + "last_updated": dict(type="int"), + "type": dict(type="str"), + "identifier": dict(type="str"), + "id": dict(type="int"), + } + + argspec = dict( + state=dict( + choices=["present", "absent", "gathered"], default="present" + ), + config=dict(type="list", elements="dict", options=imr_spec), + ) + + module = AnsibleModule(argument_spec=argspec, supports_check_mode=True) + deepsec_request = DeepSecurityRequest(module) + module.params = utils.remove_empties(module.params) + + if module.params["state"] == "gathered": + display_gathered_result(module=module, deepsec_request=deepsec_request) + elif module.params["state"] == "absent": + reset_module_api_config(module=module, deepsec_request=deepsec_request) + elif module.params["state"] == "present": + configure_module_api( + argspec=argspec, module=module, deepsec_request=deepsec_request + ) + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/deepsec_intrusion_prevention_rules.py b/plugins/modules/deepsec_intrusion_prevention_rules.py new file mode 100644 index 0000000..bd6d3a6 --- /dev/null +++ b/plugins/modules/deepsec_intrusion_prevention_rules.py @@ -0,0 +1,470 @@ +#!/usr/bin/python +# Copyright: Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = """ +module: deepsec_intrusion_prevention_rules +short_description: Intrusion Prevention Rule resource module. +description: +- This module creates a new intrusion preventin rul under TrendMicro Deep Security. +version_added: 1.2.0 +options: + config: + description: Intrusion prevention rules config + type: list + elements: dict + suboptions: + name: + description: Name of the IntrusionPreventionRule. + type: str + description: + description: Description of the IntrusionPreventionRule. + type: str + minimum_agent_version: + description: Version of the Deep Security agent or appliance required to support + the rule. + type: str + application_type_id: + description: ID of the application type for the IntrusionPreventionRule. + type: int + priority: + description: Priority level of the rule. Higher priority rules are applied + before lower priority rules. + choices: [lowest, low, normal, high, highest] + type: str + severity: + description: Severity level of the rule. Severity levels can be used as sorting + criteria and affect event rankings. + choices: [low, medium, high, critical] + type: str + detect_only: + description: In detect mode, the rule creates an event log and does not interfere + with traffic. + type: bool + event_logging_disabled: + description: Enable to prevent event logs from being created when the rule + is triggered. Not available if detect only is true. + type: bool + generate_event_on_packet_drop: + description: Generate an event every time a packet is dropped for the rule. + Not available if event logging disabled is true. + type: bool + always_include_packet_data: + description: Enabled to include package data in the event logs. Not available + if event logging disabled is true. + type: bool + debug_mode_enabled: + description: Enable to log additional packets preceeding and following the + packet that the rule detected. Not available if event logging disabled is + true. + type: bool + type: + description: Type of IntrusionPreventionRule. + choices: [custom, smart, vulnerability, exploit, hidden, policy, info] + type: str + original_issue: + description: Timestamp of the date the rule was released, in milliseconds + since epoch. + type: int + last_updated: + description: Timestamp of the last rule modification, in milliseconds since + epoch. + type: int + template: + description: Type of template for the IntrusionPreventionRule. Applicable + only to custom rules. + choices: [signature, start-end-patterns, custom] + type: str + signature: + description: Signature of the rule. Applicable to custom rules with template + type signature. + type: str + start: + description: Start pattern of the rule. Applicable to custom rules with template + type start-end-patterns. + type: str + patterns: + description: Body patterns of the rule, which must be found between start + and end patterns. Applicable to custom rules with template type start-end-patterns. + type: list + elements: str + end: + description: End pattern of the rule. Applicable to custom rules with template + type start-end-patterns. + type: str + case_sensitive: + description: Enable to make signatures and patterns case sensitive. Applicable + to custom rules with template type signature or start-end-patterns. + type: bool + condition: + description: Condition to determine if the rule is triggered. Applicable to + custom rules with template type start-end-patterns. + choices: [all, any, none] + type: str + action: + description: Action to apply if the rule is triggered. Applicable to custom + rules with template type signature or start-end-patterns. + choices: [drop, log-only] + type: str + custom_xml: + description: The custom XML used to define the rule. Applicable to custom + rules with template type custom. + type: str + alert_enabled: + description: Enable to raise an alert when the rule logs an event. + type: bool + schedule_id: + description: ID of the schedule which defines times during which the rule + is active. + type: int + context_id: + description: ID of the context in which the rule is applied. + type: int + recommendations_mode: + description: Indicates whether recommendation scans consider the IntrusionPreventionRule. + Can be set to enabled or ignored. Custom rules cannot be recommended. + choices: [enabled, ignored, unknown, disabled] + type: str + depends_on_rule_ids: + description: IDs of intrusion prevention rules the rule depends on, which + will be automatically assigned if this rule is assigned. + type: list + elements: int + cvss_score: + description: A measure of the severity of the vulnerability according the + National Vulnerability Database. + type: str + cve: + description: List of CVEs associated with the IntrusionPreventionRule. + type: list + elements: str + id: + description: ID for the Intrusion prevention rule. Applicaple only with GET + call Not applicaple param with Create/Modify POST call + type: int + identifier: + description: Identifier for the Intrusion prevention rule. Applicaple only + with GET call. Not applicaple param with Create/Modify POST call + type: str + can_be_assigned_alone: + description: Intrusion prevention rule can be assigned by self. Applicaple + only with GET call. Not applicaple param with Create/Modify POST call + type: bool + state: + description: + - The state the configuration should be left in + - The state I(gathered) will get the module API configuration from the device + and transform it into structured data in the format as per the module argspec + and the value is returned in the I(gathered) key within the result. + type: str + choices: + - merged + - replaced + - deleted + - gathered + default: present +author: Ansible Security Automation Team (@justjais) " +""" + +EXAMPLES = """ + +# Using MERGED state +# ------------------- + +- name: Create Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: merged + config: + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + template: signature + signature: test_new_signature_1 + debug_mode_enabled: false + description: TEST IPR 1 DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 1 + priority: normal + severity: medium + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + template: signature + signature: test_new_signature_2 + debug_mode_enabled: false + description: TEST IPR 2 DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 2 + priority: normal + severity: medium + +# RUN output: +# ----------- + +# intrusion_prevention_rules: +# after: +# - action: drop +# alert_enabled: false +# always_include_packet_data: false +# application_type_id: 300 +# case_sensitive: false +# debug_mode_enabled: false +# description: TEST IPR 1 DESCRIPTION +# detect_only: false +# event_logging_disabled: false +# generate_event_on_packet_drop: true +# id: 8657 +# name: TEST IPR 1 +# priority: normal +# severity: medium +# signature: test_new_signature_1 +# template: signature +# - action: drop +# alert_enabled: false +# always_include_packet_data: false +# application_type_id: 300 +# case_sensitive: false +# debug_mode_enabled: false +# description: TEST IPR 2 DESCRIPTION +# detect_only: false +# event_logging_disabled: false +# generate_event_on_packet_drop: true +# id: 8658 +# name: TEST IPR 2 +# priority: normal +# severity: medium +# signature: test_new_signature_2 +# template: signature +# before: [] + +- name: Modify the severity of Integrity Monitoring Rule by name + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: merged + config: + - name: TEST IPR 2 + description: UPDATE TEST IPR 2 DESCRIPTION + severity: low + +# RUN output: +# ----------- + +# intrusion_prevention_rules: +# after: +# - action: drop +# alert_enabled: false +# always_include_packet_data: false +# application_type_id: 300 +# case_sensitive: false +# debug_mode_enabled: false +# description: UPDATE TEST IPR 2 DESCRIPTION +# detect_only: false +# event_logging_disabled: false +# generate_event_on_packet_drop: true +# id: 8658 +# name: TEST IPR 2 +# priority: normal +# severity: low +# signature: test_new_signature_2 +# template: signature +# before: +# - action: drop +# alert_enabled: false +# always_include_packet_data: false +# application_type_id: 300 +# case_sensitive: false +# debug_mode_enabled: false +# description: TEST IPR 2 DESCRIPTION +# detect_only: false +# event_logging_disabled: false +# generate_event_on_packet_drop: true +# id: 8658 +# name: TEST IPR 2 +# priority: normal +# severity: medium +# signature: test_new_signature_2 +# template: signature + +# Using REPLACED state +# -------------------- + +- name: Replace existing Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: replaced + config: + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + template: signature + signature: test_new_signature_1 + debug_mode_enabled: false + description: TEST IPR 1 REPLACE DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 1 + priority: normal + severity: low + +# RUN output: +# ----------- + +# intrusion_prevention_rules: +# after: +# - action: drop +# alert_enabled: false +# always_include_packet_data: false +# application_type_id: 300 +# case_sensitive: false +# debug_mode_enabled: false +# description: TEST IPR 1 REPLACE DESCRIPTION +# detect_only: false +# event_logging_disabled: false +# generate_event_on_packet_drop: true +# id: 8659 +# name: TEST IPR 1 +# priority: normal +# severity: low +# signature: test_new_signature_1 +# template: signature +# before: +# - action: drop +# alert_enabled: false +# always_include_packet_data: false +# application_type_id: 300 +# case_sensitive: false +# debug_mode_enabled: false +# description: TEST IPR 1 DESCRIPTION +# detect_only: false +# event_logging_disabled: false +# generate_event_on_packet_drop: true +# id: 8657 +# name: TEST IPR 1 +# priority: normal +# severity: medium +# signature: test_new_signature_1 +# template: signature + +# Using GATHERED state +# -------------------- + +- name: Gather Intrusion Prevention Rules by IPR names + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: gathered + config: + - name: TEST IPR 1 + - name: TEST IPR 2 + +# RUN output: +# ----------- + +# gathered: +# - action: drop +# alert_enabled: false +# always_include_packet_data: false +# application_type_id: 300 +# case_sensitive: false +# debug_mode_enabled: false +# description: TEST IPR 1 DESCRIPTION +# detect_only: false +# event_logging_disabled: false +# generate_event_on_packet_drop: true +# id: 8659 +# name: TEST IPR 1 +# priority: normal +# severity: medium +# signature: test_new_signature_1 +# template: signature +# - action: drop +# alert_enabled: false +# always_include_packet_data: false +# application_type_id: 300 +# case_sensitive: false +# debug_mode_enabled: false +# description: TEST IPR 2 DESCRIPTION +# detect_only: false +# event_logging_disabled: false +# generate_event_on_packet_drop: true +# id: 8658 +# name: TEST IPR 2 +# priority: normal +# severity: medium +# signature: test_new_signature_2 +# template: signature + +- name: Gather ALL of the Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: gathered + +# Using DELETED state +# ------------------- + +- name: Delete Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: deleted + config: + - name: TEST IPR 1 + - name: TEST IPR 2 + +# RUN output: +# ----------- + +# intrusion_prevention_rules: +# after: [] +# before: +# - action: drop +# alert_enabled: false +# always_include_packet_data: false +# application_type_id: 300 +# case_sensitive: false +# debug_mode_enabled: false +# description: TEST IPR 1 DESCRIPTION +# detect_only: false +# event_logging_disabled: false +# generate_event_on_packet_drop: true +# id: 8659 +# name: TEST IPR 1 +# priority: normal +# severity: medium +# signature: test_new_signature_1 +# template: signature +# - action: drop +# alert_enabled: false +# always_include_packet_data: false +# application_type_id: 300 +# case_sensitive: false +# debug_mode_enabled: false +# description: TEST IPR 2 DESCRIPTION +# detect_only: false +# event_logging_disabled: false +# generate_event_on_packet_drop: true +# id: 8658 +# name: TEST IPR 2 +# priority: normal +# severity: medium +# signature: test_new_signature_2 +# template: signature + +""" + + +RETURN = """ +before: + description: The configuration as structured data prior to module invocation. + returned: always + type: list + sample: The configuration returned will always be in the same format of the parameters above. +after: + description: The configuration as structured data after module completion. + returned: when changed + type: list + sample: The configuration returned will always be in the same format of the parameters above. + +""" diff --git a/plugins/modules/deepsec_intrusion_preventionrules.py b/plugins/modules/deepsec_intrusion_preventionrules.py new file mode 100644 index 0000000..df84779 --- /dev/null +++ b/plugins/modules/deepsec_intrusion_preventionrules.py @@ -0,0 +1,566 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +DOCUMENTATION = """ +module: deepsec_intrusion_preventionrules +short_description: Create a new intrusion prevention rule. +description: +- This module creates a new intrusion preventin rul under TrendMicro Deep Security. +version_added: 1.0.0 +deprecated: + alternative: deepsec_intrusion_prevention_rules + why: Newer and updated modules released with more functionality + removed_at_date: '2023-12-01' +options: + config: + description: Intrusion prevention rules config + type: list + elements: dict + suboptions: + name: + description: + - Name of the IntrusionPreventionRule. + - Searchable as String. + type: str + description: + description: + - Description of the IntrusionPreventionRule. + - Searchable as String. + type: str + minimum_agent_version: + description: + - Version of the Deep Security agent or appliance required to support the + rule. + - Searchable as String. + type: str + application_type_id: + description: + - ID of the application type for the IntrusionPreventionRule. + - Searchable as Numeric. + type: int + priority: + description: + - Priority level of the rule. Higher priority rules are applied before lower + priority rules. + - Searchable as Choice. + choices: [lowest, low, normal, high, highest] + type: str + severity: + description: + - Severity level of the rule. Severity levels can be used as sorting criteria + and affect event rankings. + - Searchable as Choice. + choices: [low, medium, high, critical] + type: str + detect_only: + description: In detect mode, the rule creates an event log and does not interfere + with traffic. + type: bool + event_logging_disabled: + description: + - Enable to prevent event logs from being created when the rule is triggered. + - Not available if detect only is true. + - Searchable as Boolean. + type: bool + generate_event_on_packet_drop: + description: + - Generate an event every time a packet is dropped for the rule. + - Not available if event logging disabled is true. + - Searchable as Boolean. + type: bool + always_include_packet_data: + description: + - Enabled to include package data in the event logs. + - Not available if event logging disabled is true. + - Searchable as Boolean. + type: bool + debug_mode_enabled: + description: + - Enable to log additional packets preceeding and following the packet that + the rule detected. + - Not available if event logging disabled is true. + - Searchable as Boolean. + type: bool + type: + description: + - Type of IntrusionPreventionRule. + - Searchable as Choice. + choices: [custom, smart, vulnerability, exploit, hidden, policy, info] + type: str + original_issue: + description: + - Timestamp of the date the rule was released, in milliseconds since epoch. + - Searchable as Date. + type: int + last_updated: + description: + - Timestamp of the last rule modification, in milliseconds since epoch. + - Searchable as Date. + type: int + template: + description: Type of template for the IntrusionPreventionRule. Applicable + only to custom rules. + choices: [signature, start-end-patterns, custom] + type: str + signature: + description: Signature of the rule. Applicable to custom rules with template + type signature. + type: str + start: + description: Start pattern of the rule. Applicable to custom rules with template + type start-end-patterns. + type: str + patterns: + description: + - Body patterns of the rule, which must be found between start and end patterns. + - Applicable to custom rules with template type start-end-patterns. + type: list + elements: str + end: + description: End pattern of the rule. Applicable to custom rules with template + type start-end-patterns. + type: str + case_sensitive: + description: + - Enable to make signatures and patterns case sensitive. + - Applicable to custom rules with template type signature or start-end-patterns. + type: bool + condition: + description: + - Condition to determine if the rule is triggered. + - Applicable to custom rules with template type start-end-patterns. + choices: [all, any, none] + type: str + action: + description: + - Action to apply if the rule is triggered. + - Applicable to custom rules with template type signature or start-end-patterns. + choices: [drop, log-only] + type: str + custom_xml: + description: + - The custom XML used to define the rule. + - Applicable to custom rules with template type custom. + type: str + alert_enabled: + description: + - Enable to raise an alert when the rule logs an event. + - Searchable as Boolean. + type: bool + schedule_id: + description: + - ID of the schedule which defines times during which the rule is active. + - Searchable as Numeric. + type: int + context_id: + description: + - ID of the context in which the rule is applied. + - Searchable as Numeric. + type: int + recommendations_mode: + description: + - Indicates whether recommendation scans consider the IntrusionPreventionRule. + - Can be set to enabled or ignored. Custom rules cannot be recommended. + - Searchable as Choice. + choices: [enabled, ignored, unknown, disabled] + type: str + depends_on_rule_ids: + description: + - IDs of intrusion prevention rules the rule depends on, which will be automatically + assigned if this rule is assigned. + type: list + elements: int + cvss_score: + description: + - A measure of the severity of the vulnerability according the National Vulnerability + Database. + - Searchable as String or as Numeric. + type: str + cve: + description: + - List of CVEs associated with the IntrusionPreventionRule. + - Searchable as String. + type: list + elements: str + id: + description: + - ID for the Intrusion prevention rule. + - Applicaple only with GET call + - Not applicaple param with Create/Modify POST call + type: int + identifier: + description: + - Identifier for the Intrusion prevention rule. + - Applicaple only with GET call + - Not applicaple param with Create/Modify POST call + type: str + can_be_assigned_alone: + description: + - Intrusion prevention rule can be assigned by self. + - Applicaple only with GET call + - Not applicaple param with Create/Modify POST call + type: bool + state: + description: + - The state the configuration should be left in + - The state I(gathered) will get the module API configuration from the device + and transform it into structured data in the format as per the module argspec + and the value is returned in the I(gathered) key within the result. + type: str + choices: + - present + - absent + - gathered + default: present +author: Ansible Security Automation Team (@justjais) " +""" + +EXAMPLES = """ + +# Using PRESENT state +# ------------------- + +- name: Create Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_preventionrules: + state: present + config: + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + template: signature + signature: test_new_signature_1 + debug_mode_enabled: false + description: TEST IPR 2 DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 1 + priority: normal + severity: medium + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + template: signature + signature: test_new_signature_2 + debug_mode_enabled: false + description: TEST IPR 2 DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 2 + priority: normal + severity: medium +- name: Modify the severity of Integrity Monitoring Rule by name + trendmicro.deepsec.deepsec_intrusion_preventionrules: + state: present + config: + - name: TEST IPR 2 + severity: low +- name: Gather Intrusion Prevention Rules by IPR names + trendmicro.deepsec.deepsec_intrusion_preventionrules: + state: gathered + config: + - name: TEST IPR 1 + - name: TEST IPR 2 +- name: Gather ALL of the Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_preventionrules: + state: gathered +- name: Delete Intrusion Prevention Rules + trendmicro.deepsec.deepsec_intrusion_preventionrules: + state: absent + config: + - name: TEST IPR 1 + - name: TEST IPR 2 +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( + DeepSecurityRequest, + map_obj_to_params, + map_params_to_obj, + remove_get_keys_from_payload_dict, +) +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) + +key_transform = { + "id": "ID", + "minimum_agent_version": "minimumAgentVersion", + "application_type_id": "applicationTypeID", + "detect_only": "detectOnly", + "event_logging_disabled": "eventLoggingDisabled", + "generate_event_on_packet_drop": "generateEventOnPacketDrop", + "always_include_packet_data": "alwaysIncludePacketData", + "debug_mode_enabled": "debugModeEnabled", + "original_issue": "originalIssue", + "last_updated": "lastUpdated", + "can_be_assigned_alone": "canBeAssignedAlone", + "case_sensitive": "caseSensitive", + "custom_xml": "customXML", + "alert_enabled": "alertEnabled", + "schedule_id": "scheduleID", + "context_id": "contextID", + "recommendations_mode": "recommendationsMode", + "depends_on_rule_ids": "dependsOnRuleIDs", + "cvss_score": "CVSSScore", + "cve": "CVE", +} + +get_supported_keys = ["id", "identifier", "can_be_assigned_alone"] + +api_object = "/api/intrusionpreventionrules" +api_object_search = "/api/intrusionpreventionrules/search" +api_return = "intrusionPreventionRules" +module_return = "intrusion_preventionrules" + + +def search_for_ipr_by_name(deepsec_request, name): + search_payload = { + "maxItems": 1, + "searchCriteria": [ + {"fieldName": "name", "stringTest": "equal", "stringValue": name} + ], + } + search_result = search_for_intrusion_prevention_rules( + deepsec_request, search_payload + ) + return search_result + + +def display_gathered_result(module, deepsec_request): + return_config = {} + if module.params.get("config"): + return_config["config"] = [] + for each in module.params.get("config"): + search_result = search_for_ipr_by_name( + deepsec_request, each["name"] + ) + return_config["config"].extend( + map_obj_to_params(search_result, key_transform, api_return)[ + api_return + ] + ) + else: + search_result = search_for_intrusion_prevention_rules(deepsec_request) + return_config["config"] = map_obj_to_params( + search_result, key_transform, api_return + )[api_return] + module.exit_json(gathered=return_config["config"], changed=False) + + +def search_for_intrusion_prevention_rules( + deepsec_api_request, search_payload=None +): + search_for_intrusion_prevention_rules = deepsec_api_request.post( + api_object_search, data=search_payload + ) + return search_for_intrusion_prevention_rules + + +def reset_module_api_config(module, deepsec_request): + if module.params.get("config"): + config = {} + before = [] + after = [] + changed = False + for each in module.params["config"]: + search_by_name = search_for_ipr_by_name( + deepsec_request, each["name"] + ) + if search_by_name.get(api_return): + every = map_obj_to_params( + search_by_name[api_return][0], key_transform, api_return + ) + before.append(every) + api_request = deepsec_request.delete( + "{0}/{1}".format(api_object, every["id"]), data=each + ) + if api_request.get("errors"): + module.fail_json(msg=api_request["errors"]) + elif api_request.get("message"): + module.fail_json(msg=api_request["message"]) + changed = True + if api_request: + after.append( + map_obj_to_params( + api_request, key_transform, api_return + ) + ) + if changed: + config.update({"before": before, "after": after}) + module.exit_json(intrusion_preventionrules=config, changed=changed) + else: + config.update({"before": before}) + module.exit_json(intrusion_preventionrules=config, changed=changed) + + +def configure_module_api(argspec, module, deepsec_request): + if module.params.get("config"): + config = {} + before = [] + after = [] + changed = False + remove_from_diff_compare = [ + "cvss_score", + "cve", + "can_be_assigned_alone", + "type", + ] + temp_name = [] + for each in module.params["config"]: + search_by_name = search_for_ipr_by_name( + deepsec_request, each["name"] + ) + if search_by_name.get(api_return): + each_result = search_by_name[api_return] + for every in each_result: + every = map_obj_to_params(every, key_transform, api_return) + if every["name"] == each["name"]: + diff = utils.dict_diff(every, each) + if diff: + diff = remove_get_keys_from_payload_dict( + diff, remove_from_diff_compare + ) + if diff: + if each["name"] not in temp_name: + after.extend(before) + before.append(every) + # Check for actual modification and if present fire + # the request over that IPR ID + each = utils.remove_empties( + utils.dict_merge(every, each) + ) + each = remove_get_keys_from_payload_dict( + each, remove_from_diff_compare + ) + changed = True + utils.validate_config(argspec, {"config": [each]}) + payload = map_params_to_obj(each, key_transform) + api_request = deepsec_request.post( + "{0}/{1}".format(api_object, every["id"]), + data=payload, + ) + if api_request.get("errors"): + module.fail_json(msg=api_request["errors"]) + elif api_request.get("message"): + module.fail_json(msg=api_request["message"]) + after.append( + map_obj_to_params( + api_request, key_transform, api_return + ) + ) + else: + before.append(every) + temp_name.append(every["name"]) + else: + before.append(every) + else: + changed = True + each = remove_get_keys_from_payload_dict( + each, get_supported_keys + ) + utils.validate_config(argspec, {"config": [each]}) + payload = map_params_to_obj(each, key_transform) + api_request = deepsec_request.post( + "{0}".format(api_object), data=payload + ) + if api_request.get("errors"): + module.fail_json(msg=api_request["errors"]) + elif api_request.get("message"): + module.fail_json(msg=api_request["message"]) + after.append( + map_obj_to_params(api_request, key_transform, api_return) + ) + config.update({"before": before, "after": after}) + module.exit_json(intrusion_preventionrules=config, changed=changed) + + +def main(): + + ipr_spec = { + "name": dict(type="str"), + "description": dict(type="str"), + "minimum_agent_version": dict(type="str"), + "application_type_id": dict(type="int"), + "priority": dict( + type="str", choices=["lowest", "low", "normal", "high", "highest"] + ), + "severity": dict( + type="str", choices=["low", "medium", "high", "critical"] + ), + "detect_only": dict(type="bool"), + "event_logging_disabled": dict(type="bool"), + "generate_event_on_packet_drop": dict(type="bool"), + "always_include_packet_data": dict(type="bool"), + "debug_mode_enabled": dict(type="bool"), + "type": dict( + type="str", + choices=[ + "custom", + "smart", + "vulnerability", + "exploit", + "hidden", + "policy", + "info", + ], + ), + "original_issue": dict(type="int"), + "id": dict(type="int"), + "identifier": dict(type="str"), + "last_updated": dict(type="int"), + "template": dict( + type="str", choices=["signature", "start-end-patterns", "custom"] + ), + "signature": dict(type="str"), + "start": dict(type="str"), + "patterns": dict(type="list", elements="str"), + "end": dict(type="str"), + "can_be_assigned_alone": dict(type="bool"), + "case_sensitive": dict(type="bool"), + "condition": dict(type="str", choices=["all", "any", "none"]), + "action": dict(type="str", choices=["drop", "log-only"]), + "custom_xml": dict(type="str"), + "alert_enabled": dict(type="bool"), + "schedule_id": dict(type="int"), + "context_id": dict(type="int"), + "recommendations_mode": dict( + type="str", choices=["enabled", "ignored", "unknown", "disabled"] + ), + "depends_on_rule_ids": dict(type="list", elements="int"), + "cvss_score": dict(type="str"), + "cve": dict(type="list", elements="str"), + } + + argspec = dict( + state=dict( + choices=["present", "absent", "gathered"], default="present" + ), + config=dict(type="list", elements="dict", options=ipr_spec), + ) + + module = AnsibleModule(argument_spec=argspec, supports_check_mode=True) + deepsec_request = DeepSecurityRequest(module) + module.params = utils.remove_empties(module.params) + + if module.params["state"] == "gathered": + display_gathered_result(module=module, deepsec_request=deepsec_request) + elif module.params["state"] == "absent": + reset_module_api_config(module=module, deepsec_request=deepsec_request) + elif module.params["state"] == "present": + configure_module_api( + argspec=argspec, module=module, deepsec_request=deepsec_request + ) + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/deepsec_log_inspection_rules.py b/plugins/modules/deepsec_log_inspection_rules.py new file mode 100644 index 0000000..504b62b --- /dev/null +++ b/plugins/modules/deepsec_log_inspection_rules.py @@ -0,0 +1,566 @@ +#!/usr/bin/python +# Copyright: Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = """ +module: deepsec_log_inspection_rules +short_description: Manages Log Inspection Rule resource module +description: Contains string matching and threshold to trigger alerts as well as group + information for LogInspectionRules. +version_added: 1.2.0 +options: + config: + description: A dictionary of Log Inspection Rules options + type: list + elements: dict + suboptions: + name: + description: Name of the LogInspectionRule. Searchable as String. + type: str + description: + description: Description of the LogInspectionRule that appears in search results, + and on the General tab in the Deep Security Manager user interface. Searchable + as String. + type: str + minimum_agent_version: + description: Minimum Deep Security Agent version required by the LogInspectionRule. + Searchable as String. + type: str + minimum_manager_version: + description: Minimumn Deep Security Manager version required by the LogInspectionRule. + Searchable as String. + type: str + type: + description: Type of the LogInspectionRule. The value 'Defined' is used for + LogInspectionRules provided by Trend Micro. Searchable as String. + type: str + original_issue: + description: Creation timestamp of the LogInspectionRule, measured in milliseconds + since epoch. Searchable as Date. + type: int + last_updated: + description: Update timestamp of the LogInspectionRule, measured in milliseconds + since epoch. Searchable as Date. + type: int + identifier: + description: Indentifier of the LogInspectionRule used in the Deep Security + Manager user interface. Searchable as String. + type: str + template: + description: Template used to create this rule. + type: str + choices: + - basic-rule + - custom + rule_id: + description: ID of the LogInspectionRule sent to the Deep Security Agent. + The values 100000 - 109999 are reserved for user-definded rules. + type: int + level: + description: Log level of the LogInspectionRule indicates severity of attack. + Level 0 is the least severe and will not log an event. Level 15 is the most + severe. + type: int + groups: + description: Groups that the LogInspectionRule is assigned to, separated by + commas. Useful when dependency is used as it's possible to create a LogInspectionRule + that fires when another LogInspectionRule belonging to a specific group + fires. + type: list + elements: str + rule_description: + description: Description of the LogInspectionRule that appears on events and + the Content tab in the Deep Security Manager user interface. Alternatively, + you can configure this by inserting a description in 'ruleXML'. + type: str + pattern: + description: Regular expression pattern the LogInspectionRule will look for + in the logs. The rule will be triggered on a match. Open Source HIDS SEcurity + (OSSEC) regular expression syntax is supported, see http://www.ossec.net/docs/syntax/regex.html. + type: str + pattern_type: + description: Pattern the LogInspectionRule will look for in the logs. The + string matching pattern is faster than the regex pattern. + type: str + choices: + - string + - regex + dependency: + description: Indicates if a dependant rule or dependency group is set or not. + If set, the LogInspectionRule will only log an event if the dependency is + triggered. Available for user-defined rules. + type: str + choices: + - none + - rule + - group + dependency_rule_id: + description: If dependency is configured, the ID of the rule that this rule + is dependant on. Ignored if the rule is from Trend Micro, which uses 'dependsOnRuleIDs' + instead. + type: int + dependency_group: + description: If dependency is configured, the dependancy groups that this + rule is dependant on. + type: str + frequency: + description: Number of times the dependant rule has to match within a specific + time frame before the rule is triggered. + type: int + time_frame: + description: Time period for the frequency of LogInspectionRule triggers that + will generate an event, in seconds. + type: int + rule_xml: + description: LogInspectionRule in an XML format. For information on the XML + format, see http://ossec-docs.readthedocs.io/en/latest/syntax/head_rules.html + type: str + log_files: + description: Log file objects + type: dict + suboptions: + log_files: + description: Array of objects (logFile) + type: list + elements: dict + suboptions: + location: + description: File path of the log file. + type: str + format: + description: Structure of the data in the log file. The application + that generates the log file defines the structure of the data. + choices: [syslog, snort-full, snort-fast, apache, iis, squid, nmapg, + mysql-log, postgresql-log, dbj-multilog, eventlog, single-line-text-log] + type: str + alert_enabled: + description: Controls whether to raise an alert when a LogInspectionRule logs + an event. Use true to raise an alert. Searchable as Boolean. + type: bool + alert_minimum_severity: + description: Severity level that will trigger an alert. Ignored unless 'ruleXML' + contains multiple rules with different severities, and so you must indicate + which severity level to use. Searchable as Numeric. + type: int + recommendations_mode: + description: Indicates whether recommendation scans consider the LogInspectionRule. + Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable + as Choice. + type: str + choices: + - enabled + - ignored + - unknown + - disabled + sort_order: + description: Order in which LogInspectionRules are sent to the Deep Security + Agent. Log inspeciton rules are sent in ascending order. Valid values are + between 10000 and 20000. + type: int + can_be_assigned_alone: + description: Indicates whether this LogInspectionRule can be allocated without + allocating any additional LogInspectionRules. Ignored if the rule is user-defined, + which uses 'dependency' instead. + type: bool + depends_on_rule_ids: + description: IDs of LogInspectionRules, separated by commas, that are required + by this rule. Ignored if the rule is user-defined, which uses 'dependencyRuleID' + or 'dependencyGroup' instead. + type: list + elements: int + id: + description: ID of the LogInspectionRule. This number is set automatically. + Searchable as ID. + type: int + state: + description: + - The state the configuration should be left in + - The state I(gathered) will get the module API configuration from the device + and transform it into structured data in the format as per the module argspec + and the value is returned in the I(gathered) key within the result. + type: str + choices: + - merged + - replaced + - overridden + - gathered + - deleted + +author: Ansible Security Automation Team (@justjais) +""" + +EXAMPLES = """ + +# Using MERGED state +# ------------------- + +- name: Create Log Inspection Rules + trendmicro.deepsec.deepsec_log_inspection_rules: + state: merged + config: + - name: custom log_rule for mysqld event + description: MYSQLD description + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100001 + rule_description: sqld rule description + groups: + - test + alert_minimum_severity: 4 + alert_enabled: true + log_files: + log_files: + - location: /var/log/mysqld.log + format: mysql-log + - name: custom log_rule for daemon event + description: DAEMON description + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100002 + rule_description: deamon rule description + groups: + - test + alert_minimum_severity: 3 + alert_enabled: true + log_files: + log_files: + - location: /var/log/daemon.log + format: eventlog + +# RUN output: +# ----------- + +# log_inspection_rules: +# after: +# - alert_enabled: true +# alert_minimum_severity: 4 +# dependency: none +# description: MYSQLD description +# groups: +# - test +# id: 179 +# level: 0 +# log_files: +# log_files: +# - format: mysql-log +# location: /var/log/mysqld.log +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: custom log_rule for mysqld event +# pattern: name +# pattern_type: string +# rule_description: sqld rule description +# rule_id: 100001 +# sort_order: 15000 +# template: basic-rule +# - alert_enabled: true +# alert_minimum_severity: 3 +# dependency: none +# description: DAEMON description +# groups: +# - test +# id: 180 +# level: 0 +# log_files: +# log_files: +# - format: eventlog +# location: /var/log/daemon.log +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: custom log_rule for daemon event +# pattern: name +# pattern_type: string +# rule_description: deamon rule description +# rule_id: 100002 +# sort_order: 15000 +# template: basic-rule +# before: [] + +- name: Modify the Pattern type of Log Inspection Rule by name + trendmicro.deepsec.deepsec_log_inspection_rules: + state: merged + config: + - name: custom log_rule for mysqld event + description: UPDATE pattern type for mysqld log event + pattern: name + pattern_type: regex + log_files: + log_files: + - location: /var/log/messages + format: syslog + +# RUN output: +# ----------- + +# log_inspection_rules: +# after: +# - alert_enabled: true +# alert_minimum_severity: 4 +# dependency: none +# description: UPDATE pattern type for mysqld log event +# groups: +# - test +# id: 179 +# level: 0 +# log_files: +# log_files: +# - format: mysql-log +# location: /var/log/mysqld.log +# - format: syslog +# location: /var/log/messages +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: custom log_rule for mysqld event +# pattern: name +# pattern_type: regex +# rule_description: sqld rule description +# rule_id: 100001 +# sort_order: 15000 +# template: basic-rule +# before: +# - alert_enabled: true +# alert_minimum_severity: 4 +# dependency: none +# description: MYSQLD description +# groups: +# - test +# id: 179 +# level: 0 +# log_files: +# log_files: +# - format: mysql-log +# location: /var/log/mysqld.log +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: custom log_rule for mysqld event +# pattern: name +# pattern_type: string +# rule_description: sqld rule description +# rule_id: 100001 +# sort_order: 15000 +# template: basic-rule + +# Using REPLACED state +# -------------------- + +- name: Replace existing Log Inspection Rules + trendmicro.deepsec.deepsec_log_inspection_rules: + state: replaced + config: + - name: custom log_rule for daemon event + description: REPLACED log daemon event + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100003 + rule_description: daemon rule description + groups: + - test + alert_minimum_severity: 5 + alert_enabled: true + log_files: + log_files: + - location: /var/log/messages + format: syslog + +# RUN output: +# ----------- + +# log_inspection_rules: +# after: +# - alert_enabled: true +# alert_minimum_severity: 5 +# dependency: none +# description: REPLACED log daemon event +# groups: +# - test +# id: 181 +# level: 0 +# log_files: +# log_files: +# - format: syslog +# location: /var/log/messages +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: custom log_rule for daemon event +# pattern: name +# pattern_type: string +# rule_description: daemon rule description +# rule_id: 100003 +# sort_order: 15000 +# template: basic-rule +# before: +# - alert_enabled: true +# alert_minimum_severity: 3 +# dependency: none +# description: DAEMON description +# groups: +# - test +# id: 180 +# level: 0 +# log_files: +# log_files: +# - format: eventlog +# location: /var/log/daemon.log +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: custom log_rule for daemon event +# pattern: name +# pattern_type: string +# rule_description: deamon rule description +# rule_id: 100002 +# sort_order: 15000 +# template: basic-rule + +# Using GATHERED state +# -------------------- + +- name: Gather Log Inspection Rules by IPR names + trendmicro.deepsec.deepsec_log_inspection_rules: + state: gathered + config: + - name: custom log_rule for mysqld event + - name: custom log_rule for daemon event + +# RUN output: +# ----------- + +# gathered: +# - alert_enabled: true +# alert_minimum_severity: 4 +# dependency: none +# description: UPDATE pattern type for mysqld log event +# groups: +# - test +# id: 179 +# level: 0 +# log_files: +# log_files: +# - format: mysql-log +# location: /var/log/mysqld.log +# - format: syslog +# location: /var/log/messages +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: custom log_rule for mysqld event +# pattern: name +# pattern_type: regex +# rule_description: sqld rule description +# rule_id: 100001 +# sort_order: 15000 +# template: basic-rule +# - alert_enabled: true +# alert_minimum_severity: 5 +# dependency: none +# description: REPLACED log daemon event +# groups: +# - test +# id: 181 +# level: 0 +# log_files: +# log_files: +# - format: syslog +# location: /var/log/messages +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: custom log_rule for daemon event +# pattern: name +# pattern_type: string +# rule_description: daemon rule description +# rule_id: 100003 +# sort_order: 15000 +# template: basic-rule + +- name: Gather ALL of the Log Inspection Rules + trendmicro.deepsec.deepsec_log_inspection_rules: + state: gathered + +# Using DELETED state +# ------------------- + +- name: Delete Log Inspection Rules + trendmicro.deepsec.deepsec_log_inspection_rules: + state: deleted + config: + - name: custom log_rule for mysqld event + - name: custom log_rule for daemon event + +# RUN output: +# ----------- + +# log_inspection_rules: +# after: [] +# before: +# - alert_enabled: true +# alert_minimum_severity: 4 +# dependency: none +# description: UPDATE pattern type for mysqld log event +# groups: +# - test +# id: 179 +# level: 0 +# log_files: +# log_files: +# - format: mysql-log +# location: /var/log/mysqld.log +# - format: syslog +# location: /var/log/messages +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: custom log_rule for mysqld event +# pattern: name +# pattern_type: regex +# rule_description: sqld rule description +# rule_id: 100001 +# sort_order: 15000 +# template: basic-rule +# - alert_enabled: true +# alert_minimum_severity: 5 +# dependency: none +# description: REPLACED log daemon event +# groups: +# - test +# id: 181 +# level: 0 +# log_files: +# log_files: +# - format: syslog +# location: /var/log/messages +# minimum_agent_version: 6.0.0.0 +# minimum_manager_version: 6.0.0 +# name: custom log_rule for daemon event +# pattern: name +# pattern_type: string +# rule_description: daemon rule description +# rule_id: 100003 +# sort_order: 15000 +# template: basic-rule + +""" + + +RETURN = """ +before: + description: The configuration as structured data prior to module invocation. + returned: always + type: list + sample: The configuration returned will always be in the same format of the parameters above. +after: + description: The configuration as structured data after module completion. + returned: when changed + type: list + sample: The configuration returned will always be in the same format of the parameters above. + +""" diff --git a/plugins/modules/deepsec_log_inspectionrules.py b/plugins/modules/deepsec_log_inspectionrules.py new file mode 100644 index 0000000..cd4a8ea --- /dev/null +++ b/plugins/modules/deepsec_log_inspectionrules.py @@ -0,0 +1,435 @@ +#!/usr/bin/python +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +DOCUMENTATION = """ +module: deepsec_log_inspectionrules +short_description: Create a new log inspection rule. +description: +- This module creates a new log inspection rule under TrendMicro Deep Security. +version_added: 1.0.0 +deprecated: + alternative: deepsec_log_inspection_rules + why: Newer and updated modules released with more functionality + removed_at_date: '2023-12-01' +author: Ansible Security Automation Team (@justjais) +options: + name: + description: Name of the LogInspectionRule. + required: true + type: str + description: + description: Description of the LogInspectionRule that appears in search results, + and on the General tab in the Deep Security Manager user interface. + type: str + minimum_agent_version: + description: Minimum Deep Security Agent version required by the LogInspectionRule. + type: str + minimum_manager_version: + description: Minimumn Deep Security Manager version required by the LogInspectionRule. + type: str + type: + description: Type of the LogInspectionRule. The value 'Defined' is used for LogInspectionRules + provided by Trend Micro. + type: str + original_issue: + description: Creation timestamp of the LogInspectionRule, measured in milliseconds + since epoch. + type: int + last_updated: + description: Update timestamp of the LogInspectionRule, measured in milliseconds + since epoch. + type: int + identifier: + description: Indentifier of the LogInspectionRule used in the Deep Security Manager + user interface. + type: str + template: + description: Template used to create this rule. + choices: [basic-rule, custom] + type: str + rule_id: + description: ID of the LogInspectionRule sent to the Deep Security Agent. The + values 100000 - 109999 are reserved for user-definded rules. + type: int + level: + description: Log level of the LogInspectionRule indicates severity of attack. + Level 0 is the least severe and will not log an event. Level 15 is the most + severe. + type: int + groups: + description: Groups that the LogInspectionRule is assigned to, separated by commas. + Useful when dependency is used as it's possible to create a LogInspectionRule + that fires when another LogInspectionRule belonging to a specific group fires. + type: list + elements: str + rule_description: + description: Description of the LogInspectionRule that appears on events and the + Content tab in the Deep Security Manager user interface. Alternatively, you + can configure this by inserting a description in 'rule_xml'. + type: str + pattern: + description: Regular expression pattern the LogInspectionRule will look for in + the logs. The rule will be triggered on a match. Open Source HIDS SEcurity (OSSEC) + regular expression syntax is supported, see http://www.ossec.net/docs/syntax/regex.html. + type: str + pattern_type: + description: Pattern the LogInspectionRule will look for in the logs. The string + matching pattern is faster than the regex pattern. + choices: [string, regex] + type: str + dependency: + description: Indicates if a dependant rule or dependency group is set or not. + If set, the LogInspectionRule will only log an event if the dependency is triggered. + Available for user-defined rules. + choices: [none, rule, group] + type: str + dependency_rule_id: + description: If dependency is configured, the ID of the rule that this rule is + dependant on. Ignored if the rule is from Trend Micro, which uses dependsOnRuleIDs + instead. + type: int + dependency_group: + description: If dependency is configured, the dependancy groups that this rule + is dependant on. + type: str + frequency: + description: Number of times the dependant rule has to match within a specific + time frame before the rule is triggered. + type: int + time_frame: + description: Time period for the frequency of LogInspectionRule triggers that + will generate an event, in seconds. + type: int + rule_xml: + description: LogInspectionRule in an XML format. For information on the XML format, + see http://ossec-docs.readthedocs.io/en/latest/syntax/head_rules.html + type: str + log_files: + description: Log file objects + type: dict + suboptions: + log_files: + description: Array of objects (logFile) + type: list + elements: dict + suboptions: + location: + description: File path of the log file. + type: str + format: + description: Structure of the data in the log file. The application that + generates the log file defines the structure of the data. + choices: [syslog, snort-full, snort-fast, apache, iis, squid, nmapg, mysql-log, + postgresql-log, dbj-multilog, eventlog, single-line-text-log] + type: str + alert_enabled: + description: Controls whether to raise an alert when a LogInspectionRule logs + an event. Use true to raise an alert. + type: bool + alert_minimum_severity: + description: Severity level that will trigger an alert. Ignored unless ruleXML + contains multiple rules with different severities, and so you must indicate + which severity level to use. + type: int + recommendations_mode: + description: Indicates whether recommendation scans consider the LogInspectionRule. + Can be set to enabled or ignored. Custom rules cannot be recommended. + choices: [enabled, ignored, unknown, disabled] + type: str + sort_order: + description: Order in which LogInspectionRules are sent to the Deep Security Agent. + Log inspeciton rules are sent in ascending order. Valid values are between 10000 + and 20000. + type: int + can_be_assigned_alone: + description: Indicates whether this LogInspectionRule can be allocated without + allocating any additional LogInspectionRules. Ignored if the rule is user-defined, + which uses dependency instead. + type: bool + depends_onrule_id: + description: IDs of LogInspectionRules, separated by commas, that are required + by this rule. Ignored if the rule is user-defined which uses dependency_rule_id + or dependency_group instead. + type: list + elements: str + state: + description: + - The state the configuration should be left in + type: str + choices: + - present + - absent + default: present +""" + +EXAMPLES = """ +- name: Create a new log inspection rule + trendmicro.deepsec.deepsec_log_inspectionrules: + state: present + name: custom log_rule for mysqld event + description: some description + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100001 + rule_description: test rule description + groups: + - test + alert_minimum_severity: 4 + alert_enabled: true + log_files: + log_files: + - location: /var/log/mysqld.log + format: mysql-log +- name: Delete/Remove the existing log inspection rule + trendmicro.deepsec.deepsec_log_inspectionrules: + state: absent + name: custom log_rule for mysqld event +""" + +from ansible.module_utils.six import iteritems +from ansible.module_utils.basic import AnsibleModule + +from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( + DeepSecurityRequest, + check_if_config_exists, + delete_config_with_id, +) +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( + remove_empties, +) + + +key_transform = { + "minimum_agent_version": "minimumAgentVersion", + "minimum_manager_version": "minimumManagerVersion", + "original_issue": "originalIssue", + "last_updated": "lastUpdated", + "rule_id": "ruleID", + "rule_description": "ruleDescription", + "pattern_type": "patternType", + "dependency_rule_id": "dependencyRuleID", + "dependency_group": "dependencyGroup", + "time_frame": "timeFrame", + "rule_xml": "ruleXML", + "alert_enabled": "alertEnabled", + "alert_minimum_severity": "alertMinimumSeverity", + "recommendations_mode": "recommendationsMode", + "sort_order": "sortOrder", + "can_be_assigned_alone": "canBeAssignedAlone", + "depends_onrule_id": "dependsOnRuleIDs", +} + + +def log_files_fn(module_params): + temp_obj = {} + temp_obj = {"logFiles": module_params.get("log_files")["log_files"]} + + return temp_obj + + +def map_params_to_obj(module_params): + obj = {} + obj["name"] = module_params["name"] + if module_params.get("description"): + obj["description"] = module_params.get("description") + if module_params.get("type"): + obj["type"] = module_params.get("type") + if module_params.get("identifier"): + obj["identifier"] = module_params.get("identifier") + if module_params.get("template"): + obj["template"] = module_params.get("template") + if module_params.get("level"): + obj["level"] = module_params.get("level") + if module_params.get("groups"): + obj["groups"] = module_params.get("groups") + if module_params.get("pattern"): + obj["pattern"] = module_params.get("pattern") + if module_params.get("dependency"): + obj["dependency"] = module_params.get("dependency") + if module_params.get("frequency"): + obj["frequency"] = module_params.get("frequency") + if module_params.get("log_files"): + obj["logFiles"] = log_files_fn(module_params) + for k, v in iteritems(key_transform): + if module_params.get(k): + obj[v] = module_params.get(k) + + return obj + + +def check_if_log_inspection_rules_exists(deepsec_request, log_inspection_name): + """The fn check if the log_inspection detect based on log_inspection name + :param deepsec_request: the objects from which the configuration should be read + :param log_inspection_name: log_inspection name with which log_inspection will be searched + in existing log_inspection configurations + :rtype: A dict + :returns: dict with search result value + """ + search_dict = {} + search_dict["searchCriteria"] = [] + temp_criteria = {} + temp_criteria["fieldName"] = "name" + temp_criteria["stringTest"] = "equal" + temp_criteria["stringValue"] = log_inspection_name + search_dict["searchCriteria"].append(temp_criteria) + + search_result = deepsec_request.post( + "/api/loginspectionrules/search", data=search_dict + ) + if search_result.get("logInspectionRules"): + return search_result[""][0] + return search_result + + +def delete_log_inspection_with_id(module, deepsec_request, log_inspection_id): + """The fn calls the delete API based on the log_inspection id + :param module: ansible module object + :param deepsec_request: connection obj for TM + :param log_inspection_id: log_inspection id for the log_inspection that's supposed to be deleted + value has dict as its value + :rtype: A dict + :returns: Based on API response this fn. exits with appropriate msg + """ + deepsec_request.delete( + "/api/loginspectionrules/{0}".format(log_inspection_id) + ) + module.exit_json( + msg=" with id: {0} deleted successfully!".format(log_inspection_id), + changed=True, + ) + + +def main(): + + log_files_spec_list = { + "location": dict(type="str"), + "format": dict( + type="str", + choices=[ + "syslog", + "snort-full", + "snort-fast", + "apache", + "iis", + "squid", + "nmapg", + "mysql-log", + "postgresql-log", + "dbj-multilog", + "eventlog", + "single-line-text-log", + ], + ), + } + + log_files_spec = { + "log_files": dict( + type="list", elements="dict", options=log_files_spec_list + ) + } + + argspec = dict( + state=dict(choices=["present", "absent"], default="present"), + name=dict(required=True, type="str"), + description=dict(type="str"), + minimum_agent_version=dict(type="str"), + minimum_manager_version=dict(type="str"), + type=dict(type="str"), + original_issue=dict(type="int"), + last_updated=dict(type="int"), + identifier=dict(type="str"), + template=dict(type="str", choices=["basic-rule", "custom"]), + rule_id=dict(type="int"), + level=dict(type="int"), + groups=dict(type="list", elements="str"), + rule_description=dict(type="str"), + pattern=dict(type="str"), + pattern_type=dict(type="str", choices=["string", "regex"]), + dependency=dict(type="str", choices=["none", "rule", "group"]), + dependency_rule_id=dict(type="int"), + dependency_group=dict(type="str"), + frequency=dict(type="int"), + time_frame=dict(type="int"), + rule_xml=dict(type="str"), + log_files=dict(type="dict", options=log_files_spec), + alert_enabled=dict(type="bool"), + alert_minimum_severity=dict(type="int"), + recommendations_mode=dict( + type="str", choices=["enabled", "ignored", "unknown", "disabled"] + ), + sort_order=dict(type="int"), + can_be_assigned_alone=dict(type="bool"), + depends_onrule_id=dict(type="list", elements="str"), + ) + + module = AnsibleModule(argument_spec=argspec, supports_check_mode=True) + deepsec_request = DeepSecurityRequest(module) + want = map_params_to_obj(remove_empties(module.params)) + + search_existing_log_inspection_rules = check_if_config_exists( + deepsec_request, + want["name"], + "loginspectionrules", + "logInspectionRules", + ) + + if ( + "ID" in search_existing_log_inspection_rules + and module.params["state"] == "absent" + ): + delete_config_with_id( + module, + deepsec_request, + "loginspectionrules", + search_existing_log_inspection_rules["ID"], + "logInspectionRules", + handle_return=True, + ) + elif ( + "ID" not in search_existing_log_inspection_rules + and module.params["state"] == "absent" + ): + module.exit_json(changed=False) + else: + log_inspection_rules = deepsec_request.post( + "/api/loginspectionrules", data=want + ) + if "ID" in search_existing_log_inspection_rules: + module.exit_json( + log_inspection_rules=search_existing_log_inspection_rules, + changed=False, + ) + elif log_inspection_rules.get("message"): + module.fail_json(msg=log_inspection_rules["message"]) + else: + module.exit_json( + log_inspection_rules=log_inspection_rules, changed=True + ) + module.exit_json(changed=False) + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/syslog_config.py b/plugins/modules/deepsec_syslog.py similarity index 58% rename from plugins/modules/syslog_config.py rename to plugins/modules/deepsec_syslog.py index 3912da2..6cb3286 100644 --- a/plugins/modules/syslog_config.py +++ b/plugins/modules/deepsec_syslog.py @@ -9,127 +9,126 @@ __metaclass__ = type -ANSIBLE_METADATA = { - "metadata_version": "1.1", - "status": ["preview"], - "supported_by": "community", -} - DOCUMENTATION = """ ---- -module: syslog_config -short_description: Configure or create a syslog configuration for TrendMicro Deep Security +module: deepsec_syslog +short_description: Configure or create a syslog configuration for TrendMicro Deep + Security description: - - Configure or create a syslog configuration for TrendMicro Deep Security -version_added: "2.9" +- Configure or create a syslog configuration for TrendMicro Deep Security +version_added: 1.0.0 +author: Ansible Security Automation Team (@justjais) options: name: description: - - The name for this syslog configuration. - required: true + - The name for this syslog configuration. type: str id: description: - - The ID of the syslog configuration (when editing an existing configuration). - required: true + - The ID of the syslog configuration (when editing an existing configuration). type: str description: description: - - The description for this syslog configuration. + - The description for this syslog configuration. type: str server: description: - - The destination server for syslog messages. - required: true + - The destination server for syslog messages. type: str port: description: - - The destination port for syslog messages. + - The destination port for syslog messages. type: int default: 514 transport: description: - - The transport to use when sending syslog messages. + - The transport to use when sending syslog messages. type: str choices: - - 'udp' - - 'tcp' - - 'tls' - default: 'udp' + - udp + - tcp + - tls + default: udp event_format: description: - - The event format to use when sending syslog messages. + - The event format to use when sending syslog messages. type: str choices: - - 'standard' - - 'cef' - - 'leef' - default: 'cef' + - standard + - cef + - leef + default: cef facility: description: - - The facility value to send with each syslog message. + - The facility value to send with each syslog message. type: str choices: - - 'kernel' - - 'user' - - 'mail' - - 'daemon' - - 'authorization' - - 'syslog' - - 'printer' - - 'news' - - 'uucp' - - 'clock' - - 'authpriv' - - 'ftp' - - 'ntp' - - 'log-audit' - - 'log-alert' - - 'cron' - - 'local0' - - 'local1' - - 'local2' - - 'local3' - - 'local4' - - 'local5' - - 'local6' - - 'local7' - default: 'local0' + - kernel + - user + - mail + - daemon + - authorization + - syslog + - printer + - news + - uucp + - clock + - authpriv + - ftp + - ntp + - log-audit + - log-alert + - cron + - local0 + - local1 + - local2 + - local3 + - local4 + - local5 + - local6 + - local7 + default: local0 private_key: description: - - The private key the Deep Security Manager will use when it contacts the syslog server over TLS. - - The private key must be an RSA key in PEM-encoded PKCS#1 or PKCS#8 format. - - To prevent accidental disclosure of the private key, the Deep Security Manager will not return this value; - therefore Ansible does not have access to it and it can only be used to set the private key. + - The private key the Deep Security Manager will use when it contacts the syslog + server over TLS. + - The private key must be an RSA key in PEM-encoded PKCS#1 or PKCS#8 format. + - To prevent accidental disclosure of the private key, the Deep Security Manager + will not return this value; therefore Ansible does not have access to it and + it can only be used to set the private key. type: str certificate_chain: description: - - The identity certificate chain the Deep Security Manager will use when it contacts the syslog server over TLS. - - The identity certificate must be the first certificate in the list, - followed by the certificate for the issuing certificate authority (if any) and continuing up the issuer chain. - - The root certificate authority's certificate does not need to be included. - - Each element in the list will be an unencrypted PEM-encoded certificate. + - The identity certificate chain the Deep Security Manager will use when it contacts + the syslog server over TLS. + - The identity certificate must be the first certificate in the list, followed + by the certificate for the issuing certificate authority (if any) and continuing + up the issuer chain. + - The root certificate authority's certificate does not need to be included. + - Each element in the list will be an unencrypted PEM-encoded certificate. type: list + elements: str direct: description: - - The "direct delivery from agent to syslog server" flag + - The "direct delivery from agent to syslog server" flag type: bool default: false -state: - description: - - The state the configuration should be left in - type: str - choices: - - present - - absent - default: present - -author: Ansible Security Automation Team (@justjais) " + state: + description: + - The state the configuration should be left in + - The state I(gathered) will make a get call to the module API and transform it + into structured data in the format as per the resource module argspec and the + value is returned in the I(gathered) key within the result. + type: str + choices: + - present + - absent + - gathered + default: present """ EXAMPLES = """ - name: Create/Config a new Syslog Config - trendmicro.deepsec.syslog_config: + trendmicro.deepsec.deepsec_syslog: state: present name: TEST_SYSLOG facility: local0 @@ -140,17 +139,12 @@ transport: udp description: Syslog Api request from Ansible - name: Delete/Remove the existing Syslog Config - trendmicro.deepsec.syslog_config: + trendmicro.deepsec.deepsec_syslog: state: absent name: TEST_SYSLOG """ -RETURN = """ -updates: - description: The set of commands that will be pushed to the remote device - returned: always -""" - +from ansible.module_utils.six import iteritems from ansible.module_utils.basic import AnsibleModule from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( DeepSecurityRequest, @@ -162,10 +156,31 @@ def check_if_syslog_config_exists( - deepsec_request, config_name, api_object, api_return + module, deepsec_request, config_name, api_object, api_return ): # parse syslog get output and search for want syslog name syslog_response = deepsec_request.get(api_object) + if syslog_response.get("error"): + module.fail_json(msg=syslog_response["error"]["message"]) + if module.params["state"] == "gathered": + if syslog_response: + key_transform = { + "ID": "id", + "eventFormat": "event_format", + "privateKey": "private_key", + "certificateChain": "certificate_chain", + } + for each in syslog_response["ListSyslogConfigurationsResponse"][ + "syslogConfigurations" + ]: + sorted(each) + for k, v in iteritems(key_transform): + if k in each: + each[v] = each[k] + each.pop(k) + return syslog_response["ListSyslogConfigurationsResponse"][ + "syslogConfigurations" + ] for k in syslog_response.values(): for each in k.get(api_return): if each.get("name") == config_name: @@ -203,9 +218,11 @@ def map_params_to_obj(module_params): def main(): argspec = dict( - state=dict(choices=["present", "absent"], required=True), - id=dict(type="int"), - name=dict(required=True, type="str"), + state=dict( + choices=["present", "absent", "gathered"], default="present" + ), + id=dict(type="str"), + name=dict(type="str"), description=dict(type="str"), server=dict(type="str"), port=dict(type="int", default=514), @@ -245,8 +262,8 @@ def main(): ], default="local0", ), - certificate_chain=dict(type="list"), - private_key=dict(type="str"), + certificate_chain=dict(type="list", elements="str"), + private_key=dict(type="str", no_log=True), direct=dict(type="bool", default=False), ) api_object = "/rest/syslog-configurations" @@ -256,10 +273,16 @@ def main(): module = AnsibleModule(argument_spec=argspec, supports_check_mode=True) deepsec_request = DeepSecurityRequest(module) + # Get the configured Syslog config when state is gathered + if module.params["state"] == "gathered": + result = check_if_syslog_config_exists( + module, deepsec_request, None, api_object, api_get_return + ) + module.exit_json(gathered=result, changed=False) want = map_params_to_obj(remove_empties(module.params)) # Search for existing syslog config via Get call search_existing_syslog_config = check_if_syslog_config_exists( - deepsec_request, want["name"], api_object, api_get_return + module, deepsec_request, want["name"], api_object, api_get_return ) if ( @@ -273,6 +296,7 @@ def main(): search_existing_syslog_config["ID"], api_return, False, + handle_return=True, ) elif ( "ID" not in search_existing_syslog_config diff --git a/plugins/modules/deepsec_system_settings.py b/plugins/modules/deepsec_system_settings.py new file mode 100644 index 0000000..8edd1a7 --- /dev/null +++ b/plugins/modules/deepsec_system_settings.py @@ -0,0 +1,2994 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2020 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +DOCUMENTATION = """ +module: deepsec_system_settings +short_description: Modify the system settings for TrendMicro Deep Security. +description: +- This module modifies system settings under TrendMicro Deep Security. +version_added: "1.1.0" +options: + config: + description: System settings config + type: dict + suboptions: + name: + description: System Settings name + type: list + elements: str + platform_setting_saml_identity_provider_certificate_expiry_warning_daysr: + description: platform setting saml identity provider certificate expiry warning + days + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '30' + platform_setting_update_agent_security_on_missing_deep_security_manager_enabled: + description: platform setting update agent security on missing deep security + manager enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_ddan_manual_source_server_url: + description: platform setting ddan manual source server url + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_load_balancer_manager_port: + description: platform setting load balancer manager port + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '4119' + platform_setting_smart_protection_feedback_threat_detections_threshold: + description: platform setting smart protection feedback threat detections + threshold + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '10' + platform_setting_primary_tenant_allow_tenant_run_port_scan_enabled: + description: platform setting primary tenant allow tenant run port scan enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + intrusion_prevention_setting_event_rank_severity_filter_medium: + description: intrusion prevention setting event rank severity filter medium + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '25' + firewall_setting_intranet_connectivity_test_expected_content_regex: + description: firewall setting intranet connectivity test expected content + regex + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_event_forwarding_sns_enabled: + description: platform setting event forwarding sns enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_tenant_auto_revoke_impersonation_by_primary_tenant_timeout: + description: platform setting tenant auto revoke impersonation by primary + tenant timeout + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 4 Hours + web_reputation_setting_event_rank_risk_blocked_by_administrator_rank: + description: web reputation setting event rank risk blocked by administrator + rank + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '100' + platform_setting_primary_tenant_lock_and_hide_tenant_storage_tab_enabled: + description: platform setting primary tenant lock and hide tenant storage + tab enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + anti_malware_setting_event_email_recipients: + description: anti malware setting event email recipients + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_primary_tenant_allow_tenant_use_default_relay_group_enabled: + description: platform setting primary tenant allow tenant use default relay + group enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_http_strict_transport_enabled: + description: platform setting http strict transport enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + firewall_setting_intranet_connectivity_test_url: + description: firewall setting intranet connectivity test url + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_primary_tenant_allow_tenant_configure_sns_enabled: + description: platform setting primary tenant allow tenant configure sns enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_tenant_use_default_relay_group_from_primary_tenant_enabled: + description: platform setting tenant use default relay group from primary + tenant enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_exported_diagnostic_package_locale: + description: platform setting exported diagnostic package locale + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: en_US + intrusion_prevention_setting_event_rank_severity_filter_critical: + description: intrusion prevention setting event rank severity filter critical + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '100' + platform_setting_update_imported_software_auto_download_enabled: + description: platform setting update imported software auto download enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_demo_mode_enabled: + description: platform setting demo mode enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_user_enforce_terms_and_conditions_message: + description: platform setting user enforce terms and conditions message + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_trend_micro_xdr_common_log_receiver_url: + description: platform setting trend micro xdr common log receiver url + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_managed_detect_response_company_guid: + description: platform setting managed detect response company guid + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_alert_default_email_address: + description: platform setting alert default email address + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_agent_initiated_activation_reactivate_cloned_enabled: + description: platform setting agent initiated activation reactivate cloned + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_managed_detect_response_server_url: + description: platform setting managed detect response server url + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_primary_tenant_share_managed_detect_responses_enabled: + description: platform setting primary tenant share managed detect responses + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_saml_service_provider_certificate: + description: platform setting saml service provider certificate + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_syslog_config_id: + description: platform setting syslog config id + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '0' + platform_setting_smtp_start_tls_enabled: + description: platform setting smtp start tls enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_user_password_require_letters_and_numbers_enabled: + description: platform setting user password require letters and numbers enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_primary_tenant_allow_tenant_synchronize_ldap_directories_enabled: + description: platform setting primary tenant allow tenant synchronize ldap + directories enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_load_balancer_relay_port: + description: platform setting load balancer relay port + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '4122' + platform_setting_managed_detect_response_enabled: + description: platform setting managed detect response enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_update_rules_policy_auto_apply_enabled: + description: platform setting update rules policy auto apply enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_primary_tenant_allow_tenant_configure_forgot_password_enabled: + description: platform setting primary tenant allow tenant configure forgot + password enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_user_password_require_not_same_as_username_enabled: + description: platform setting user password require not same as username enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + log_inspection_setting_event_rank_severity_medium: + description: log inspection setting event rank severity medium + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '25' + anti_malware_setting_retain_event_duration: + description: anti malware setting retain event duration + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 7 Days + platform_setting_update_agent_security_contact_primary_source_on_missing_relay_enabled: + description: platform setting update agent security contact primary source + on missing relay enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + firewall_setting_event_rank_severity_log_only: + description: firewall setting event rank severity log only + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '1' + platform_setting_primary_tenant_lock_and_hide_tenant_data_privacy_option_enabled: + description: platform setting primary tenant lock and hide tenant data privacy + option enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + application_control_setting_retain_event_duration: + description: application control setting retain event duration + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 7 Days + platform_setting_api_soap_web_service_enabled: + description: platform setting api soap web service enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_saml_service_provider_private_key: + description: platform setting saml service provider private key + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_windows_upgrade_on_activation_enabled: + description: platform setting windows upgrade on activation enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_system_event_forwarding_snmp_port: + description: platform setting system event forwarding snmp port + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '162' + firewall_setting_event_rank_severity_deny: + description: firewall setting event rank severity deny + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '100' + intrusion_prevention_setting_event_rank_severity_filter_low: + description: intrusion prevention setting event rank severity filter low + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '1' + platform_setting_primary_tenant_allow_tenant_control_impersonation_enabled: + description: platform setting primary tenant allow tenant control impersonation + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_recommendation_cpu_usage_level: + description: platform setting recommendation cpu usage level + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: High + platform_setting_managed_detect_response_service_token: + description: platform setting managed detect response service token + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_load_balancer_heartbeat_address: + description: platform setting load balancer heartbeat address + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_trend_micro_xdr_api_user: + description: platform setting trend micro xdr api user + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_content_security_policy_report_only_enabled: + description: platform setting content security policy report only enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + log_inspection_setting_retain_event_duration: + description: log inspection setting retain event duration + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 7 Days + platform_setting_tenant_auto_revoke_impersonation_by_primary_tenant_enabled: + description: platform setting tenant auto revoke impersonation by primary + tenant enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + anti_malware_setting_event_email_body_template: + description: anti malware setting event email body template + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_retain_security_updates_max: + description: platform setting retain security updates max + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '10' + platform_setting_connected_threat_defense_control_manager_source_option: + description: platform setting connected threat defense control manager source + option + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: Manually select an Apex Central server + anti_malware_setting_event_email_enabled: + description: anti malware setting event email enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_update_agent_software_use_download_center_on_missing_deep_security_manager_enabled: + description: platform setting update agent software use download center on + missing deep security manager enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_recommendation_ongoing_scans_enabled: + description: platform setting recommendation ongoing scans enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_agent_initiated_activation_token: + description: platform setting agent initiated activation token + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_user_password_length_min: + description: platform setting user password length min + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '8' + platform_setting_primary_tenant_allow_tenant_database_state: + description: platform setting primary tenant allow tenant database state + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '10' + platform_setting_aws_manager_identity_use_instance_role_enabled: + description: platform setting aws manager identity use instance role enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_content_security_policy: + description: platform setting content security policy + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_product_usage_data_collection_enabled: + description: platform setting product usage data collection enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_alert_agent_update_pending_threshold: + description: platform setting alert agent update pending threshold + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 7 Days + platform_setting_user_password_require_special_characters_enabled: + description: platform setting user password require special characters enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_update_appliance_default_agent_version: + description: platform setting update appliance default agent version + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_system_event_forwarding_snmp_enabled: + description: platform setting system event forwarding snmp enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_smtp_bounce_email_address: + description: platform setting smtp bounce email address + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_update_relay_security_support_agent_9and_earlier_enabled: + description: platform setting update relay security support agent and earlier + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_managed_detect_response_proxy_id: + description: platform setting managed detect response proxy id + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_trend_micro_xdr_log_server_url: + description: platform setting trend micro xdr log server url + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_inactive_agent_cleanup_enabled: + description: platform setting inactive agent cleanup enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_load_balancer_relay_address: + description: platform setting load balancer relay address + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_http_public_key_pin_policy: + description: platform setting http public key pin policy + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_user_session_idle_timeout: + description: platform setting user session idle timeout + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 30 Minutes + anti_malware_setting_event_email_subject: + description: anti malware setting event email subject + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_connected_threat_defense_control_manager_use_proxy_enabled: + description: platform setting connected threat defense control manager use + proxy enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_user_enforce_terms_and_conditions_enabled: + description: platform setting user enforce terms and conditions enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_aws_manager_identity_access_key: + description: platform setting aws manager identity access key + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_connected_threat_defense_control_manager_proxy_id: + description: platform setting connected threat defense control manager proxy + id + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_tenant_allow_impersonation_by_primary_tenant_enabled: + description: platform setting tenant allow impersonation by primary tenant + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_connected_threat_defense_control_manager_manual_source_server_url: + description: platform setting connected threat defense control manager manual + source server url + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_user_password_require_mixed_case_enabled: + description: platform setting user password require mixed case enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_trend_micro_xdr_identity_provider_api_url: + description: platform setting trend micro xdr identity provider api url + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_smart_protection_feedback_for_suspicious_file_enabled: + description: platform setting smart protection feedback for suspicious file + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_primary_tenant_allow_tenant_configure_snmp_enabled: + description: platform setting primary tenant allow tenant configure snmp enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_smart_protection_feedback_industry_type: + description: platform setting smart protection feedback industry type + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: Not specified + web_reputation_setting_retain_event_duration: + description: web reputation setting retain event duration + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 7 Days + platform_setting_retain_server_log_duration: + description: platform setting retain server log duration + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 7 Days + integrity_monitoring_setting_event_rank_severity_medium: + description: integrity monitoring setting event rank severity medium + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '25' + platform_setting_proxy_manager_cloud_proxy_id: + description: platform setting proxy manager cloud proxy id + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_update_relay_security_all_regions_patterns_download_enabled: + description: platform setting update relay security all regions patterns download + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_ddan_submission_enabled: + description: platform setting ddan submission enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + web_reputation_setting_event_rank_risk_suspicious: + description: web reputation setting event rank risk suspicious + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '25' + integrity_monitoring_setting_event_rank_severity_critical: + description: integrity monitoring setting event rank severity critical + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '100' + platform_setting_smtp_from_email_address: + description: platform setting smtp from email address + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + firewall_setting_global_stateful_config_id: + description: firewall setting global stateful config id + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '0' + platform_setting_event_forwarding_sns_topic_arn: + description: platform setting event forwarding sns topic arn + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + firewall_setting_internet_connectivity_test_expected_content_regex: + description: firewall setting internet connectivity test expected content + regex + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_connected_threat_defense_control_manager_manual_source_api_key: + description: platform setting connected threat defense control manager manual + source api key + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_load_balancer_manager_address: + description: platform setting load balancer manager address + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_update_security_primary_source_mode: + description: platform setting update security primary source mode + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: Trend Micro ActiveUpdate Server + platform_setting_primary_tenant_share_connected_threat_defenses_enabled: + description: platform setting primary tenant share connected threat defenses + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + web_reputation_setting_event_rank_risk_dangerous: + description: web reputation setting event rank risk dangerous + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '100' + platform_setting_load_balancer_heartbeat_port: + description: platform setting load balancer heartbeat port + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '4120' + platform_setting_user_hide_unlicensed_modules_enabled: + description: platform setting user hide unlicensed modules enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_capture_encrypted_traffic_enabled: + description: platform setting capture encrypted traffic enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_retain_system_event_duration: + description: platform setting retain system event duration + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 53 weeks + platform_setting_user_password_expiry: + description: platform setting user password expiry + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: Never + platform_setting_smart_protection_feedback_enabled: + description: platform setting smart protection feedback enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + integrity_monitoring_setting_retain_event_duration: + description: integrity monitoring setting retain event duration + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 7 Days + platform_setting_primary_tenant_allow_tenant_use_scheduled_run_script_task_enabled: + description: platform setting primary tenant allow tenant use scheduled run + script task enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + log_inspection_setting_event_rank_severity_critical: + description: log inspection setting event rank severity critical + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '100' + platform_setting_primary_tenant_lock_and_hide_tenant_smtp_tab_enabled: + description: platform setting primary tenant lock and hide tenant smtp tab + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_ddan_proxy_id: + description: platform setting ddan proxy id + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_agent_initiated_activation_within_ip_list_id: + description: platform setting agent initiated activation within ip list id + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_update_security_primary_source_url: + description: platform setting update security primary source url + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: http:// + platform_setting_agentless_vcloud_protection_enabled: + description: platform setting agentless vcloud protection enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_linux_upgrade_on_activation_enabled: + description: platform setting linux upgrade on activation enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_trend_micro_xdr_enabled: + description: platform setting trend micro xdr enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_active_sessions_max_exceeded_action: + description: platform setting active sessions max exceeded action + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: Block new sessions + platform_setting_update_hostname_on_ip_change_enabled: + description: platform setting update hostname on ip change enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + log_inspection_setting_event_rank_severity_high: + description: log inspection setting event rank severity high + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '50' + platform_setting_smtp_requires_authentication_enabled: + description: platform setting smtp requires authentication enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_active_sessions_max: + description: platform setting active sessions max + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '10' + platform_setting_aws_external_id_retrieval_enabled: + description: platform setting aws external id retrieval enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + log_inspection_setting_event_rank_severity_low: + description: log inspection setting event rank severity low + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '1' + platform_setting_azure_sso_certificate: + description: platform setting azure sso certificate + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_smtp_username: + description: platform setting smtp username + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_event_forwarding_sns_advanced_config_enabled: + description: platform setting event forwarding sns advanced config enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + firewall_setting_internet_connectivity_test_interval: + description: firewall setting internet connectivity test interval + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 10 Seconds + platform_setting_whois_url: + description: platform setting whois url + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_ddan_source_option: + description: platform setting ddan source option + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: Manually select a Deep Discovery Analyzer server + platform_setting_connected_threat_defense_control_manager_suspicious_object_list_comparison_enabled: + description: platform setting connected threat defense control manager suspicious + object list comparison enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_exported_file_character_encoding: + description: platform setting exported file character encoding + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: US-ASCII + platform_setting_user_session_duration_max: + description: platform setting user session duration max + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: No Limit + platform_setting_update_software_alternate_update_server_urls: + description: platform setting update software alternate update server urls + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_retain_counters_duration: + description: platform setting retain counters duration + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 13 Weeks + platform_setting_primary_tenant_allow_tenant_run_computer_discovery_enabled: + description: platform setting primary tenant allow tenant run computer discovery + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_smart_protection_feedback_interval: + description: platform setting smart protection feedback interval + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '5' + platform_setting_system_event_forwarding_snmp_address: + description: platform setting system event forwarding snmp address + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_smtp_server_address: + description: platform setting smtp server address + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_primary_tenant_allow_tenant_configure_siem_enabled: + description: platform setting primary tenant allow tenant configure siem enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_smtp_password: + description: platform setting smtp password + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_event_forwarding_sns_config_json: + description: platform setting event forwarding sns config json + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + firewall_setting_retain_event_duration: + description: firewall setting retain event duration + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 7 Days + web_reputation_setting_event_rank_risk_untested: + description: web reputation setting event rank risk untested + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '25' + platform_setting_managed_detect_response_use_proxy_enabled: + description: platform setting managed detect response use proxy enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_event_forwarding_sns_secret_key: + description: platform setting event forwarding sns secret key + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_logo_binary_image_img: + description: platform setting logo binary image img + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_aws_manager_identity_secret_key: + description: platform setting aws manager identity secret key + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + web_reputation_setting_event_rank_risk_highly_suspicious: + description: web reputation setting event rank risk highly suspicious + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '50' + platform_setting_api_status_monitoring_enabled: + description: platform setting api status monitoring enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_sign_in_page_message: + description: platform setting sign in page message + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_user_password_expiry_send_email_enabled: + description: platform setting user password expiry send email enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_user_sign_in_attempts_allowed_number: + description: platform setting user sign in attempts allowed number + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '5' + platform_setting_ddan_use_proxy_enabled: + description: platform setting ddan use proxy enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_agent_initiated_activation_enabled: + description: platform setting agent initiated activation enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: For any computers + platform_setting_primary_tenant_allow_tenant_configure_remember_me_option_enabled: + description: platform setting primary tenant allow tenant configure remember + me option enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_smart_protection_feedback_bandwidth_max_kbytes: + description: platform setting smart protection feedback bandwidth max kbytes + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '32' + firewall_setting_event_rank_severity_packet_rejection: + description: firewall setting event rank severity packet rejection + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '50' + platform_setting_proxy_manager_update_proxy_id: + description: platform setting proxy manager update proxy id + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_managed_detect_response_use_primary_tenant_settings_enabled: + description: platform setting managed detect response use primary tenant settings + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_event_forwarding_sns_access_key: + description: platform setting event forwarding sns access key + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_agent_initiated_activation_specify_hostname_enabled: + description: platform setting agent initiated activation specify hostname + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_primary_tenant_allow_tenant_sync_with_cloud_account_enabled: + description: platform setting primary tenant allow tenant sync with cloud + account enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_connected_threat_defenses_use_primary_tenant_server_settings_enabled: + description: platform setting connected threat defenses use primary tenant + server settings enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_inactive_agent_cleanup_duration: + description: platform setting inactive agent cleanup duration + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 1 Month + platform_setting_agent_initiated_activation_duplicate_hostname_mode: + description: platform setting agent initiated activation duplicate hostname + mode + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: Re-activate the existing Computer + platform_setting_vmware_nsx_manager_node: + description: platform setting vmware nsx manager node + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '1' + platform_setting_user_enforce_terms_and_conditions_title: + description: platform setting user enforce terms and conditions title + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_primary_tenant_allow_tenant_add_vmware_vcenter_enabled: + description: platform setting primary tenant allow tenant add vmware vcenter + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_new_tenant_download_security_update_enabled: + description: platform setting new tenant download security update enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_tenant_protection_usage_monitoring_computer_id_3: + description: platform setting tenant protection usage monitoring computer + id 3 + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: Platform + platform_setting_agent_initiated_activation_reactivate_unknown_enabled: + description: platform setting agent initiated activation reactivate unknown + enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_tenant_protection_usage_monitoring_computer_id_2: + description: platform setting tenant protection usage monitoring computer + id 2 + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: Last Used IP Address + platform_setting_agent_initiated_activation_policy_id: + description: platform setting agent initiated activation policy id + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_tenant_protection_usage_monitoring_computer_id_1: + description: platform setting tenant protection usage monitoring computer + id 1 + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: Hostname + platform_setting_trend_micro_xdr_api_server_url: + description: platform setting trend micro xdr api server url + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_retain_agent_installers_per_platform_max: + description: platform setting retain agent installers per platform max + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '5' + application_control_setting_serve_rulesets_from_relays_enabled: + description: application control setting serve rulesets from relays enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + integrity_monitoring_setting_event_rank_severity_high: + description: integrity monitoring setting event rank severity high + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '50' + platform_setting_saml_retain_inactive_external_administrators_duration: + description: platform setting saml retain inactive external administrators + duration + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '365' + intrusion_prevention_setting_retain_event_duration: + description: intrusion prevention setting retain event duration + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 7 Days + platform_setting_http_public_key_pin_policy_report_only_enabled: + description: platform setting http public key pin policy report only enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'true' + platform_setting_saml_service_provider_name: + description: platform setting saml service provider name + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + firewall_setting_internet_connectivity_test_url: + description: firewall setting internet connectivity test url + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_saml_service_provider_certificate_expiry_warning_days: + description: platform setting saml service provider certificate expiry warning + days + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '30' + platform_setting_proxy_agent_update_proxy_id: + description: platform setting proxy agent update proxy id + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_ddan_auto_submission_enabled: + description: platform setting ddan auto submission enabled + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: 'false' + platform_setting_ddan_manual_source_api_key: + description: platform setting ddan manual source api key + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_saml_service_provider_entity_id: + description: platform setting saml service provider entity id + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + intrusion_prevention_setting_event_rank_severity_filter_error: + description: intrusion prevention setting event rank severity filter error + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '100' + intrusion_prevention_setting_event_rank_severity_filter_high: + description: intrusion prevention setting event rank severity filter high + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '50' + platform_setting_trend_micro_xdr_api_key: + description: platform setting trend micro xdr api key + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + integrity_monitoring_setting_event_rank_severity_low: + description: integrity monitoring setting event rank severity low + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + default: '1' + platform_setting_trend_micro_xdr_company_id: + description: platform setting trend micro xdr company id + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_allow_packet_data_capture_in_network_events: + description: + - platform setting that allows packet data capture in network_events + - Applicaple only with GET call + - Not applicaple param with Create/Modify POST call + type: dict + suboptions: + value: + description: Value of a Setting. + type: str + platform_setting_dsm_as_xbc_agent_feature_enabled: + description: + - platform setting dsm as xbc agent feature enabled + - Applicaple only with GET call + - Not applicaple param with Create/Modify POST call + type: dict + suboptions: + value: + description: Value of a Setting. + type: bool + state: + description: + - The state the configuration should be left in + - The state I(gathered) will get the module API configuration from the device + and transform it into structured data in the format as per the module argspec + and the value is returned in the I(gathered) key within the result. + type: str + choices: + - present + - absent + - gathered + default: present +author: Ansible Security Automation Team (@justjais) " +""" + +EXAMPLES = """ + +- name: Apply the input config to System Settings config + trendmicro.deepsec.deepsec_system_settings: + state: present + config: + platform_setting_syslog_config_id: + value: 12 + platform_setting_http_strict_transport_enabled: + value: true + platform_setting_demo_mode_enabled: + value: true +- name: Reset/Delete the input System Settings Config + trendmicro.deepsec.deepsec_system_settings: + state: absent + config: + name: + - platform_setting_syslog_config_id + - platform_setting_http_strict_transport_enabled + - platform_setting_demo_mode_enabled + +# Play Run: +# ========= +# +# "system_settings": { +# "after": { +# "platform_setting_demo_mode_enabled": { +# "value": "false" +# }, +# "platform_setting_http_strict_transport_enabled": { +# "value": "false" +# }, +# "platform_setting_syslog_config_id": { +# "value": "0" +# } +# }, +# "before": { +# "platform_setting_demo_mode_enabled": { +# "value": "true" +# }, +# "platform_setting_http_strict_transport_enabled": { +# "value": "true" +# }, +# "platform_setting_syslog_config_id": { +# "value": "12" +# } +# } +# } + +- name: Gather/Get System Settings by System Settings Name + trendmicro.deepsec.deepsec_system_settings: + state: gathered + config: + name: + - platform_setting_syslog_config_id + - platform_setting_http_strict_transport_enabled + - platform_setting_demo_mode_enabled + +# Play Run: +# ========= +# +# "gathered": { +# "config": { +# "platform_setting_demo_mode_enabled": { +# "value": "false" +# }, +# "platform_setting_http_strict_transport_enabled": { +# "value": "false" +# }, +# "platform_setting_syslog_config_id": { +# "value": "0" +# } +# } +# } + +- name: Gather/Get the complete System Settings + trendmicro.deepsec.deepsec_system_settings: + state: gathered +""" + +from ansible.module_utils.six import iteritems +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( + DeepSecurityRequest, + delete_config_with_id, + map_obj_to_params, +) +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) + + +key_transform = { + "platform_setting_saml_identity_provider_certificate_expiry_warning_daysr": "platformSettingSamlIdentityProviderCertificateExpiryWarningDays", + "platform_setting_allow_packet_data_capture_in_network_events": "platformSettingAllowPacketDataCaptureInNetworkEvents", + "platform_setting_dsm_as_xbc_agent_feature_enabled": "platformSettingDsmAsXbcAgentFeatureEnabled", + "platform_setting_update_agent_security_on_missing_deep_security_manager_enabled": "platformSettingUpdateAgentSecurityOnMissingDeepSecurityManagerEnabled", + "platform_setting_ddan_manual_source_server_url": "platformSettingDdanManualSourceServerUrl", + "platform_setting_load_balancer_manager_port": "platformSettingLoadBalancerManagerPort", + "platform_setting_smart_protection_feedback_threat_detections_threshold": "platformSettingSmartProtectionFeedbackThreatDetectionsThreshold", + "platform_setting_primary_tenant_allow_tenant_run_port_scan_enabled": "platformSettingPrimaryTenantAllowTenantRunPortScanEnabled", + "intrusion_prevention_setting_event_rank_severity_filter_medium": "intrusionPreventionSettingEventRankSeverityFilterMedium", + "firewall_setting_intranet_connectivity_test_expected_content_regex": "firewallSettingIntranetConnectivityTestExpectedContentRegex", + "platform_setting_event_forwarding_sns_enabled": "platformSettingEventForwardingSnsEnabled", + "platform_setting_tenant_auto_revoke_impersonation_by_primary_tenant_timeout": "platformSettingTenantAutoRevokeImpersonationByPrimaryTenantTimeout", + "web_reputation_setting_event_rank_risk_blocked_by_administrator_rank": "webReputationSettingEventRankRiskBlockedByAdministratorRank", + "platform_setting_primary_tenant_lock_and_hide_tenant_storage_tab_enabled": "platformSettingPrimaryTenantLockAndHideTenantStorageTabEnabled", + "anti_malware_setting_event_email_recipients": "antiMalwareSettingEventEmailRecipients", + "platform_setting_primary_tenant_allow_tenant_use_default_relay_group_enabled": "platformSettingPrimaryTenantAllowTenantUseDefaultRelayGroupEnabled", + "platform_setting_http_strict_transport_enabled": "platformSettingHttpStrictTransportEnabled", + "firewall_setting_intranet_connectivity_test_url": "firewallSettingIntranetConnectivityTestUrl", + "platform_setting_primary_tenant_allow_tenant_configure_sns_enabled": "platformSettingPrimaryTenantAllowTenantConfigureSnsEnabled", + "platform_setting_tenant_use_default_relay_group_from_primary_tenant_enabled": "platformSettingTenantUseDefaultRelayGroupFromPrimaryTenantEnabled", + "platform_setting_exported_diagnostic_package_locale": "platformSettingExportedDiagnosticPackageLocale", + "intrusion_prevention_setting_event_rank_severity_filter_critical": "intrusionPreventionSettingEventRankSeverityFilterCritical", + "platform_setting_update_imported_software_auto_download_enabled": "platformSettingUpdateImportedSoftwareAutoDownloadEnabled", + "platform_setting_demo_mode_enabled": "platformSettingDemoModeEnabled", + "platform_setting_user_enforce_terms_and_conditions_message": "platformSettingUserEnforceTermsAndConditionsMessage", + "platform_setting_trend_micro_xdr_common_log_receiver_url": "platformSettingTrendMicroXdrCommonLogReceiverUrl", + "platform_setting_managed_detect_response_company_guid": "platformSettingManagedDetectResponseCompanyGuid", + "platform_setting_alert_default_email_address": "platformSettingAlertDefaultEmailAddress", + "platform_setting_agent_initiated_activation_reactivate_cloned_enabled": "platformSettingAgentInitiatedActivationReactivateClonedEnabled", + "platform_setting_managed_detect_response_server_url": "platformSettingManagedDetectResponseServerUrl", + "platform_setting_primary_tenant_share_managed_detect_responses_enabled": "platformSettingPrimaryTenantShareManagedDetectResponsesEnabled", + "platform_setting_saml_service_provider_certificate": "platformSettingSamlServiceProviderCertificate", + "platform_setting_syslog_config_id": "platformSettingSyslogConfigId", + "platform_setting_smtp_start_tls_enabled": "platformSettingSmtpStartTlsEnabled", + "platform_setting_user_password_require_letters_and_numbers_enabled": "platformSettingUserPasswordRequireLettersAndNumbersEnabled", + "platform_setting_primary_tenant_allow_tenant_synchronize_ldap" + + "_directories_enabled": "platformSettingPrimaryTenantAllowTenantSynchronizeLdapDirectoriesEnabled", + "platform_setting_load_balancer_relay_port": "platformSettingLoadBalancerRelayPort", + "platform_setting_managed_detect_response_enabled": "platformSettingManagedDetectResponseEnabled", + "platform_setting_update_rules_policy_auto_apply_enabled": "platformSettingUpdateRulesPolicyAutoApplyEnabled", + "platform_setting_primary_tenant_allow_tenant_configure_forgot_password_enabled": "platformSettingPrimaryTenantAllowTenantConfigureForgotPasswordEnabled", + "platform_setting_user_password_require_not_same_as_username_enabled": "platformSettingUserPasswordRequireNotSameAsUsernameEnabled", + "log_inspection_setting_event_rank_severity_medium": "logInspectionSettingEventRankSeverityMedium", + "anti_malware_setting_retain_event_duration": "antiMalwareSettingRetainEventDuration", + "platform_setting_update_agent_security_contact_primary_source_on_missing_relay" + + "_enabled": "platformSettingUpdateAgentSecurityContactPrimarySourceOnMissingRelayEnabled", + "firewall_setting_event_rank_severity_log_only": "firewallSettingEventRankSeverityLogOnly", + "platform_setting_primary_tenant_lock_and_hide_tenant_data_privacy_option_enabled": "platformSettingPrimaryTenantLockAndHideTenantDataPrivacyOptionEnabled", + "application_control_setting_retain_event_duration": "applicationControlSettingRetainEventDuration", + "platform_setting_api_soap_web_service_enabled": "platformSettingApiSoapWebServiceEnabled", + "platform_setting_saml_service_provider_private_key": "platformSettingSamlServiceProviderPrivateKey", + "platform_setting_windows_upgrade_on_activation_enabled": "platformSettingWindowsUpgradeOnActivationEnabled", + "platform_setting_system_event_forwarding_snmp_port": "platformSettingSystemEventForwardingSnmpPort", + "firewall_setting_event_rank_severity_deny": "firewallSettingEventRankSeverityDeny", + "intrusion_prevention_setting_event_rank_severity_filter_low": "intrusionPreventionSettingEventRankSeverityFilterLow", + "platform_setting_primary_tenant_allow_tenant_control_impersonation_enabled": "platformSettingPrimaryTenantAllowTenantControlImpersonationEnabled", + "platform_setting_recommendation_cpu_usage_level": "platformSettingRecommendationCpuUsageLevel", + "platform_setting_managed_detect_response_service_token": "platformSettingManagedDetectResponseServiceToken", + "platform_setting_load_balancer_heartbeat_address": "platformSettingLoadBalancerHeartbeatAddress", + "platform_setting_trend_micro_xdr_api_user": "platformSettingTrendMicroXdrApiUser", + "platform_setting_content_security_policy_report_only_enabled": "platformSettingContentSecurityPolicyReportOnlyEnabled", + "log_inspection_setting_retain_event_duration": "logInspectionSettingRetainEventDuration", + "platform_setting_tenant_auto_revoke_impersonation_by_primary_tenant_enabled": "platformSettingTenantAutoRevokeImpersonationByPrimaryTenantEnabled", + "anti_malware_setting_event_email_body_template": "antiMalwareSettingEventEmailBodyTemplate", + "platform_setting_retain_security_updates_max": "platformSettingRetainSecurityUpdatesMax", + "platform_setting_connected_threat_defense_control_manager_source_option": "platformSettingConnectedThreatDefenseControlManagerSourceOption", + "anti_malware_setting_event_email_enabled": "antiMalwareSettingEventEmailEnabled", + "platform_setting_update_agent_software_use_download_center_on_missing_deep_security" + + "_manager_enabled": "platformSettingUpdateAgentSoftwareUseDownloadCenterOnMissingDeepSecurityManagerEnabled", + "platform_setting_recommendation_ongoing_scans_enabled": "platformSettingRecommendationOngoingScansEnabled", + "platform_setting_agent_initiated_activation_token": "platformSettingAgentInitiatedActivationToken", + "platform_setting_user_password_length_min": "platformSettingUserPasswordLengthMin", + "platform_setting_primary_tenant_allow_tenant_database_state": "platformSettingPrimaryTenantAllowTenantDatabaseState", + "platform_setting_aws_manager_identity_use_instance_role_enabled": "platformSettingAwsManagerIdentityUseInstanceRoleEnabled", + "platform_setting_content_security_policy": "platformSettingContentSecurityPolicy", + "platform_setting_product_usage_data_collection_enabled": "platformSettingProductUsageDataCollectionEnabled", + "platform_setting_alert_agent_update_pending_threshold": "platformSettingAlertAgentUpdatePendingThreshold", + "platform_setting_user_password_require_special_characters_enabled": "platformSettingUserPasswordRequireSpecialCharactersEnabled", + "platform_setting_update_appliance_default_agent_version": "platformSettingUpdateApplianceDefaultAgentVersion", + "platform_setting_system_event_forwarding_snmp_enabled": "platformSettingSystemEventForwardingSnmpEnabled", + "platform_setting_smtp_bounce_email_address": "platformSettingSmtpBounceEmailAddress", + "platform_setting_update_relay_security_support_agent_9and_earlier_enabled": "platformSettingUpdateRelaySecuritySupportAgent9AndEarlierEnabled", + "platform_setting_managed_detect_response_proxy_id": "platformSettingManagedDetectResponseProxyId", + "platform_setting_trend_micro_xdr_log_server_url": "platformSettingTrendMicroXdrLogServerUrl", + "platform_setting_inactive_agent_cleanup_enabled": "platformSettingInactiveAgentCleanupEnabled", + "platform_setting_load_balancer_relay_address": "platformSettingLoadBalancerRelayAddress", + "platform_setting_http_public_key_pin_policy": "platformSettingHttpPublicKeyPinPolicy", + "platform_setting_user_session_idle_timeout": "platformSettingUserSessionIdleTimeout", + "anti_malware_setting_event_email_subject": "antiMalwareSettingEventEmailSubject", + "platform_setting_connected_threat_defense_control_manager_use_proxy_enabled": "platformSettingConnectedThreatDefenseControlManagerUseProxyEnabled", + "platform_setting_user_enforce_terms_and_conditions_enabled": "platformSettingUserEnforceTermsAndConditionsEnabled", + "platform_setting_aws_manager_identity_access_key": "platformSettingAwsManagerIdentityAccessKey", + "platform_setting_connected_threat_defense_control_manager_proxy_id": "platformSettingConnectedThreatDefenseControlManagerProxyId", + "platform_setting_tenant_allow_impersonation_by_primary_tenant_enabled": "platformSettingTenantAllowImpersonationByPrimaryTenantEnabled", + "platform_setting_connected_threat_defense_control_manager_manual_source" + + "_server_url": "platformSettingConnectedThreatDefenseControlManagerManualSourceServerUrl", + "platform_setting_user_password_require_mixed_case_enabled": "platformSettingUserPasswordRequireMixedCaseEnabled", + "platform_setting_trend_micro_xdr_identity_provider_api_url": "platformSettingTrendMicroXdrIdentityProviderApiUrl", + "platform_setting_smart_protection_feedback_for_suspicious_file_enabled": "platformSettingSmartProtectionFeedbackForSuspiciousFileEnabled", + "platform_setting_primary_tenant_allow_tenant_configure_snmp_enabled": "platformSettingPrimaryTenantAllowTenantConfigureSnmpEnabled", + "platform_setting_smart_protection_feedback_industry_type": "platformSettingSmartProtectionFeedbackIndustryType", + "web_reputation_setting_retain_event_duration": "webReputationSettingRetainEventDuration", + "platform_setting_retain_server_log_duration": "platformSettingRetainServerLogDuration", + "integrity_monitoring_setting_event_rank_severity_medium": "integrityMonitoringSettingEventRankSeverityMedium", + "platform_setting_proxy_manager_cloud_proxy_id": "platformSettingProxyManagerCloudProxyId", + "platform_setting_update_relay_security_all_regions_patterns_download_enabled": "platformSettingUpdateRelaySecurityAllRegionsPatternsDownloadEnabled", + "platform_setting_ddan_submission_enabled": "platformSettingDdanSubmissionEnabled", + "web_reputation_setting_event_rank_risk_suspicious": "webReputationSettingEventRankRiskSuspicious", + "integrity_monitoring_setting_event_rank_severity_critical": "integrityMonitoringSettingEventRankSeverityCritical", + "platform_setting_smtp_from_email_address": "platformSettingSmtpFromEmailAddress", + "firewall_setting_global_stateful_config_id": "firewallSettingGlobalStatefulConfigId", + "platform_setting_event_forwarding_sns_topic_arn": "platformSettingEventForwardingSnsTopicArn", + "firewall_setting_internet_connectivity_test_expected_content_regex": "firewallSettingInternetConnectivityTestExpectedContentRegex", + "platform_setting_connected_threat_defense_control_manager_manual_source_api_key": "platformSettingConnectedThreatDefenseControlManagerManualSourceApiKey", + "platform_setting_load_balancer_manager_address": "platformSettingLoadBalancerManagerAddress", + "platform_setting_update_security_primary_source_mode": "platformSettingUpdateSecurityPrimarySourceMode", + "platform_setting_primary_tenant_share_connected_threat_defenses_enabled": "platformSettingPrimaryTenantShareConnectedThreatDefensesEnabled", + "web_reputation_setting_event_rank_risk_dangerous": "webReputationSettingEventRankRiskDangerous", + "platform_setting_load_balancer_heartbeat_port": "platformSettingLoadBalancerHeartbeatPort", + "platform_setting_user_hide_unlicensed_modules_enabled": "platformSettingUserHideUnlicensedModulesEnabled", + "platform_setting_capture_encrypted_traffic_enabled": "platformSettingCaptureEncryptedTrafficEnabled", + "platform_setting_retain_system_event_duration": "platformSettingRetainSystemEventDuration", + "platform_setting_user_password_expiry": "platformSettingUserPasswordExpiry", + "platform_setting_smart_protection_feedback_enabled": "platformSettingSmartProtectionFeedbackEnabled", + "integrity_monitoring_setting_retain_event_duration": "integrityMonitoringSettingRetainEventDuration", + "platform_setting_primary_tenant_allow_tenant_use_scheduled_run_script" + + "_task_enabled": "platformSettingPrimaryTenantAllowTenantUseScheduledRunScriptTaskEnabled", + "log_inspection_setting_event_rank_severity_critical": "logInspectionSettingEventRankSeverityCritical", + "platform_setting_primary_tenant_lock_and_hide_tenant_smtp_tab_enabled": "platformSettingPrimaryTenantLockAndHideTenantSmtpTabEnabled", + "platform_setting_ddan_proxy_id": "platformSettingDdanProxyId", + "platform_setting_agent_initiated_activation_within_ip_list_id": "platformSettingAgentInitiatedActivationWithinIpListId", + "platform_setting_update_security_primary_source_url": "platformSettingUpdateSecurityPrimarySourceUrl", + "platform_setting_agentless_vcloud_protection_enabled": "platformSettingAgentlessVcloudProtectionEnabled", + "platform_setting_linux_upgrade_on_activation_enabled": "platformSettingLinuxUpgradeOnActivationEnabled", + "platform_setting_trend_micro_xdr_enabled": "platformSettingTrendMicroXdrEnabled", + "platform_setting_active_sessions_max_exceeded_action": "platformSettingActiveSessionsMaxExceededAction", + "platform_setting_update_hostname_on_ip_change_enabled": "platformSettingUpdateHostnameOnIpChangeEnabled", + "log_inspection_setting_event_rank_severity_high": "logInspectionSettingEventRankSeverityHigh", + "platform_setting_smtp_requires_authentication_enabled": "platformSettingSmtpRequiresAuthenticationEnabled", + "platform_setting_active_sessions_max": "platformSettingActiveSessionsMax", + "platform_setting_aws_external_id_retrieval_enabled": "platformSettingAwsExternalIdRetrievalEnabled", + "log_inspection_setting_event_rank_severity_low": "logInspectionSettingEventRankSeverityLow", + "platform_setting_azure_sso_certificate": "platformSettingAzureSsoCertificate", + "platform_setting_smtp_username": "platformSettingSmtpUsername", + "platform_setting_event_forwarding_sns_advanced_config_enabled": "platformSettingEventForwardingSnsAdvancedConfigEnabled", + "firewall_setting_internet_connectivity_test_interval": "firewallSettingInternetConnectivityTestInterval", + "platform_setting_whois_url": "platformSettingWhoisUrl", + "platform_setting_ddan_source_option": "platformSettingDdanSourceOption", + "platform_setting_connected_threat_defense_control_manager_suspicious_object" + + "_list_comparison_enabled": "platformSettingConnectedThreatDefenseControlManagerSuspiciousObjectListComparisonEnabled", + "platform_setting_exported_file_character_encoding": "platformSettingExportedFileCharacterEncoding", + "platform_setting_user_session_duration_max": "platformSettingUserSessionDurationMax", + "platform_setting_update_software_alternate_update_server_urls": "platformSettingUpdateSoftwareAlternateUpdateServerUrls", + "platform_setting_retain_counters_duration": "platformSettingRetainCountersDuration", + "platform_setting_primary_tenant_allow_tenant_run_computer_discovery_enabled": "platformSettingPrimaryTenantAllowTenantRunComputerDiscoveryEnabled", + "platform_setting_smart_protection_feedback_interval": "platformSettingSmartProtectionFeedbackInterval", + "platform_setting_system_event_forwarding_snmp_address": "platformSettingSystemEventForwardingSnmpAddress", + "platform_setting_smtp_server_address": "platformSettingSmtpServerAddress", + "platform_setting_primary_tenant_allow_tenant_configure_siem_enabled": "platformSettingPrimaryTenantAllowTenantConfigureSiemEnabled", + "platform_setting_smtp_password": "platformSettingSmtpPassword", + "platform_setting_event_forwarding_sns_config_json": "platformSettingEventForwardingSnsConfigJson", + "firewall_setting_retain_event_duration": "firewallSettingRetainEventDuration", + "web_reputation_setting_event_rank_risk_untested": "webReputationSettingEventRankRiskUntested", + "platform_setting_managed_detect_response_use_proxy_enabled": "platformSettingManagedDetectResponseUseProxyEnabled", + "platform_setting_event_forwarding_sns_secret_key": "platformSettingEventForwardingSnsSecretKey", + "platform_setting_logo_binary_image_img": "platformSettingLogoBinaryImageImg", + "platform_setting_aws_manager_identity_secret_key": "platformSettingAwsManagerIdentitySecretKey", + "web_reputation_setting_event_rank_risk_highly_suspicious": "webReputationSettingEventRankRiskHighlySuspicious", + "platform_setting_api_status_monitoring_enabled": "platformSettingApiStatusMonitoringEnabled", + "platform_setting_sign_in_page_message": "platformSettingSignInPageMessage", + "platform_setting_user_password_expiry_send_email_enabled": "platformSettingUserPasswordExpirySendEmailEnabled", + "platform_setting_user_sign_in_attempts_allowed_number": "platformSettingUserSignInAttemptsAllowedNumber", + "platform_setting_ddan_use_proxy_enabled": "platformSettingDdanUseProxyEnabled", + "platform_setting_agent_initiated_activation_enabled": "platformSettingAgentInitiatedActivationEnabled", + "platform_setting_primary_tenant_allow_tenant" + + "_configure_remember_me_option_enabled": "platformSettingPrimaryTenantAllowTenantConfigureRememberMeOptionEnabled", + "platform_setting_smart_protection_feedback_bandwidth_max_kbytes": "platformSettingSmartProtectionFeedbackBandwidthMaxKbytes", + "firewall_setting_event_rank_severity_packet_rejection": "firewallSettingEventRankSeverityPacketRejection", + "platform_setting_proxy_manager_update_proxy_id": "platformSettingProxyManagerUpdateProxyId", + "platform_setting_managed_detect_response_use_primary_tenant_settings_enabled": "platformSettingManagedDetectResponseUsePrimaryTenantSettingsEnabled", + "platform_setting_event_forwarding_sns_access_key": "platformSettingEventForwardingSnsAccessKey", + "platform_setting_agent_initiated_activation_specify_hostname_enabled": "platformSettingAgentInitiatedActivationSpecifyHostnameEnabled", + "platform_setting_primary_tenant_allow_tenant_sync_with_cloud_account_enabled": "platformSettingPrimaryTenantAllowTenantSyncWithCloudAccountEnabled", + "platform_setting_connected_threat_defenses" + + "_use_primary_tenant_server_settings_enabled": "platformSettingConnectedThreatDefensesUsePrimaryTenantServerSettingsEnabled", + "platform_setting_inactive_agent_cleanup_duration": "platformSettingInactiveAgentCleanupDuration", + "platform_setting_agent_initiated_activation_duplicate_hostname_mode": "platformSettingAgentInitiatedActivationDuplicateHostnameMode", + "platform_setting_vmware_nsx_manager_node": "platformSettingVmwareNsxManagerNode", + "platform_setting_user_enforce_terms_and_conditions_title": "platformSettingUserEnforceTermsAndConditionsTitle", + "platform_setting_primary_tenant_allow_tenant_add_vmware_vcenter_enabled": "platformSettingPrimaryTenantAllowTenantAddVmwareVcenterEnabled", + "platform_setting_new_tenant_download_security_update_enabled": "platformSettingNewTenantDownloadSecurityUpdateEnabled", + "platform_setting_tenant_protection_usage_monitoring_computer_id_3": "platformSettingTenantProtectionUsageMonitoringComputerId3", + "platform_setting_agent_initiated_activation_reactivate_unknown_enabled": "platformSettingAgentInitiatedActivationReactivateUnknownEnabled", + "platform_setting_tenant_protection_usage_monitoring_computer_id_2": "platformSettingTenantProtectionUsageMonitoringComputerId2", + "platform_setting_agent_initiated_activation_policy_id": "platformSettingAgentInitiatedActivationPolicyId", + "platform_setting_tenant_protection_usage_monitoring_computer_id_1": "platformSettingTenantProtectionUsageMonitoringComputerId1", + "platform_setting_trend_micro_xdr_api_server_url": "platformSettingTrendMicroXdrApiServerUrl", + "platform_setting_retain_agent_installers_per_platform_max": "platformSettingRetainAgentInstallersPerPlatformMax", + "application_control_setting_serve_rulesets_from_relays_enabled": "applicationControlSettingServeRulesetsFromRelaysEnabled", + "integrity_monitoring_setting_event_rank_severity_high": "integrityMonitoringSettingEventRankSeverityHigh", + "platform_setting_saml_retain_inactive_external_administrators_duration": "platformSettingSamlRetainInactiveExternalAdministratorsDuration", + "intrusion_prevention_setting_retain_event_duration": "intrusionPreventionSettingRetainEventDuration", + "platform_setting_http_public_key_pin_policy_report_only_enabled": "platformSettingHttpPublicKeyPinPolicyReportOnlyEnabled", + "platform_setting_saml_service_provider_name": "platformSettingSamlServiceProviderName", + "firewall_setting_internet_connectivity_test_url": "firewallSettingInternetConnectivityTestUrl", + "platform_setting_saml_service_provider_certificate_expiry_warning_days": "platformSettingSamlServiceProviderCertificateExpiryWarningDays", + "platform_setting_proxy_agent_update_proxy_id": "platformSettingProxyAgentUpdateProxyId", + "platform_setting_ddan_auto_submission_enabled": "platformSettingDdanAutoSubmissionEnabled", + "platform_setting_ddan_manual_source_api_key": "platformSettingDdanManualSourceApiKey", + "platform_setting_saml_service_provider_entity_id": "platformSettingSamlServiceProviderEntityId", + "intrusion_prevention_setting_event_rank_severity_filter_error": "intrusionPreventionSettingEventRankSeverityFilterError", + "intrusion_prevention_setting_event_rank_severity_filter_high": "intrusionPreventionSettingEventRankSeverityFilterHigh", + "platform_setting_trend_micro_xdr_api_key": "platformSettingTrendMicroXdrApiKey", + "integrity_monitoring_setting_event_rank_severity_low": "integrityMonitoringSettingEventRankSeverityLow", + "platform_setting_trend_micro_xdr_company_id": "platformSettingTrendMicroXdrCompanyId", +} + +api_object = "/api/systemsettings" +api_return = "systemSettings" + + +def display_gathered_result(argspec, module, deepsec_request): + return_config = {} + if module.params.get("config") and module.params.get("config").get("name"): + return_get = {} + for each in module.params["config"]["name"]: + return_val = deepsec_request.get(api_object + "/{0}".format(key_transform[each])) + return_get.update({each: return_val}) + return_config["config"] = return_get + else: + return_get = deepsec_request.get(api_object) + return_config["config"] = map_obj_to_params(return_get, key_transform, api_return) + utils.validate_config(argspec, return_config) + module.exit_json(gathered=return_config, changed=False) + + +def search_for_system_settings_default(deepsec_api_request): + search_existing_system_setting = deepsec_api_request.get(api_object) + return search_existing_system_setting + + +def reset_module_api_config(argspec, module, deepsec_request): + if ( + module.params + and not module.params["config"].get("name") + and len(module.params["config"]) >= 1 + ): + name = [] + for each in module.params["config"]: + name.append(each) + module.params["config"]["name"] = name + if module.params and module.params["config"].get("name"): + config = {} + before = {} + after = {} + changed = False + for each in module.params["config"]["name"]: + system_setting_name = key_transform[each] + search_result = search_for_system_settings_default(deepsec_request) + before.update({each: search_result[system_setting_name]}) + if ( + search_result + and search_result[system_setting_name]["value"] + != argspec["config"]["options"][each]["options"]["value"]["default"] + ): + changed = True + reset_return = delete_config_with_id( + module, + deepsec_request, + api_object.split("/")[2], + system_setting_name, + api_return, + ) + after.update({each: reset_return}) + else: + after.update({each: search_result[system_setting_name]}) + if changed: + config.update({"before": before, "after": after}) + module.exit_json(system_settings=config, changed=True) + else: + config.update({"before": before}) + module.exit_json(system_settings=config, changed=False) + + +def configure_module_api(argspec, module, deepsec_request): + if module.params: + config = {} + before = {} + after = {} + changed = False + search_result = search_for_system_settings_default(deepsec_request) + temp_config = {} + for k, v in iteritems(module.params["config"]): + system_setting_name = key_transform[k] + before.update({k: search_result[system_setting_name]}) + if ( + system_setting_name in search_result + and search_result[system_setting_name]["value"].lower() != str(v["value"]).lower() + ): + changed = True + if v["value"] == "True" or v["value"] == "False": + temp_config.update({system_setting_name: {"value": v["value"].lower()}}) + else: + temp_config.update({system_setting_name: v}) + after.update({k: v}) + if len(temp_config) == 1: + for k, v in iteritems(temp_config): + api_key = deepsec_request.post("{0}/{1}".format(api_object, k), data=v) + if api_key.get("errors"): + module.fail_json(msg=api_key["errors"]) + elif api_key.get("message"): + module.fail_json(msg=api_key["message"]) + elif len(temp_config) > 1: + api_key = deepsec_request.post("{0}".format(api_object), data=temp_config) + if api_key.get("errors"): + module.fail_json(msg=api_key["errors"]) + elif api_key.get("message"): + module.fail_json(msg=api_key["message"]) + if changed: + config.update({"before": before, "after": after}) + module.exit_json(system_settings=config, changed=True) + else: + config.update({"before": before}) + module.exit_json(system_settings=config, changed=False) + + +def main(): + argspec = dict( + state=dict(choices=["present", "absent", "gathered"], default="present"), + config=dict( + type="dict", + options=dict( + name=dict(type="list", elements="str"), + platform_setting_saml_identity_provider_certificate_expiry_warning_daysr=dict( + type="dict", + options=dict(value=dict(type="str", default="30")), + ), + platform_setting_allow_packet_data_capture_in_network_events=dict( + type="dict", options=dict(value=dict(type="str")) + ), + platform_setting_dsm_as_xbc_agent_feature_enabled=dict( + type="dict", options=dict(value=dict(type="bool")) + ), + platform_setting_update_agent_security_on_missing_deep_security_manager_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_ddan_manual_source_server_url=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_load_balancer_manager_port=dict( + type="dict", + options=dict(value=dict(type="str", default="4119")), + ), + platform_setting_smart_protection_feedback_threat_detections_threshold=dict( + type="dict", + options=dict(value=dict(type="str", default="10")), + ), + platform_setting_primary_tenant_allow_tenant_run_port_scan_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + intrusion_prevention_setting_event_rank_severity_filter_medium=dict( + type="dict", + options=dict(value=dict(type="str", default="25")), + ), + firewall_setting_intranet_connectivity_test_expected_content_regex=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_event_forwarding_sns_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_tenant_auto_revoke_impersonation_by_primary_tenant_timeout=dict( + type="dict", + options=dict(value=dict(type="str", default="4 Hours")), + ), + web_reputation_setting_event_rank_risk_blocked_by_administrator_rank=dict( + type="dict", + options=dict(value=dict(type="str", default="100")), + ), + platform_setting_primary_tenant_lock_and_hide_tenant_storage_tab_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + anti_malware_setting_event_email_recipients=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_primary_tenant_allow_tenant_use_default_relay_group_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_http_strict_transport_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + firewall_setting_intranet_connectivity_test_url=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_primary_tenant_allow_tenant_configure_sns_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_tenant_use_default_relay_group_from_primary_tenant_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_exported_diagnostic_package_locale=dict( + type="dict", + options=dict(value=dict(type="str", default="en_US")), + ), + intrusion_prevention_setting_event_rank_severity_filter_critical=dict( + type="dict", + options=dict(value=dict(type="str", default="100")), + ), + platform_setting_update_imported_software_auto_download_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_demo_mode_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_user_enforce_terms_and_conditions_message=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_trend_micro_xdr_common_log_receiver_url=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_managed_detect_response_company_guid=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_alert_default_email_address=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_agent_initiated_activation_reactivate_cloned_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_managed_detect_response_server_url=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_primary_tenant_share_managed_detect_responses_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_saml_service_provider_certificate=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_syslog_config_id=dict( + type="dict", + options=dict(value=dict(type="str", default="0")), + ), + platform_setting_smtp_start_tls_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_user_password_require_letters_and_numbers_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false", no_log=False)), + no_log=False, + ), + platform_setting_primary_tenant_allow_tenant_synchronize_ldap_directories_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_load_balancer_relay_port=dict( + type="dict", + options=dict(value=dict(type="str", default="4122")), + ), + platform_setting_managed_detect_response_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_update_rules_policy_auto_apply_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_primary_tenant_allow_tenant_configure_forgot_password_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false", no_log=False)), + no_log=False, + ), + platform_setting_user_password_require_not_same_as_username_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false", no_log=False)), + no_log=False, + ), + log_inspection_setting_event_rank_severity_medium=dict( + type="dict", + options=dict(value=dict(type="str", default="25")), + ), + anti_malware_setting_retain_event_duration=dict( + type="dict", + options=dict(value=dict(type="str", default="7 Days")), + ), + platform_setting_update_agent_security_contact_primary_source_on_missing_relay_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + firewall_setting_event_rank_severity_log_only=dict( + type="dict", + options=dict(value=dict(type="str", default="1")), + ), + platform_setting_primary_tenant_lock_and_hide_tenant_data_privacy_option_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + application_control_setting_retain_event_duration=dict( + type="dict", + options=dict(value=dict(type="str", default="7 Days")), + ), + platform_setting_api_soap_web_service_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_saml_service_provider_private_key=dict( + type="dict", + options=dict(value=dict(type="str", default=None, no_log=True)), + no_log=True, + ), + platform_setting_windows_upgrade_on_activation_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_system_event_forwarding_snmp_port=dict( + type="dict", + options=dict(value=dict(type="str", default="162")), + ), + firewall_setting_event_rank_severity_deny=dict( + type="dict", + options=dict(value=dict(type="str", default="100")), + ), + intrusion_prevention_setting_event_rank_severity_filter_low=dict( + type="dict", + options=dict(value=dict(type="str", default="1")), + ), + platform_setting_primary_tenant_allow_tenant_control_impersonation_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_recommendation_cpu_usage_level=dict( + type="dict", + options=dict(value=dict(type="str", default="High")), + ), + platform_setting_managed_detect_response_service_token=dict( + type="dict", + options=dict(value=dict(type="str", default=None, no_log=True)), + no_log=True, + ), + platform_setting_load_balancer_heartbeat_address=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_trend_micro_xdr_api_user=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_content_security_policy_report_only_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + log_inspection_setting_retain_event_duration=dict( + type="dict", + options=dict(value=dict(type="str", default="7 Days")), + ), + platform_setting_tenant_auto_revoke_impersonation_by_primary_tenant_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + anti_malware_setting_event_email_body_template=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_retain_security_updates_max=dict( + type="dict", + options=dict(value=dict(type="str", default="10")), + ), + platform_setting_connected_threat_defense_control_manager_source_option=dict( + type="dict", + options=dict( + value=dict( + type="str", + default="Manually select an Apex Central server", + ) + ), + ), + anti_malware_setting_event_email_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_update_agent_software_use_download_center_on_missing_deep_security_manager_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_recommendation_ongoing_scans_enabled=dict( + type="dict", options=dict(value=dict(type="str")) + ), + platform_setting_agent_initiated_activation_token=dict( + type="dict", + options=dict(value=dict(type="str", default=None, no_log=True)), + no_log=True, + ), + platform_setting_user_password_length_min=dict( + type="dict", + options=dict(value=dict(type="str", default="8", no_log=False)), + no_log=False, + ), + platform_setting_primary_tenant_allow_tenant_database_state=dict( + type="dict", + options=dict(value=dict(type="str", default="10")), + ), + platform_setting_aws_manager_identity_use_instance_role_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_content_security_policy=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_product_usage_data_collection_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_alert_agent_update_pending_threshold=dict( + type="dict", + options=dict(value=dict(type="str", default="7 Days")), + ), + platform_setting_user_password_require_special_characters_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false", no_log=False)), + no_log=False, + ), + platform_setting_update_appliance_default_agent_version=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_system_event_forwarding_snmp_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_smtp_bounce_email_address=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_update_relay_security_support_agent_9and_earlier_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_managed_detect_response_proxy_id=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_trend_micro_xdr_log_server_url=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_inactive_agent_cleanup_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_load_balancer_relay_address=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_http_public_key_pin_policy=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_user_session_idle_timeout=dict( + type="dict", + options=dict(value=dict(type="str", default="30 Minutes")), + ), + anti_malware_setting_event_email_subject=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_connected_threat_defense_control_manager_use_proxy_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_user_enforce_terms_and_conditions_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_aws_manager_identity_access_key=dict( + type="dict", + options=dict(value=dict(type="str", default=None, no_log=True)), + no_log=True, + ), + platform_setting_connected_threat_defense_control_manager_proxy_id=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_tenant_allow_impersonation_by_primary_tenant_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_connected_threat_defense_control_manager_manual_source_server_url=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_user_password_require_mixed_case_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false", no_log=False)), + no_log=False, + ), + platform_setting_trend_micro_xdr_identity_provider_api_url=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_smart_protection_feedback_for_suspicious_file_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_primary_tenant_allow_tenant_configure_snmp_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_smart_protection_feedback_industry_type=dict( + type="dict", + options=dict(value=dict(type="str", default="Not specified")), + ), + web_reputation_setting_retain_event_duration=dict( + type="dict", + options=dict(value=dict(type="str", default="7 Days")), + ), + platform_setting_retain_server_log_duration=dict( + type="dict", + options=dict(value=dict(type="str", default="7 Days")), + ), + integrity_monitoring_setting_event_rank_severity_medium=dict( + type="dict", + options=dict(value=dict(type="str", default="25")), + ), + platform_setting_proxy_manager_cloud_proxy_id=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_update_relay_security_all_regions_patterns_download_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_ddan_submission_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + web_reputation_setting_event_rank_risk_suspicious=dict( + type="dict", + options=dict(value=dict(type="str", default="25")), + ), + integrity_monitoring_setting_event_rank_severity_critical=dict( + type="dict", + options=dict(value=dict(type="str", default="100")), + ), + platform_setting_smtp_from_email_address=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_event_forwarding_sns_topic_arn=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + firewall_setting_global_stateful_config_id=dict( + type="dict", + options=dict(value=dict(type="str", default="0")), + ), + firewall_setting_internet_connectivity_test_expected_content_regex=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_connected_threat_defense_control_manager_manual_source_api_key=dict( + type="dict", + options=dict(value=dict(type="str", default=None, no_log=True)), + no_log=True, + ), + platform_setting_load_balancer_manager_address=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_update_security_primary_source_mode=dict( + type="dict", + options=dict( + value=dict( + type="str", + default="Trend Micro ActiveUpdate Server", + ) + ), + ), + platform_setting_primary_tenant_share_connected_threat_defenses_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + web_reputation_setting_event_rank_risk_dangerous=dict( + type="dict", + options=dict(value=dict(type="str", default="100")), + ), + platform_setting_load_balancer_heartbeat_port=dict( + type="dict", + options=dict(value=dict(type="str", default="4120")), + ), + platform_setting_user_hide_unlicensed_modules_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_capture_encrypted_traffic_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_retain_system_event_duration=dict( + type="dict", + options=dict(value=dict(type="str", default="53 weeks")), + ), + platform_setting_user_password_expiry=dict( + type="dict", + options=dict(value=dict(type="str", default="Never", no_log=False)), + no_log=False, + ), + platform_setting_smart_protection_feedback_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + integrity_monitoring_setting_retain_event_duration=dict( + type="dict", + options=dict(value=dict(type="str", default="7 Days")), + ), + platform_setting_primary_tenant_allow_tenant_use_scheduled_run_script_task_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + log_inspection_setting_event_rank_severity_critical=dict( + type="dict", + options=dict(value=dict(type="str", default="100")), + ), + platform_setting_primary_tenant_lock_and_hide_tenant_smtp_tab_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_ddan_proxy_id=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_agent_initiated_activation_within_ip_list_id=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_update_security_primary_source_url=dict( + type="dict", + options=dict(value=dict(type="str", default="http://")), + ), + platform_setting_agentless_vcloud_protection_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_linux_upgrade_on_activation_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_trend_micro_xdr_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_active_sessions_max_exceeded_action=dict( + type="dict", + options=dict(value=dict(type="str", default="Block new sessions")), + ), + platform_setting_update_hostname_on_ip_change_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + log_inspection_setting_event_rank_severity_high=dict( + type="dict", + options=dict(value=dict(type="str", default="50")), + ), + platform_setting_smtp_requires_authentication_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_active_sessions_max=dict( + type="dict", + options=dict(value=dict(type="str", default="10")), + ), + platform_setting_aws_external_id_retrieval_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + log_inspection_setting_event_rank_severity_low=dict( + type="dict", + options=dict(value=dict(type="str", default="1")), + ), + platform_setting_azure_sso_certificate=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_smtp_username=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_event_forwarding_sns_advanced_config_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + firewall_setting_internet_connectivity_test_interval=dict( + type="dict", + options=dict(value=dict(type="str", default="10 Seconds")), + ), + platform_setting_whois_url=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_ddan_source_option=dict( + type="dict", + options=dict( + value=dict( + type="str", + default="Manually select a Deep Discovery Analyzer server", + ) + ), + ), + platform_setting_connected_threat_defense_control_manager_suspicious_object_list_comparison_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_exported_file_character_encoding=dict( + type="dict", + options=dict(value=dict(type="str", default="US-ASCII")), + ), + platform_setting_user_session_duration_max=dict( + type="dict", + options=dict(value=dict(type="str", default="No Limit")), + ), + platform_setting_update_software_alternate_update_server_urls=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_retain_counters_duration=dict( + type="dict", + options=dict(value=dict(type="str", default="13 Weeks")), + ), + platform_setting_primary_tenant_allow_tenant_run_computer_discovery_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_smart_protection_feedback_interval=dict( + type="dict", + options=dict(value=dict(type="str", default="5")), + ), + platform_setting_system_event_forwarding_snmp_address=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_smtp_server_address=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_primary_tenant_allow_tenant_configure_siem_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_smtp_password=dict( + type="dict", + options=dict(value=dict(type="str", default=None, no_log=True)), + no_log=True, + ), + platform_setting_event_forwarding_sns_config_json=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + firewall_setting_retain_event_duration=dict( + type="dict", + options=dict(value=dict(type="str", default="7 Days")), + ), + web_reputation_setting_event_rank_risk_untested=dict( + type="dict", + options=dict(value=dict(type="str", default="25")), + ), + platform_setting_managed_detect_response_use_proxy_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_event_forwarding_sns_secret_key=dict( + type="dict", + options=dict(value=dict(type="str", default=None, no_log=True)), + no_log=True, + ), + platform_setting_logo_binary_image_img=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_aws_manager_identity_secret_key=dict( + type="dict", + options=dict(value=dict(type="str", default=None, no_log=True)), + no_log=True, + ), + web_reputation_setting_event_rank_risk_highly_suspicious=dict( + type="dict", + options=dict(value=dict(type="str", default="50")), + ), + platform_setting_api_status_monitoring_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_sign_in_page_message=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_user_password_expiry_send_email_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false", no_log=False)), + no_log=False, + ), + platform_setting_user_sign_in_attempts_allowed_number=dict( + type="dict", + options=dict(value=dict(type="str", default="5")), + ), + platform_setting_ddan_use_proxy_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_agent_initiated_activation_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="For any computers")), + ), + platform_setting_primary_tenant_allow_tenant_configure_remember_me_option_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_smart_protection_feedback_bandwidth_max_kbytes=dict( + type="dict", + options=dict(value=dict(type="str", default="32")), + ), + firewall_setting_event_rank_severity_packet_rejection=dict( + type="dict", + options=dict(value=dict(type="str", default="50")), + ), + platform_setting_proxy_manager_update_proxy_id=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_managed_detect_response_use_primary_tenant_settings_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_event_forwarding_sns_access_key=dict( + type="dict", + options=dict(value=dict(type="str", default=None, no_log=True)), + no_log=True, + ), + platform_setting_agent_initiated_activation_specify_hostname_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_primary_tenant_allow_tenant_sync_with_cloud_account_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_connected_threat_defenses_use_primary_tenant_server_settings_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_inactive_agent_cleanup_duration=dict( + type="dict", + options=dict(value=dict(type="str", default="1 Month")), + ), + platform_setting_agent_initiated_activation_duplicate_hostname_mode=dict( + type="dict", + options=dict( + value=dict( + type="str", + default="Re-activate the existing Computer", + ) + ), + ), + platform_setting_vmware_nsx_manager_node=dict( + type="dict", + options=dict(value=dict(type="str", default="1")), + ), + platform_setting_user_enforce_terms_and_conditions_title=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_primary_tenant_allow_tenant_add_vmware_vcenter_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_new_tenant_download_security_update_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_tenant_protection_usage_monitoring_computer_id_3=dict( + type="dict", + options=dict(value=dict(type="str", default="Platform")), + ), + platform_setting_agent_initiated_activation_reactivate_unknown_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_tenant_protection_usage_monitoring_computer_id_2=dict( + type="dict", + options=dict(value=dict(type="str", default="Last Used IP Address")), + ), + platform_setting_agent_initiated_activation_policy_id=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_tenant_protection_usage_monitoring_computer_id_1=dict( + type="dict", + options=dict(value=dict(type="str", default="Hostname")), + ), + platform_setting_trend_micro_xdr_api_server_url=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_retain_agent_installers_per_platform_max=dict( + type="dict", + options=dict(value=dict(type="str", default="5")), + ), + application_control_setting_serve_rulesets_from_relays_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + integrity_monitoring_setting_event_rank_severity_high=dict( + type="dict", + options=dict(value=dict(type="str", default="50")), + ), + platform_setting_saml_retain_inactive_external_administrators_duration=dict( + type="dict", + options=dict(value=dict(type="str", default="365")), + ), + intrusion_prevention_setting_retain_event_duration=dict( + type="dict", + options=dict(value=dict(type="str", default="7 Days")), + ), + platform_setting_http_public_key_pin_policy_report_only_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="true")), + ), + platform_setting_saml_service_provider_name=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + firewall_setting_internet_connectivity_test_url=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_saml_service_provider_certificate_expiry_warning_days=dict( + type="dict", + options=dict(value=dict(type="str", default="30")), + ), + platform_setting_proxy_agent_update_proxy_id=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + platform_setting_ddan_auto_submission_enabled=dict( + type="dict", + options=dict(value=dict(type="str", default="false")), + ), + platform_setting_ddan_manual_source_api_key=dict( + type="dict", + options=dict(value=dict(type="str", default=None, no_log=True)), + no_log=True, + ), + platform_setting_saml_service_provider_entity_id=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + intrusion_prevention_setting_event_rank_severity_filter_error=dict( + type="dict", + options=dict(value=dict(type="str", default="100")), + ), + intrusion_prevention_setting_event_rank_severity_filter_high=dict( + type="dict", + options=dict(value=dict(type="str", default="50")), + ), + platform_setting_trend_micro_xdr_api_key=dict( + type="dict", + options=dict(value=dict(type="str", default=None, no_log=True)), + no_log=True, + ), + integrity_monitoring_setting_event_rank_severity_low=dict( + type="dict", + options=dict(value=dict(type="str", default="1")), + ), + platform_setting_trend_micro_xdr_company_id=dict( + type="dict", + options=dict(value=dict(type="str", default=None)), + ), + ), + ), + ) + + module = AnsibleModule(argument_spec=argspec, supports_check_mode=True) + deepsec_request = DeepSecurityRequest(module) + module.params = utils.remove_empties(module.params) + + if module.params["state"] == "gathered": + display_gathered_result(argspec=argspec, module=module, deepsec_request=deepsec_request) + elif module.params["state"] == "absent": + reset_module_api_config(argspec=argspec, module=module, deepsec_request=deepsec_request) + elif module.params["state"] == "present": + configure_module_api(argspec=argspec, module=module, deepsec_request=deepsec_request) + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/firewallrules_config.py b/plugins/modules/firewallrules_config.py deleted file mode 100644 index 4d2ff68..0000000 --- a/plugins/modules/firewallrules_config.py +++ /dev/null @@ -1,659 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2020 Red Hat -# GNU General Public License v3.0+ -# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import absolute_import, division, print_function - -__metaclass__ = type - - -ANSIBLE_METADATA = { - "metadata_version": "1.1", - "status": ["preview"], - "supported_by": "community", -} - -DOCUMENTATION = """ ---- -module: firewallrules_config -short_description: Create a new firewall rule. -description: - - This module creates a new firewall rule under TrendMicro Deep Security. -version_added: "1.0.0" -options: - name: - description: Name of the firewall rule. Searchable as String. - required: true - type: str - description: - description: Description of the firewall rule. Searchable as String. - required: false - type: str - action: - description: Action of the packet filter. Searchable as Choice. - required: false - choices: ["log-only", "allow", "deny", "force-allow", "bypass"] - type: str - priority: - description: Priority of the packet filter. Searchable as Choice. - required: false - choices: ["0", "1", "2", "3", "4"] - type: str - direction: - description: Packet direction. Searchable as Choice. - required: false - choices: ["incoming", "outgoing"] - type: str - frame_type: - description: Supported frame types. Searchable as Choice. - required: false - choices: ["any", "ip", "arp", "revarp", "ipv4", "ipv6", "other"] - type: str - frame_number: - description: Ethernet frame number. Only required for FrameType "other". - Searchable as Numeric. - required: false - type: int - frame_not: - description: Controls if the frame setting should be inverted. Set to true to invert. - Searchable as Boolean. - required: false - type: bool - protocol: - description: Protocol. Searchable as Choice. - required: false - choices: ["any", "icmp", "igmp", "ggp", "tcp", "pup", "udp", "idp", "nd", "raw", "tcp-udp", "icmpv6", "other"] - type: str - protocol_number: - description: Two-byte protocol number. Searchable as Numeric. - Searchable as Numeric. - required: false - type: int - protocol_not: - description: Controls if the protocol setting should be inverted. Set to true to invert. - Searchable as Boolean. - required: false - type: bool - source_iptype: - description: Source IP type. Default is "any". Searchable as Choice. - required: false - choices: ["any", "masked-ip", "range", "ip-list", "single", "multiple"] - type: str - source_ipvalue: - description: Source IP. Only applies to source IP type "masked-ip" or "single". - Searchable as String. - required: false - type: str - source_ipmask: - description: Source IP mask. Only applies to source IP type "masked-ip". Searchable as String. - Searchable as String. - required: false - type: str - source_iprange_from: - description: The first value for a range of source IP addresses. Only applies to source IP type "range". - Searchable as String. - required: false - type: str - source_iprange_to: - description: The last value for a range of source IP addresses. Only applies to source IP type "range". - Searchable as String. - required: false - type: str - source_ipmultiple: - description: List of source IP addresses. Only applies to source IP type "multiple". Searchable as String. - Searchable as String. - required: false - type: list - elements: str - source_iplist_id: - description: ID of source IP list. Only applies to source IP type "ip-list". Searchable as Numeric. - required: false - type: int - source_ipnot: - description: Controls if the source IP setting should be inverted. Set to true to invert. - Searchable as Boolean. - required: false - type: bool - source_mactype: - description: Source MAC type. Default is "any". Searchable as Choice. - required: false - choices: ["any", "single", "mac-list", "multiple"] - type: str - source_macvalue: - description: Source MAC address. Only applies to MAC type "single". Searchable as String. - required: false - type: str - source_macmultiple: - description: List of MAC addresses. Only applies to MAC type "multiple". Searchable as String. - required: false - type: list - elements: str - source_maclist_id: - description: ID of MAC address list. Only applies to MAC type "mac-list". Searchable as Numeric. - required: false - type: int - source_macnot: - description: Controls if the source MAC setting should be inverted. Set to true to invert. - Searchable as Boolean. - required: false - type: bool - source_port_type: - description: The type of source port. Searchable as Choice. - required: false - choices: ["any", "multiple", "port-list"] - type: str - source_port_multiple: - description: List of comma-delimited source ports. Only applies to source type "multiple". - Searchable as String. - required: false - type: list - elements: str - source_port_list_id - description: ID of source port list. Only applies to source type "port-list". Searchable as Numeric. - required: false - type: int - source_port_not: - description: Controls if the source MAC setting should be inverted. Set to true to invert. - Searchable as Boolean. - required: false - type: bool - destination_iptype: - description: Destination IP type. Default is "any". Searchable as Choice. - required: false - choices: ["any", "masked-ip", "range", "ip-list", "single", "multiple"] - type: str - destination_ipvalue: - description: Destination IP. Only applies to destination IP type "masked-ip" or "single". - Searchable as String. - required: false - type: str - destination_ipmask: - description: Destination IP mask. Only applies to destination IP type "masked-ip". Searchable as String. - Searchable as String. - required: false - type: str - destination_iprange_from: - description: The first value for a range of destination IP addresses. Only applies to estination IP - type "range". Searchable as String. - required: false - type: str - destination_iprange_to: - description: The last value for a range of destination IP addresses. Only applies to destination IP - type "range". Searchable as String. - required: false - type: str - destination_ipmultiple: - description: List of comma-delimited destination IP addresses. Only applies to destination IP - type "multiple". Searchable as String. - required: false - type: list - elements: str - destination_iplist_id: - description: ID of destination IP list. Only applies to destination IP type "ip-list". - Searchable as Numeric. - required: false - type: int - destination_ipnot: - description: Controls if the destination IP setting should be inverted. Set to true to invert. - Searchable as Boolean. - required: false - type: bool - destination_mactype: - description: Destination MAC type. Default is "any". Searchable as Choice. - required: false - choices: ["any", "single", "mac-list", "multiple"] - type: str - destination_macvalue: - description: Destination MAC address. Only applies to MAC type "single". Searchable as String. - required: false - type: str - destination_macmultiple: - description: List of comma-delimited MAC addresses. Only applies to MAC type "multiple". - Searchable as String. - required: false - type: list - elements: str - destination_maclist_id: - description: ID of MAC address list. Only applies to MAC type "mac-list". Searchable as Numeric. - required: false - type: int - destination_macnot: - description: Controls if the destination MAC setting should be inverted. Set to true to invert. - Searchable as Boolean. - required: false - type: bool - destination_port_type: - description: The type of destination port. Searchable as Choice. - required: false - choices: ["any", "multiple", "port-list"] - type: str - destination_port_multiple: - description: List of comma-delimited destination ports. Only applies to destination type "multiple". - Searchable as String. - required: false - type: list - elements: str - destination_port_list_id: - description: ID of destination port list. Only applies to destination type "port-list". - Searchable as Numeric. - required: false - type: int - destination_port_not: - description: Controls if the destination port setting should be inverted. Set to true to invert. - Searchable as Boolean. - required: false - type: bool - any_flags: - description: True if any flags are used. Searchable as Boolean. - required: false - type: bool - log_disabled: - description: Controls if logging for this filter is disabled. Only applies to filter - action "log-only" or "deny". Searchable as Boolean. - required: false - type: bool - include_packet_data: - description: Controls if this filter should capture data for every log. Searchable as Boolean. - required: false - type: bool - alert_enabled: - description: Controls if this filter should be alerted on. Searchable as Boolean. - required: false - type: bool - context_id: - description: ID of the schedule to control when this filter is "on". Searchable as Numeric. - required: false - type: int - contextID: - description: RuleContext that is applied to this filter. Searchable as Numeric. - required: false - type: int - tcpflags: - description: TCP flags - required: false - choices: ["fin", "syn", "rst", "psh", "ack", "urg"] - type: list - elements: str - tcpnot: - description: TCP Not - required: false - type: bool - icmptype: - description: ICMP Type - required: false - type: int - icmpcode: - description: ICMPCode - required: false - type: int - icmpnot: - description: ICMP Not - required: false - type: bool -state: - description: - - The state the configuration should be left in - type: str - choices: - - present - - absent - default: present - -author: Ansible Security Automation Team (@justjais) " -""" - -EXAMPLES = """ -- name: Create/Config a new Firewall Rule Config - trendmicro.deepsec.firewallrules_config: - state: present - name: test_firewallrule config - description: test firewall description - action: deny - priority: 0 - source_iptype: any - destination_iptype: any - direction: incoming - protocol: tcp - tcpflags: - - syn -- name: Delete/Remove the existing Firewall rule Config - trendmicro.deepsec.firewallrules_config: - state: absent - name: test_firewallrule config -""" - -RETURN = """ -updates: - description: The set of commands that will be pushed to the remote device - returned: always -""" - -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.trendmicro.deepsec.plugins.module_utils.deepsec import ( - DeepSecurityRequest, - check_if_config_exists, - delete_config_with_id, -) -from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( - remove_empties, -) - - -def map_params_to_obj(module_params): - # populate the firewall rules dict with actual api expected values - obj = {} - obj["name"] = module_params["name"] - if module_params.get("description"): - obj["description"] = module_params.get("description") - if module_params.get("action"): - obj["action"] = module_params.get("action") - if module_params.get("priority"): - obj["priority"] = module_params.get("priority") - if module_params.get("direction"): - obj["direction"] = module_params.get("direction") - if module_params.get("frame_type"): - obj["frameType"] = module_params.get("frame_type") - if module_params.get("frame_number"): - obj["frameNumber"] = module_params.get("frame_number") - if module_params.get("frame_not"): - obj["frameNot"] = module_params.get("frame_not") - if module_params.get("protocol"): - obj["protocol"] = module_params.get("protocol") - if module_params.get("protocol_number"): - obj["protocolNumber"] = module_params.get("protocol_number") - if module_params.get("protocol_not"): - obj["protocolNot"] = module_params.get("protocol_not") - if module_params.get("source_iptype"): - obj["sourceIPType"] = module_params.get("source_iptype") - if module_params.get("source_ipvalue"): - obj["sourceIPValue"] = module_params.get("source_ipvalue") - if module_params.get("source_ipmask"): - obj["sourceIPMask"] = module_params.get("source_ipmask") - if module_params.get("source_iprange_from"): - obj["sourceIPRangeFrom"] = module_params.get("source_iprange_from") - if module_params.get("source_iprange_to"): - obj["sourceIPRangeTo"] = module_params.get("source_iprange_to") - if module_params.get("source_ipmultiple"): - obj["sourceIPMultiple"] = module_params.get("source_ipmultiple") - if module_params.get("source_iplist_id"): - obj["sourceIPListID"] = module_params.get("source_iplist_id") - if module_params.get("source_ipnot"): - obj["sourceIPNot"] = module_params.get("source_ipnot") - if module_params.get("source_mactype"): - obj["sourceMACType"] = module_params.get("source_mactype") - if module_params.get("source_macvalue"): - obj["sourceMACValue"] = module_params.get("source_macvalue") - if module_params.get("source_macmultiple"): - obj["sourceMACMultiple"] = module_params.get("source_macmultiple") - if module_params.get("source_maclist_id"): - obj["sourceMACListID"] = module_params.get("source_maclist_id") - if module_params.get("source_macnot"): - obj["sourceMACNot"] = module_params.get("source_macnot") - if module_params.get("source_port_type"): - obj["sourcePortType"] = module_params.get("source_port_type") - if module_params.get("source_port_multiple"): - obj["sourcePortMultiple"] = module_params.get("source_port_multiple") - if module_params.get("source_port_list_id"): - obj["sourcePortListID"] = module_params.get("source_port_list_id") - if module_params.get("source_port_not"): - obj["sourcePortNot"] = module_params.get("source_port_not") - if module_params.get("destination_iptype"): - obj["destinationIPType"] = module_params.get("destination_iptype") - if module_params.get("destination_ipvalue"): - obj["destinationIPValue"] = module_params.get("destination_ipvalue") - if module_params.get("destination_ipmask"): - obj["destinationIPMask"] = module_params.get("destination_ipmask") - if module_params.get("destination_iprange_from"): - obj["destinationIPRangeFrom"] = module_params.get( - "destination_iprange_from" - ) - if module_params.get("destination_iprange_to"): - obj["destinationIPRangeTo"] = module_params.get( - "destination_iprange_to" - ) - if module_params.get("destination_ipmultiple"): - obj["destinationIPMultiple"] = module_params.get( - "destination_ipmultiple" - ) - if module_params.get("destination_iplist_id"): - obj["destinationIPListID"] = module_params.get("destination_iplist_id") - if module_params.get("destination_ipnot"): - obj["destinationIPNot"] = module_params.get("destination_ipnot") - if module_params.get("destination_mactype"): - obj["destinationMACType"] = module_params.get("destination_mactype") - if module_params.get("destination_macvalue"): - obj["destinationMACValue"] = module_params.get("destination_macvalue") - if module_params.get("destination_macmultiple"): - obj["destinationMACMultiple"] = module_params.get( - "destination_macmultiple" - ) - if module_params.get("destination_maclist_id"): - obj["destinationMACListID"] = module_params.get( - "destination_maclist_id" - ) - if module_params.get("destination_macnot"): - obj["destinationMACNot"] = module_params.get("destination_macnot") - if module_params.get("destination_port_type"): - obj["destinationPortType"] = module_params.get("destination_port_type") - if module_params.get("destination_port_multiple"): - obj["destinationPortMultiple"] = module_params.get( - "destination_port_multiple" - ) - if module_params.get("destination_port_list_id"): - obj["destinationPortListID"] = module_params.get( - "destination_port_list_id" - ) - if module_params.get("destination_port_not"): - obj["destinationPortNot"] = module_params.get("destination_port_not") - if module_params.get("any_flags"): - obj["anyFlags"] = module_params.get("any_flags") - if module_params.get("log_disabled"): - obj["logDisabled"] = module_params.get("log_disabled") - if module_params.get("include_packet_data"): - obj["includePacketData"] = module_params.get("include_packet_data") - if module_params.get("alert_enabled"): - obj["alertEnabled"] = module_params.get("alert_enabled") - if module_params.get("schedule_id"): - obj["scheduleID"] = module_params.get("schedule_id") - if module_params.get("context_id"): - obj["contextID"] = module_params.get("context_id") - if module_params.get("tcpflags"): - obj["tcpflags"] = module_params.get("tcpflags") - if module_params.get("tcpnot"): - obj["TCPNot"] = module_params.get("tcpnot") - if module_params.get("icmptype"): - obj["ICMPType"] = module_params.get("icmptype") - if module_params.get("icmpcode"): - obj["ICMPCode"] = module_params.get("icmpcode") - if module_params.get("icmpnot"): - obj["ICMPNot"] = module_params.get("icmpnot") - - return obj - - -def main(): - - argspec = dict( - state=dict(choices=["present", "absent"], required=True), - name=dict(required=True, type="str"), - description=dict(type="str", required=False), - action=dict( - type="str", - choices=["log-only", "allow", "deny", "force-allow", "bypass"], - required=False, - ), - priority=dict( - type="str", choices=["0", "1", "2", "3", "4"], required=False - ), - direction=dict( - type="str", choices=["incoming", "outgoing"], required=False - ), - frame_type=dict( - type="str", - choices=["any", "ip", "arp", "revarp", "ipv4", "ipv6", "other"], - required=False, - ), - frame_number=dict(type="int", required=False), - frame_not=dict(type="bool", required=False), - protocol=dict( - type="str", - choices=[ - "any", - "icmp", - "igmp", - "ggp", - "tcp", - "pup", - "udp", - "idp", - "nd", - "raw", - "tcp-udp", - "icmp6", - "other", - ], - required=False, - ), - protocol_number=dict(type="int", required=False), - protocol_not=dict(type="bool", required=False), - source_iptype=dict( - type="str", - choices=[ - "any", - "masked-ip", - "range", - "ip-list", - "single", - "multiple", - ], - required=False, - ), - source_ipvalue=dict(type="str", required=False), - source_ipmask=dict(type="str", required=False), - source_iprange_from=dict(type="str", required=False), - source_iprange_to=dict(type="str", required=False), - source_ipmultiple=dict(type="list", elements="str", required=False), - source_iplist_id=dict(type="int", required=False), - source_ipnot=dict(type="bool", required=False), - source_mactype=dict( - type="str", - choices=["any", "single", "mac-list", "multiple"], - required=False, - ), - source_macvalue=dict(type="str", required=False), - source_macmultiple=dict(type="list", elements="str", required=False), - source_maclist_id=dict(type="int", required=False), - source_macnot=dict(type="bool", required=False), - source_port_type=dict( - type="str", - choices=["any", "multiple", "port-list"], - required=False, - ), - source_port_multiple=dict(type="list", elements="str", required=False), - source_port_list_id=dict(type="int", required=False), - source_port_not=dict(type="bool", required=False), - destination_iptype=dict( - type="str", - choices=[ - "any", - "masked-ip", - "range", - "ip-list", - "single", - "multiple", - ], - required=False, - ), - destination_ipvalue=dict(type="str", required=False), - destination_ipmask=dict(type="str", required=False), - destination_iprange_from=dict(type="str", required=False), - destination_iprange_to=dict(type="str", required=False), - destination_ipmultiple=dict( - type="list", elements="str", required=False - ), - destination_iplist_id=dict(type="int", required=False), - destination_ipnot=dict(type="bool", required=False), - destination_mactype=dict( - type="str", - choices=["any", "single", "mac-list", "multiple"], - required=False, - ), - destination_macvalue=dict(type="str", required=False), - destination_macmultiple=dict( - type="list", elements="str", required=False - ), - destination_maclist_id=dict(type="int", required=False), - destination_macnot=dict(type="bool", required=False), - destination_port_type=dict( - type="str", - choices=["any", "multiple", "port-list"], - required=False, - ), - destination_port_multiple=dict( - type="list", elements="str", required=False - ), - destination_port_list_id=dict(type="int", required=False), - destination_port_not=dict(type="bool", elements="int", required=False), - any_flags=dict(type="bool", required=False), - log_disabled=dict(type="bool", required=False), - include_packet_data=dict(type="bool", required=False), - alert_enabled=dict(type="bool", required=False), - context_id=dict(type="int", required=False), - tcpflags=dict( - type="list", - elements="str", - choices=["fin", "syn", "rst", "psh", "ack", "urg"], - required=False, - ), - tcpnot=dict(type="bool", required=False), - icmptype=dict(type="int", required=False), - icmpcode=dict(type="int", required=False), - icmpnot=dict(type="bool", required=False), - ) - - api_object = "/api/firewallrules" - api_return = "firewallRules" - - module = AnsibleModule(argument_spec=argspec, supports_check_mode=True) - deepsec_request = DeepSecurityRequest(module) - want = map_params_to_obj(remove_empties(module.params)) - - search_existing_firewallrules = check_if_config_exists( - deepsec_request, want["name"], api_object.split("/")[2], api_return - ) - - if ( - "ID" in search_existing_firewallrules - and module.params["state"] == "absent" - ): - delete_config_with_id( - module, - deepsec_request, - api_object.split("/")[2], - search_existing_firewallrules["ID"], - api_return, - ) - elif ( - "ID" not in search_existing_firewallrules - and module.params["state"] == "absent" - ): - module.exit_json(changed=False) - else: - firewallrules = deepsec_request.post( - "{0}".format(api_object), data=want - ) - if "ID" in search_existing_firewallrules: - module.exit_json( - firewallrules=search_existing_firewallrules, changed=False - ) - elif firewallrules.get("message"): - module.fail_json(msg=firewallrules["message"]) - else: - module.exit_json(firewallrules=firewallrules, changed=True) - module.exit_json(changed=False) - - -if __name__ == "__main__": - main() diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..fa4225f --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,7 @@ +[tool.black] +line-length = 100 + +[tool.pytest.ini_options] +addopts = ["-vvv", "-n", "2", "--log-level", "WARNING", "--color", "yes"] +testpaths = ["tests"] +filterwarnings = ['ignore:AnsibleCollectionFinder has already been configured'] diff --git a/requirements.txt b/requirements.txt index dc22a14..e69de29 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +0,0 @@ -ansible -paramiko \ No newline at end of file diff --git a/test-requirements.txt b/test-requirements.txt index ee26260..94ff7c9 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,5 +1,9 @@ -black==19.3b0 ; python_version > '3.5' +# For ansible-tox-linters +black==23.3.0 ; python_version >= '3.7' flake8 -mock +yamllint + +# Unit test runner +pytest-ansible ; python_version >= '3.9' +git+https://github.com/ansible-community/pytest-ansible-units.git ; python_version < '3.9' pytest-xdist -coverage==4.5.4 \ No newline at end of file diff --git a/tests/integration/network-integration.cfg b/tests/integration/network-integration.cfg new file mode 100644 index 0000000..d12c1ef --- /dev/null +++ b/tests/integration/network-integration.cfg @@ -0,0 +1,4 @@ +[persistent_connection] +command_timeout = 100 +connect_timeout = 100 +connect_retry_timeout = 100 diff --git a/tests/integration/target-prefixes.network b/tests/integration/target-prefixes.network new file mode 100644 index 0000000..2778237 --- /dev/null +++ b/tests/integration/target-prefixes.network @@ -0,0 +1 @@ +deepsec diff --git a/tests/integration/targets/deepsec_anti_malware/defaults/main.yaml b/tests/integration/targets/deepsec_anti_malware/defaults/main.yaml new file mode 100644 index 0000000..10c0fab --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malware/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/tests/integration/targets/deepsec_anti_malware/meta/main.yaml b/tests/integration/targets/deepsec_anti_malware/meta/main.yaml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malware/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/deepsec_anti_malware/tasks/cli.yaml b/tests/integration/targets/deepsec_anti_malware/tasks/cli.yaml new file mode 100644 index 0000000..63f37af --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malware/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_anti_malware/tasks/main.yaml b/tests/integration/targets/deepsec_anti_malware/tasks/main.yaml new file mode 100644 index 0000000..ead62aa --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malware/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Invoke cli tests + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Invoke conditional tests + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/tests/integration/targets/deepsec_anti_malware/tasks/redirection.yaml b/tests/integration/targets/deepsec_anti_malware/tasks/redirection.yaml new file mode 100644 index 0000000..34256a6 --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malware/tasks/redirection.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_anti_malware/tests/cli/basic.yaml b/tests/integration/targets/deepsec_anti_malware/tests/cli/basic.yaml new file mode 100644 index 0000000..3d97cfe --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malware/tests/cli/basic.yaml @@ -0,0 +1,92 @@ +--- +- debug: msg="START cli/basic.yaml" + +- block: + - name: Configure AntiMalware config + register: result + trendmicro.deepsec.deepsec_anti_malware: &id001 + name: test_malware_1 + description: test malware config + scan_action_for_virus: pass + alert_enabled: true + scan_type: real-time + real_time_scan: read-write + cpu_usage: low + state: present + + - name: Assert data + ansible.builtin.assert: + that: + - result.changed == true + + - name: Configure AntiMalware config (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_anti_malware: *id001 + + - name: Assert data (IDEMPOTENT) + ansible.builtin.assert: + that: + - result.changed == false + + - name: Should not match for test_malware_1 + register: result + trendmicro.deepsec.deepsec_anti_malware: + name: test_malware_2 + description: test new malware config + scan_action_for_virus: pass + alert_enabled: true + scan_type: real-time + real_time_scan: read-write + cpu_usage: low + state: present + + - name: Assert data + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown + register: result + trendmicro.deepsec.deepsec_anti_malware: + state: absent + name: test_malware_1 + + - name: Assert data + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown + register: result + trendmicro.deepsec.deepsec_anti_malware: + state: absent + name: test_malware_2 + + - name: Assert data + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown idempotency check + register: result + trendmicro.deepsec.deepsec_anti_malware: + state: absent + name: test_malware_1 + + - name: Assert data + ansible.builtin.assert: + that: + - result.changed == false + + always: + - name: teardown test_malware_1 + trendmicro.deepsec.deepsec_anti_malware: + state: absent + name: test_malware_1 + + - name: teardown test_malware_2 + trendmicro.deepsec.deepsec_anti_malware: + state: absent + name: test_malware_2 + +- debug: msg="END cli/basic.yaml" diff --git a/tests/integration/targets/deepsec_anti_malwares/defaults/main.yaml b/tests/integration/targets/deepsec_anti_malwares/defaults/main.yaml new file mode 100644 index 0000000..5f709c5 --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malwares/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: "*" diff --git a/tests/integration/targets/deepsec_anti_malwares/meta/main.yaml b/tests/integration/targets/deepsec_anti_malwares/meta/main.yaml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malwares/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/deepsec_anti_malwares/tasks/cli.yaml b/tests/integration/targets/deepsec_anti_malwares/tasks/cli.yaml new file mode 100644 index 0000000..63f37af --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malwares/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_anti_malwares/tasks/main.yaml b/tests/integration/targets/deepsec_anti_malwares/tasks/main.yaml new file mode 100644 index 0000000..ead62aa --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malwares/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Invoke cli tests + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Invoke conditional tests + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/tests/integration/targets/deepsec_anti_malwares/tasks/redirection.yaml b/tests/integration/targets/deepsec_anti_malwares/tasks/redirection.yaml new file mode 100644 index 0000000..9172f30 --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malwares/tasks/redirection.yaml @@ -0,0 +1,6 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases diff --git a/tests/integration/targets/deepsec_anti_malwares/tests/cli/_populate_atm_config.yaml b/tests/integration/targets/deepsec_anti_malwares/tests/cli/_populate_atm_config.yaml new file mode 100644 index 0000000..203d505 --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malwares/tests/cli/_populate_atm_config.yaml @@ -0,0 +1,20 @@ +--- +- name: Populate AntiMalware Rules for tests + tags: merged + trendmicro.deepsec.deepsec_anti_malwares: &id001 + state: merged + config: + - name: test_malware_1 + description: test malware 1 description + scan_action_for_virus: pass + alert_enabled: true + scan_type: on-demand + real_time_scan: read-only + cpu_usage: medium + - name: test_malware_2 + description: test malware 2 description + scan_action_for_virus: pass + alert_enabled: true + scan_type: real-time + real_time_scan: read-write + cpu_usage: low diff --git a/tests/integration/targets/deepsec_anti_malwares/tests/cli/_remove_atm_config.yaml b/tests/integration/targets/deepsec_anti_malwares/tests/cli/_remove_atm_config.yaml new file mode 100644 index 0000000..df55b69 --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malwares/tests/cli/_remove_atm_config.yaml @@ -0,0 +1,7 @@ +--- +- name: Remove already configured AntiMalware Config by Name + trendmicro.deepsec.deepsec_anti_malwares: + state: deleted + config: + - name: test_malware_1 + - name: test_malware_2 diff --git a/tests/integration/targets/deepsec_anti_malwares/tests/cli/deleted.yaml b/tests/integration/targets/deepsec_anti_malwares/tests/cli/deleted.yaml new file mode 100644 index 0000000..57fbe9a --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malwares/tests/cli/deleted.yaml @@ -0,0 +1,39 @@ +--- +- name: Debug check + ansible.builtin.debug: + msg: + Start Deleted integration state for deepsec_anti_malwares ansible_connection={{ ansible_connection + }} + +- include_tasks: _remove_atm_config.yaml + +- include_tasks: _populate_atm_config.yaml + +- block: + - name: Delete attributes of provided configured AntiMalwares + register: result + trendmicro.deepsec.deepsec_anti_malwares: &id001 + config: + - name: test_malware_1 + - name: test_malware_2 + state: deleted + + - name: Assert output + ansible.builtin.assert: + that: + - result.changed == true + - "{{ merged['after'] | symmetric_difference(result['anti_malwares']['before']) |\ + \ length == 4 }}" + - merged['before'] == result['anti_malwares']['after'] + + - name: Delete attributes of all configured interfaces (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_anti_malwares: *id001 + + - name: Assert that the previous delete task was idempotent + ansible.builtin.assert: + that: + - result.changed == false + + always: + - include_tasks: _remove_atm_config.yaml diff --git a/tests/integration/targets/deepsec_anti_malwares/tests/cli/gathered.yaml b/tests/integration/targets/deepsec_anti_malwares/tests/cli/gathered.yaml new file mode 100644 index 0000000..b86bce9 --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malwares/tests/cli/gathered.yaml @@ -0,0 +1,28 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START deepsec_anti_malwares gathered integration tests on connection={{ ansible_connection + }} + +- include_tasks: _remove_atm_config.yaml + +- include_tasks: _populate_atm_config.yaml + +- block: + - name: Gather the provided configuration with the exisiting running configuration + register: result + trendmicro.deepsec.deepsec_anti_malwares: + config: + - name: test_malware_1 + - name: test_malware_2 + state: gathered + + - name: Assert Check + ansible.builtin.assert: + that: + - "{{ merged['after'] | symmetric_difference(result['gathered']) |\ + \ length == 4 }}" + - result['changed'] == false + always: + - include_tasks: _remove_atm_config.yaml diff --git a/tests/integration/targets/deepsec_anti_malwares/tests/cli/merged.yaml b/tests/integration/targets/deepsec_anti_malwares/tests/cli/merged.yaml new file mode 100644 index 0000000..fb9a410 --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malwares/tests/cli/merged.yaml @@ -0,0 +1,61 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START Merged deepsec_anti_malwares state for integration tests on connection={{ + ansible_connection }} + +- include_tasks: _remove_atm_config.yaml + +- block: + - name: Merge and Create new AntiMalware Rules + tags: merged + register: result + trendmicro.deepsec.deepsec_anti_malwares: &id001 + state: merged + config: + - name: test_malware_1 + description: test malware 1 description + scan_action_for_virus: pass + alert_enabled: true + scan_type: on-demand + real_time_scan: read-only + cpu_usage: medium + - name: test_malware_2 + description: test malware 2 description + scan_action_for_virus: pass + alert_enabled: true + scan_type: real-time + real_time_scan: read-write + cpu_usage: low + + - name: Debug Statement + ansible.builtin.debug: + msg: + - "{{ merged['after'] | symmetric_difference(result['anti_malwares']['after']) |\ + \ length }}" + - "{{ merged['after'] | symmetric_difference(result['anti_malwares']['after']) }}" + + - name: Assert that task reports change and after dict is correctly generated + ansible.builtin.assert: + that: + - result['changed'] == true + - "{{ merged['after'] | symmetric_difference(result['anti_malwares']['after']) |\ + \ length == 4 }}" + + - name: Assert that before dicts are correctly generated + ansible.builtin.assert: + that: + - merged['before'] == result['anti_malwares']['before'] + + - name: Merge provided configuration with device configuration (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_anti_malwares: *id001 + + - name: Assert that the previous task was idempotent + ansible.builtin.assert: + that: + - result['changed'] == false + + always: + - include_tasks: _remove_atm_config.yaml diff --git a/tests/integration/targets/deepsec_anti_malwares/tests/cli/replaced.yaml b/tests/integration/targets/deepsec_anti_malwares/tests/cli/replaced.yaml new file mode 100644 index 0000000..6cba94d --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malwares/tests/cli/replaced.yaml @@ -0,0 +1,47 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START Replaced deepsec_anti_malwares state for integration tests on connection={{ ansible_connection + }} + +- include_tasks: _remove_atm_config.yaml +- include_tasks: _populate_atm_config.yaml + +- block: + - name: Replace existing AntiMalware Rule + register: result + trendmicro.deepsec.deepsec_anti_malwares: &id001 + state: replaced + config: + - name: test_malware_2 + description: Replace test malware 2 description + scan_action_for_virus: quarantine + alert_enabled: true + files_to_scan: intelliscan-file-types + scan_type: real-time + real_time_scan: read-only + cpu_usage: medium + + - name: Asset task + ansible.builtin.assert: + that: + - result.changed == true + - "{{ replaced['before'] | symmetric_difference(result['anti_malwares']['before']) |\ + \ length == 2 }}" + - "{{ replaced['after'] | symmetric_difference(result['anti_malwares']['after']) |\ + \ length == 2 }}" + + - name: + Replaces device configuration of listed AntiMalware Rules with provided configuration + (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_anti_malwares: *id001 + + - name: Assert that task was idempotent + ansible.builtin.assert: + that: + - result['changed'] == false + + always: + - include_tasks: _remove_atm_config.yaml diff --git a/tests/integration/targets/deepsec_anti_malwares/tests/cli/rtt.yaml b/tests/integration/targets/deepsec_anti_malwares/tests/cli/rtt.yaml new file mode 100644 index 0000000..c9bec2b --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malwares/tests/cli/rtt.yaml @@ -0,0 +1,88 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START deepsec_anti_malwares round trip integration tests on connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_atm_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_atm_config.yaml + +- block: + - name: Apply the provided configuration (base config) + register: base_config + trendmicro.deepsec.deepsec_anti_malwares: &id001 + state: merged + config: + - name: test_malware_1 + description: test malware 1 description + scan_action_for_virus: pass + alert_enabled: true + scan_type: on-demand + real_time_scan: read-only + cpu_usage: medium + - name: test_malware_2 + description: test malware 2 description + scan_action_for_virus: pass + alert_enabled: true + scan_type: real-time + real_time_scan: read-write + cpu_usage: low + + - name: Gather TM AntiMalware Rule facts + register: gather_result + trendmicro.deepsec.deepsec_anti_malwares: + config: + - name: test_malware_1 + - name: test_malware_2 + state: gathered + + - name: Apply the configuration which need to be reverted + register: result + trendmicro.deepsec.deepsec_anti_malwares: + config: + - name: test_malware_2 + description: Replace test malware 2 description + scan_action_for_virus: quarantine + alert_enabled: true + files_to_scan: intelliscan-file-types + scan_type: real-time + real_time_scan: read-only + cpu_usage: medium + state: replaced + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + - "{{ replaced['before'] | symmetric_difference(result['anti_malwares']['before']) |\ + \ length == 2 }}" + - "{{ replaced['after'] | symmetric_difference(result['anti_malwares']['after']) |\ + \ length == 2 }}" + + - name: Revert back to base config using facts round trip + register: revert + trendmicro.deepsec.deepsec_anti_malwares: + config: "{{ gather_result['gathered'] }}" + state: replaced + + - name: Debug task + ansible.builtin.debug: + msg: + - "{{ merged['after'] | symmetric_difference(revert['anti_malwares']['after']) |\ + \ length == 4 }}" + - "{{ merged['after'] | symmetric_difference(revert['anti_malwares']['after']) }}" + + - name: Assert task + ansible.builtin.assert: + that: + - revert['changed'] == true + - "{{ merged['after'] | symmetric_difference(revert['anti_malwares']['after']) |\ + \ length == 4 }}" + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_atm_config.yaml diff --git a/tests/integration/targets/deepsec_anti_malwares/vars/main.yaml b/tests/integration/targets/deepsec_anti_malwares/vars/main.yaml new file mode 100644 index 0000000..87d17d2 --- /dev/null +++ b/tests/integration/targets/deepsec_anti_malwares/vars/main.yaml @@ -0,0 +1,87 @@ +--- +merged: + before: [] + + after: + - alert_enabled: true + cpu_usage: medium + custom_remediation_actions_enabled: false + description: "test malware 1 description" + directories_to_scan: all-directories + document_exploit_heuristic_level: default + document_exploit_protection: critical-only + document_exploit_protection_enabled: true + files_to_scan: all-files + microsoft_office_enabled: true + microsoft_office_layers: 3 + name: test_malware_1 + scan_compressed_enabled: false + scan_type: on-demand + spyware_enabled: true + - alert_enabled: true + amsi_scan_enabled: true + behavior_monitoring_enabled: false + custom_remediation_actions_enabled: false + description: "test malware 2 description" + directories_to_scan: all-directories + document_exploit_heuristic_level: default + document_exploit_protection: "critical-only" + document_exploit_protection_enabled: true + files_to_scan: all-files + intelli_trap_enabled: false + memory_scan_enabled: false + microsoft_office_enabled: true + microsoft_office_layers: 3 + name: test_malware_2 + network_directories_enabled: false + real_time_scan: read-only + scan_action_for_machine_learning: pass + scan_compressed_enabled: false + scan_type: real-time + spyware_enabled: true + +replaced: + before: + - alert_enabled: true + amsi_scan_enabled: true + behavior_monitoring_enabled: false + custom_remediation_actions_enabled: false + description: "test malware 2 description" + directories_to_scan: all-directories + document_exploit_heuristic_level: default + document_exploit_protection: "critical-only" + document_exploit_protection_enabled: true + files_to_scan: all-files + intelli_trap_enabled: false + memory_scan_enabled: false + microsoft_office_enabled: true + microsoft_office_layers: 3 + name: test_malware_2 + network_directories_enabled: false + real_time_scan: read-only + scan_action_for_machine_learning: pass + scan_compressed_enabled: false + scan_type: real-time + spyware_enabled: true + after: + - alert_enabled: true + amsi_scan_enabled: true + behavior_monitoring_enabled: false + custom_remediation_actions_enabled: false + description: "Replace test malware 2 description" + directories_to_scan: all-directories + document_exploit_heuristic_level: default + document_exploit_protection: "critical-only" + document_exploit_protection_enabled: true + files_to_scan: intelliscan-file-types + intelli_trap_enabled: false + memory_scan_enabled: false + microsoft_office_enabled: true + microsoft_office_layers: 3 + name: test_malware_2 + network_directories_enabled: false + real_time_scan: read-only + scan_action_for_machine_learning: pass + scan_compressed_enabled: false + scan_type: real-time + spyware_enabled: true diff --git a/tests/integration/targets/deepsec_apikey/defaults/main.yaml b/tests/integration/targets/deepsec_apikey/defaults/main.yaml new file mode 100644 index 0000000..10c0fab --- /dev/null +++ b/tests/integration/targets/deepsec_apikey/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/tests/integration/targets/deepsec_apikey/meta/main.yaml b/tests/integration/targets/deepsec_apikey/meta/main.yaml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/deepsec_apikey/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/deepsec_apikey/tasks/cli.yaml b/tests/integration/targets/deepsec_apikey/tasks/cli.yaml new file mode 100644 index 0000000..63f37af --- /dev/null +++ b/tests/integration/targets/deepsec_apikey/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_apikey/tasks/main.yaml b/tests/integration/targets/deepsec_apikey/tasks/main.yaml new file mode 100644 index 0000000..ead62aa --- /dev/null +++ b/tests/integration/targets/deepsec_apikey/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Invoke cli tests + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Invoke conditional tests + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/tests/integration/targets/deepsec_apikey/tasks/redirection.yaml b/tests/integration/targets/deepsec_apikey/tasks/redirection.yaml new file mode 100644 index 0000000..34256a6 --- /dev/null +++ b/tests/integration/targets/deepsec_apikey/tasks/redirection.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_apikey/tests/cli/basic.yaml b/tests/integration/targets/deepsec_apikey/tests/cli/basic.yaml new file mode 100644 index 0000000..8e7e9cb --- /dev/null +++ b/tests/integration/targets/deepsec_apikey/tests/cli/basic.yaml @@ -0,0 +1,86 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: "START cli/basic.yaml" + +- block: + - name: Create a API key by name + register: result + trendmicro.deepsec.deepsec_apikey: &id001 + state: present + api_keys: + - key_name: test_apiKeys_1 + description: test API keys 1 + active: true + role_id: 1 + locale: en-US + - key_name: test_apiKeys_2 + description: test API keys 2 + active: true + role_id: 1 + locale: en-US + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: Create a API key by name (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_apikey: *id001 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + - name: Gather API keys by Name + register: gather_result + trendmicro.deepsec.deepsec_apikey: + state: gathered + api_keys: + - key_name: test_apiKeys_1 + - key_name: test_apiKeys_2 + + - name: Assert task + ansible.builtin.assert: + that: + - gather_result.changed == false + - "{{ result['config']['api_keys'] == gather_result['gathered']['api_keys'] }}" + + - name: Teardown + register: result + trendmicro.deepsec.deepsec_apikey: + state: absent + api_keys: + - key_name: test_apiKeys_1 + - key_name: test_apiKeys_2 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: Teardown idempotency check + register: result + trendmicro.deepsec.deepsec_apikey: + state: absent + api_keys: + - key_name: test_apiKeys_1 + - key_name: test_apiKeys_2 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + always: + - name: Teardown test_apiKeys + trendmicro.deepsec.deepsec_apikey: + state: absent + api_keys: + - key_name: test_apiKeys_1 + - key_name: test_apiKeys_2 + +- name: Debug Statement + ansible.builtin.debug: + msg: "END cli/basic.yaml" diff --git a/tests/integration/targets/deepsec_firewall_rules/defaults/main.yaml b/tests/integration/targets/deepsec_firewall_rules/defaults/main.yaml new file mode 100644 index 0000000..10c0fab --- /dev/null +++ b/tests/integration/targets/deepsec_firewall_rules/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/tests/integration/targets/deepsec_firewall_rules/meta/main.yaml b/tests/integration/targets/deepsec_firewall_rules/meta/main.yaml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/deepsec_firewall_rules/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/deepsec_firewall_rules/tasks/cli.yaml b/tests/integration/targets/deepsec_firewall_rules/tasks/cli.yaml new file mode 100644 index 0000000..63f37af --- /dev/null +++ b/tests/integration/targets/deepsec_firewall_rules/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_firewall_rules/tasks/main.yaml b/tests/integration/targets/deepsec_firewall_rules/tasks/main.yaml new file mode 100644 index 0000000..ead62aa --- /dev/null +++ b/tests/integration/targets/deepsec_firewall_rules/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Invoke cli tests + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Invoke conditional tests + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/tests/integration/targets/deepsec_firewall_rules/tasks/redirection.yaml b/tests/integration/targets/deepsec_firewall_rules/tasks/redirection.yaml new file mode 100644 index 0000000..9172f30 --- /dev/null +++ b/tests/integration/targets/deepsec_firewall_rules/tasks/redirection.yaml @@ -0,0 +1,6 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases diff --git a/tests/integration/targets/deepsec_firewall_rules/tests/cli/_populate_fwr_config.yaml b/tests/integration/targets/deepsec_firewall_rules/tests/cli/_populate_fwr_config.yaml new file mode 100644 index 0000000..f85d281 --- /dev/null +++ b/tests/integration/targets/deepsec_firewall_rules/tests/cli/_populate_fwr_config.yaml @@ -0,0 +1,25 @@ +--- +- name: Populate Firewall Rules for tests + tags: merged + trendmicro.deepsec.deepsec_firewall_rules: &id001 + state: merged + config: + - name: test_firewallrule_1 + description: incoming firewall 1 rule description + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: incoming + protocol: tcp + log_disabled: true + - name: test_firewallrule_2 + description: incoming firewall 2 rule description + action: deny + priority: 0 + source_iptype: any + source_ipnot: false + source_port_type: any + destination_iptype: any + direction: incoming + protocol: tcp diff --git a/tests/integration/targets/deepsec_firewall_rules/tests/cli/_remove_fwr_config.yaml b/tests/integration/targets/deepsec_firewall_rules/tests/cli/_remove_fwr_config.yaml new file mode 100644 index 0000000..4b6144c --- /dev/null +++ b/tests/integration/targets/deepsec_firewall_rules/tests/cli/_remove_fwr_config.yaml @@ -0,0 +1,7 @@ +--- +- name: Remove already configured Firewall Rules Config by Name + trendmicro.deepsec.deepsec_firewall_rules: + state: deleted + config: + - name: test_firewallrule_1 + - name: test_firewallrule_2 diff --git a/tests/integration/targets/deepsec_firewall_rules/tests/cli/deleted.yaml b/tests/integration/targets/deepsec_firewall_rules/tests/cli/deleted.yaml new file mode 100644 index 0000000..d51d474 --- /dev/null +++ b/tests/integration/targets/deepsec_firewall_rules/tests/cli/deleted.yaml @@ -0,0 +1,38 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + Start Deleted integration state for deepsec_firewall_rules ansible_connection={{ ansible_connection + }} + +- include_tasks: _remove_fwr_config.yaml +- include_tasks: _populate_fwr_config.yaml + +- block: + - name: Delete attributes of provided configured Firewall Rules + register: result + trendmicro.deepsec.deepsec_firewall_rules: &id001 + config: + - name: test_firewallrule_1 + - name: test_firewallrule_2 + state: deleted + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + - "{{ merged['after'] | symmetric_difference(result['firewall_rules']['before']) |\ + \ length == 4 }}" + - merged['before'] == result['firewall_rules']['after'] + + - name: Delete attributes of all Firewall Rules (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_firewall_rules: *id001 + + - name: Assert that the previous delete task was idempotent + ansible.builtin.assert: + that: + - result.changed == false + + always: + - ansible.builtin.include_tasks: _remove_fwr_config.yaml diff --git a/tests/integration/targets/deepsec_firewall_rules/tests/cli/gathered.yaml b/tests/integration/targets/deepsec_firewall_rules/tests/cli/gathered.yaml new file mode 100644 index 0000000..593bda9 --- /dev/null +++ b/tests/integration/targets/deepsec_firewall_rules/tests/cli/gathered.yaml @@ -0,0 +1,31 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START deepsec_firewall_rules gathered integration tests on connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_fwr_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_fwr_config.yaml + +- block: + - name: Gather the provided configuration with the exisiting running configuration + register: result + trendmicro.deepsec.deepsec_firewall_rules: + config: + - name: test_firewallrule_1 + - name: test_firewallrule_2 + state: gathered + + - name: Assert task + ansible.builtin.assert: + that: + - "{{ merged['after'] | symmetric_difference(result['gathered']) |\ + \ length == 4 }}" + - result['changed'] == false + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_fwr_config.yaml diff --git a/tests/integration/targets/deepsec_firewall_rules/tests/cli/merged.yaml b/tests/integration/targets/deepsec_firewall_rules/tests/cli/merged.yaml new file mode 100644 index 0000000..e2da53a --- /dev/null +++ b/tests/integration/targets/deepsec_firewall_rules/tests/cli/merged.yaml @@ -0,0 +1,61 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START Merged deepsec_firewall_rules state for integration tests on connection={{ + ansible_connection }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_fwr_config.yaml + +- block: + - name: Merge and Create new Firewall Rules + tags: merged + register: result + trendmicro.deepsec.deepsec_firewall_rules: &id001 + state: merged + config: + - name: test_firewallrule_1 + description: incoming firewall 1 rule description + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: incoming + protocol: tcp + log_disabled: true + - name: test_firewallrule_2 + description: incoming firewall 2 rule description + action: deny + priority: 0 + source_iptype: any + source_ipnot: false + source_port_type: any + destination_iptype: any + direction: incoming + protocol: tcp + + - name: Assert that task reports change and after dict is correctly generated + ansible.builtin.assert: + that: + - result['changed'] == true + - "{{ merged['after'] | symmetric_difference(result['firewall_rules']['after']) |\ + \ length == 4 }}" + + - name: Assert that before dicts are correctly generated + ansible.builtin.assert: + that: + - merged['before'] == result['firewall_rules']['before'] + + - name: Merge provided configuration with device configuration (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_firewall_rules: *id001 + + - name: Assert that the previous task was idempotent + ansible.builtin.assert: + that: + - result['changed'] == false + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_fwr_config.yaml diff --git a/tests/integration/targets/deepsec_firewall_rules/tests/cli/replaced.yaml b/tests/integration/targets/deepsec_firewall_rules/tests/cli/replaced.yaml new file mode 100644 index 0000000..206ca88 --- /dev/null +++ b/tests/integration/targets/deepsec_firewall_rules/tests/cli/replaced.yaml @@ -0,0 +1,51 @@ +--- +- debug: + msg: + START Replaced deepsec_firewall_rules state for integration tests on connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_fwr_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_fwr_config.yaml + +- block: + - name: Replace existing Firewall Rules + register: result + trendmicro.deepsec.deepsec_firewall_rules: &id001 + state: replaced + config: + - name: test_firewallrule_1 + description: outgoing firewall 1 replaced rule + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: outgoing + protocol: any + log_disabled: true + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + - "{{ replaced['before'] | symmetric_difference(result['firewall_rules']['before']) |\ + \ length == 2 }}" + - "{{ replaced['after'] | symmetric_difference(result['firewall_rules']['after']) |\ + \ length == 2 }}" + + - name: + Replaces device configuration of Firewall Rule with provided configuration + (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_firewall_rules: *id001 + + - name: Assert that task was idempotent + ansible.builtin.assert: + that: + - result['changed'] == false + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_fwr_config.yaml diff --git a/tests/integration/targets/deepsec_firewall_rules/tests/cli/rtt.yaml b/tests/integration/targets/deepsec_firewall_rules/tests/cli/rtt.yaml new file mode 100644 index 0000000..dd5d510 --- /dev/null +++ b/tests/integration/targets/deepsec_firewall_rules/tests/cli/rtt.yaml @@ -0,0 +1,94 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START deepsec_firewall_rules round trip integration tests on connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_fwr_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_fwr_config.yaml + +- block: + - name: Apply the provided configuration (base config) + register: base_config + trendmicro.deepsec.deepsec_firewall_rules: &id001 + state: merged + config: + - name: test_firewallrule_1 + description: incoming firewall 1 rule description + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: incoming + protocol: tcp + log_disabled: true + - name: test_firewallrule_2 + description: incoming firewall 2 rule description + action: deny + priority: 0 + source_iptype: any + source_ipnot: false + source_port_type: any + destination_iptype: any + direction: incoming + protocol: tcp + + - name: Gather TM Firewall Rules facts + register: gather_result + trendmicro.deepsec.deepsec_firewall_rules: + config: + - name: test_firewallrule_1 + - name: test_firewallrule_2 + state: gathered + + - name: Apply the configuration which need to be reverted + register: result + trendmicro.deepsec.deepsec_firewall_rules: + config: + - name: test_firewallrule_1 + description: outgoing firewall 1 replaced rule + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: outgoing + protocol: any + log_disabled: true + state: replaced + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + - "{{ replaced['before'] | symmetric_difference(result['firewall_rules']['before']) |\ + \ length == 2 }}" + - "{{ replaced['after'] | symmetric_difference(result['firewall_rules']['after']) |\ + \ length == 2 }}" + + - name: Revert back to base config using facts round trip + register: revert + trendmicro.deepsec.deepsec_firewall_rules: + config: "{{ gather_result['gathered'] }}" + state: replaced + + - name: Debug task + ansible.builtin.debug: + msg: + - "{{ merged['after'] | symmetric_difference(revert['firewall_rules']['after']) |\ + \ length == 4 }}" + - "{{ merged['after'] | symmetric_difference(revert['firewall_rules']['after']) }}" + + - name: Assert task + ansible.builtin.assert: + that: + - revert['changed'] == true + - "{{ merged['after'] | symmetric_difference(revert['firewall_rules']['after']) |\ + \ length == 4 }}" + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_fwr_config.yaml diff --git a/tests/integration/targets/deepsec_firewall_rules/vars/main.yaml b/tests/integration/targets/deepsec_firewall_rules/vars/main.yaml new file mode 100644 index 0000000..93f20ad --- /dev/null +++ b/tests/integration/targets/deepsec_firewall_rules/vars/main.yaml @@ -0,0 +1,113 @@ +--- +merged: + before: [] + + after: + - action: deny + alert_enabled: false + any_flags: true + description: "incoming firewall 1 rule description" + destination_ipnot: false + destination_iptype: any + destination_macnot: false + destination_mactype: any + destination_port_not: false + destination_port_type: any + direction: incoming + frame_not: false + frame_number: 2048 + frame_type: ip + include_packet_data: false + log_disabled: true + name: test_firewallrule_1 + priority: "0" + protocol: tcp + protocol_not: false + source_ipnot: false + source_iptype: any + source_macnot: false + source_mactype: any + source_port_not: false + source_port_type: any + - action: deny + alert_enabled: false + any_flags: true + description: "incoming firewall 2 rule description" + destination_ipnot: false + destination_iptype: any + destination_macnot: false + destination_mactype: any + destination_port_not: false + destination_port_type: any + direction: incoming + frame_not: false + frame_number: 2048 + frame_type: ip + include_packet_data: false + log_disabled: false + name: test_firewallrule_2 + priority: "0" + protocol: tcp + protocol_not: false + source_ipnot: false + source_iptype: any + source_macnot: false + source_mactype: any + source_port_not: false + source_port_type: any + +replaced: + before: + - action: deny + alert_enabled: false + any_flags: true + description: "incoming firewall 1 rule description" + destination_ipnot: false + destination_iptype: any + destination_macnot: false + destination_mactype: any + destination_port_not: false + destination_port_type: any + direction: incoming + frame_not: false + frame_number: 2048 + frame_type: ip + include_packet_data: false + log_disabled: true + name: test_firewallrule_1 + priority: "0" + protocol: tcp + protocol_not: false + source_ipnot: false + source_iptype: any + source_macnot: false + source_mactype: any + source_port_not: false + source_port_type: any + after: + - action: deny + alert_enabled: false + any_flags: true + description: "outgoing firewall 1 replaced rule" + destination_ipnot: false + destination_iptype: any + destination_macnot: false + destination_mactype: any + destination_port_not: false + destination_port_type: any + direction: outgoing + frame_not: false + frame_number: 2048 + frame_type: ip + include_packet_data: false + log_disabled: true + name: test_firewallrule_1 + priority: "0" + protocol: any + protocol_not: false + source_ipnot: false + source_iptype: any + source_macnot: false + source_mactype: any + source_port_not: false + source_port_type: any diff --git a/tests/integration/targets/deepsec_firewallrules/defaults/main.yaml b/tests/integration/targets/deepsec_firewallrules/defaults/main.yaml new file mode 100644 index 0000000..10c0fab --- /dev/null +++ b/tests/integration/targets/deepsec_firewallrules/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/tests/integration/targets/deepsec_firewallrules/meta/main.yaml b/tests/integration/targets/deepsec_firewallrules/meta/main.yaml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/deepsec_firewallrules/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/deepsec_firewallrules/tasks/cli.yaml b/tests/integration/targets/deepsec_firewallrules/tasks/cli.yaml new file mode 100644 index 0000000..63f37af --- /dev/null +++ b/tests/integration/targets/deepsec_firewallrules/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_firewallrules/tasks/main.yaml b/tests/integration/targets/deepsec_firewallrules/tasks/main.yaml new file mode 100644 index 0000000..ead62aa --- /dev/null +++ b/tests/integration/targets/deepsec_firewallrules/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Invoke cli tests + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Invoke conditional tests + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/tests/integration/targets/deepsec_firewallrules/tasks/redirection.yaml b/tests/integration/targets/deepsec_firewallrules/tasks/redirection.yaml new file mode 100644 index 0000000..34256a6 --- /dev/null +++ b/tests/integration/targets/deepsec_firewallrules/tasks/redirection.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_firewallrules/tests/cli/basic.yaml b/tests/integration/targets/deepsec_firewallrules/tests/cli/basic.yaml new file mode 100644 index 0000000..1f1a256 --- /dev/null +++ b/tests/integration/targets/deepsec_firewallrules/tests/cli/basic.yaml @@ -0,0 +1,102 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: "START cli/basic.yaml" + +- block: + - name: Configure Firewall rules config + register: result + trendmicro.deepsec.deepsec_firewallrules: &id001 + state: present + name: TEST_FIREWALLRULES_1 + description: test firewall description + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: incoming + protocol: tcp + tcpflags: + - syn + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: Configure Firewall rules config (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_firewallrules: *id001 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + - name: Should not match for TEST_FIREWALLRULES_1 + register: result + trendmicro.deepsec.deepsec_firewallrules: + state: present + name: TEST_FIREWALLRULES_2 + description: test firewall description + action: deny + priority: 0 + source_iptype: any + destination_iptype: any + direction: incoming + protocol: tcp + tcpflags: + - syn + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown + register: result + trendmicro.deepsec.deepsec_firewallrules: + state: absent + name: TEST_FIREWALLRULES_1 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown + register: results + trendmicro.deepsec.deepsec_firewallrules: + state: absent + name: TEST_FIREWALLRULES_2 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown idempotency check + register: result + trendmicro.deepsec.deepsec_firewallrules: + state: absent + name: TEST_FIREWALLRULES_1 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + always: + - name: Teardown + trendmicro.deepsec.deepsec_firewallrules: + state: absent + name: TEST_FIREWALLRULES_1 + + - name: Teardown + trendmicro.deepsec.deepsec_firewallrules: + state: absent + name: TEST_FIREWALLRULES_2 + +- name: Debug task + ansible.builtin.debug: + msg: "END cli/full_name_match.yaml" diff --git a/tests/integration/targets/deepsec_integrity_monitoring_rules/defaults/main.yaml b/tests/integration/targets/deepsec_integrity_monitoring_rules/defaults/main.yaml new file mode 100644 index 0000000..10c0fab --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoring_rules/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/tests/integration/targets/deepsec_integrity_monitoring_rules/meta/main.yaml b/tests/integration/targets/deepsec_integrity_monitoring_rules/meta/main.yaml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoring_rules/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/deepsec_integrity_monitoring_rules/tasks/cli.yaml b/tests/integration/targets/deepsec_integrity_monitoring_rules/tasks/cli.yaml new file mode 100644 index 0000000..63f37af --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoring_rules/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_integrity_monitoring_rules/tasks/main.yaml b/tests/integration/targets/deepsec_integrity_monitoring_rules/tasks/main.yaml new file mode 100644 index 0000000..ead62aa --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoring_rules/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Invoke cli tests + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Invoke conditional tests + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/tests/integration/targets/deepsec_integrity_monitoring_rules/tasks/redirection.yaml b/tests/integration/targets/deepsec_integrity_monitoring_rules/tasks/redirection.yaml new file mode 100644 index 0000000..9172f30 --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoring_rules/tasks/redirection.yaml @@ -0,0 +1,6 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases diff --git a/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/_populate_imr_config.yaml b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/_populate_imr_config.yaml new file mode 100644 index 0000000..68d9a87 --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/_populate_imr_config.yaml @@ -0,0 +1,23 @@ +--- +- name: Populate Integrity Monitoring Rules for tests + tags: merged + trendmicro.deepsec.deepsec_integrity_monitoring_rules: &id001 + state: merged + config: + - name: THIS IS TEST IMR - 1 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 1 + real_time_monitoring_enabled: true + registry_included_values: + - test_1 + - test_2 + severity: medium + template: registry + - name: THIS IS TEST IMR - 2 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 2 + real_time_monitoring_enabled: true + registry_attributes: + - test + severity: low + template: registry diff --git a/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/_remove_imr_config.yaml b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/_remove_imr_config.yaml new file mode 100644 index 0000000..c684616 --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/_remove_imr_config.yaml @@ -0,0 +1,7 @@ +--- +- name: Remove already configured IMR Config by Name + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + state: deleted + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 diff --git a/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/deleted.yaml b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/deleted.yaml new file mode 100644 index 0000000..71c2aeb --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/deleted.yaml @@ -0,0 +1,42 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + Start Deleted integration state for deepsec_integrity_monitoring_rules ansible_connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_imr_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_imr_config.yaml + +- block: + - name: Delete attributes of provided configured IMRs + register: result + trendmicro.deepsec.deepsec_integrity_monitoring_rules: &id001 + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 + state: deleted + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + - "{{ merged['after'] | symmetric_difference(result['integrity_monitoring_rules']['before']) |\ + \ length == 4 }}" + - merged['before'] == result['integrity_monitoring_rules']['after'] + + - name: Delete attributes of all configured interfaces (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_integrity_monitoring_rules: *id001 + + - name: Assert that the previous delete task was idempotent + ansible.builtin.assert: + that: + - result.changed == false + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_imr_config.yaml diff --git a/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/gathered.yaml b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/gathered.yaml new file mode 100644 index 0000000..03c6f33 --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/gathered.yaml @@ -0,0 +1,32 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START deepsec_integrity_monitoring_rules gathered integration tests on connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_imr_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_imr_config.yaml + +- block: + - name: Gather the provided configuration with the exisiting running configuration + register: result + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 + state: gathered + + - name: Assert task + ansible.builtin.assert: + that: + - "{{ merged['after'] | symmetric_difference(result['gathered']) |\ + \ length == 4 }}" + - result['changed'] == false + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_imr_config.yaml diff --git a/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/merged.yaml b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/merged.yaml new file mode 100644 index 0000000..f3fd854 --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/merged.yaml @@ -0,0 +1,59 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START Merged deepsec_integrity_monitoring_rules state for integration tests on connection={{ + ansible_connection }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_imr_config.yaml + +- block: + - name: Merge and Create new Integrity Monitoring Rules + tags: merged + register: result + trendmicro.deepsec.deepsec_integrity_monitoring_rules: &id001 + state: merged + config: + - name: THIS IS TEST IMR - 1 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 1 + real_time_monitoring_enabled: true + registry_included_values: + - test_1 + - test_2 + severity: medium + template: registry + - name: THIS IS TEST IMR - 2 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 2 + real_time_monitoring_enabled: true + registry_attributes: + - test + severity: low + template: registry + + - name: Assert that task reports change and after dict is correctly generated + ansible.builtin.assert: + that: + - result['changed'] == true + - "{{ merged['after'] | symmetric_difference(result['integrity_monitoring_rules']['after']) |\ + \ length == 4 }}" + + - name: Assert that before dicts are correctly generated + ansible.builtin.assert: + that: + - merged['before'] == result['integrity_monitoring_rules']['before'] + + - name: Merge provided configuration with device configuration (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_integrity_monitoring_rules: *id001 + + - name: Assert that the previous task was idempotent + ansible.builtin.assert: + that: + - result['changed'] == false + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_imr_config.yaml diff --git a/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/replaced.yaml b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/replaced.yaml new file mode 100644 index 0000000..7309cd6 --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/replaced.yaml @@ -0,0 +1,52 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START Replaced deepsec_integrity_monitoring_rules state for integration tests on connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_imr_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_imr_config.yaml + +- block: + - name: Replace existing Integrity Monitoring Rules + register: result + trendmicro.deepsec.deepsec_integrity_monitoring_rules: &id001 + state: replaced + config: + - name: THIS IS TEST IMR - 1 + alert_enabled: false + description: THIS IS REPLACED TEST IMR DESCRIPTION - 1 + real_time_monitoring_enabled: true + registry_included_values: + - test_3 + - test_4 + severity: low + template: registry + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + - "{{ replaced['before'] | symmetric_difference(result['integrity_monitoring_rules']['before']) |\ + \ length == 2 }}" + - "{{ replaced['after'] | symmetric_difference(result['integrity_monitoring_rules']['after']) |\ + \ length == 2 }}" + + - name: + Replaces device configuration of listed interfaces with provided configuration + (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_integrity_monitoring_rules: *id001 + + - name: Assert that task was idempotent + ansible.builtin.assert: + that: + - result['changed'] == false + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_imr_config.yaml diff --git a/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/rtt.yaml b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/rtt.yaml new file mode 100644 index 0000000..6337c5c --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoring_rules/tests/cli/rtt.yaml @@ -0,0 +1,85 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START deepsec_integrity_monitoring_rules round trip integration tests on connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_imr_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_imr_config.yaml + +- block: + - name: Apply the provided configuration (base config) + register: base_config + trendmicro.deepsec.deepsec_integrity_monitoring_rules: &id001 + state: merged + config: + - name: THIS IS TEST IMR - 1 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 1 + real_time_monitoring_enabled: true + registry_included_values: + - test_1 + - test_2 + severity: medium + template: registry + - name: THIS IS TEST IMR - 2 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 2 + real_time_monitoring_enabled: true + registry_attributes: + - test + severity: low + template: registry + + - name: Gather TM IMR facts + register: gather_result + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 + state: gathered + + - name: Apply the configuration which need to be reverted + register: result + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + config: + - name: THIS IS TEST IMR - 1 + alert_enabled: false + description: THIS IS REPLACED TEST IMR DESCRIPTION - 1 + real_time_monitoring_enabled: true + registry_included_values: + - test_3 + - test_4 + severity: low + template: registry + state: replaced + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + - "{{ replaced['before'] | symmetric_difference(result['integrity_monitoring_rules']['before']) |\ + \ length == 2 }}" + - "{{ replaced['after'] | symmetric_difference(result['integrity_monitoring_rules']['after']) |\ + \ length == 2 }}" + + - name: Revert back to base config using facts round trip + register: revert + trendmicro.deepsec.deepsec_integrity_monitoring_rules: + config: "{{ gather_result['gathered'] }}" + state: replaced + + - name: Assert task + ansible.builtin.assert: + that: + - revert['changed'] == true + - "{{ merged['after'] | symmetric_difference(revert['integrity_monitoring_rules']['after']) |\ + \ length == 4 }}" + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_imr_config.yaml diff --git a/tests/integration/targets/deepsec_integrity_monitoring_rules/vars/main.yaml b/tests/integration/targets/deepsec_integrity_monitoring_rules/vars/main.yaml new file mode 100644 index 0000000..9ba757d --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoring_rules/vars/main.yaml @@ -0,0 +1,84 @@ +--- +merged: + before: [] + + after: + - alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 1 + minimum_agent_version: 6.0.0.0 + minimum_manager_version: 6.0.0 + name: THIS IS TEST IMR - 1 + real_time_monitoring_enabled: true + registry_attributes: + - STANDARD + registry_excluded_values: + - "" + registry_include_default_value: true + registry_include_sub_keys: false + registry_included_values: + - test_1 + - test_2 + registry_key_root: HKEY_CLASSES_ROOT + registry_key_value: \\ + severity: medium + template: registry + - alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 2 + minimum_agent_version: 6.0.0.0 + minimum_manager_version: 6.0.0 + name: THIS IS TEST IMR - 2 + real_time_monitoring_enabled: true + registry_attributes: + - test + registry_excluded_values: + - "" + registry_include_default_value: true + registry_include_sub_keys: false + registry_included_values: + - "" + registry_key_root: HKEY_CLASSES_ROOT + registry_key_value: \\ + severity: low + template: registry + +replaced: + before: + - alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 1 + minimum_agent_version: 6.0.0.0 + minimum_manager_version: 6.0.0 + name: THIS IS TEST IMR - 1 + real_time_monitoring_enabled: true + registry_attributes: + - STANDARD + registry_excluded_values: + - "" + registry_include_default_value: true + registry_include_sub_keys: false + registry_included_values: + - test_1 + - test_2 + registry_key_root: HKEY_CLASSES_ROOT + registry_key_value: \\ + severity: medium + template: registry + after: + - alert_enabled: false + description: THIS IS REPLACED TEST IMR DESCRIPTION - 1 + minimum_agent_version: 6.0.0.0 + minimum_manager_version: 6.0.0 + name: THIS IS TEST IMR - 1 + real_time_monitoring_enabled: true + registry_attributes: + - STANDARD + registry_excluded_values: + - "" + registry_include_default_value: true + registry_include_sub_keys: false + registry_included_values: + - test_3 + - test_4 + registry_key_root: HKEY_CLASSES_ROOT + registry_key_value: \\ + severity: low + template: registry diff --git a/tests/integration/targets/deepsec_integrity_monitoringrules/defaults/main.yaml b/tests/integration/targets/deepsec_integrity_monitoringrules/defaults/main.yaml new file mode 100644 index 0000000..10c0fab --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoringrules/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/tests/integration/targets/deepsec_integrity_monitoringrules/meta/main.yaml b/tests/integration/targets/deepsec_integrity_monitoringrules/meta/main.yaml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoringrules/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/deepsec_integrity_monitoringrules/tasks/cli.yaml b/tests/integration/targets/deepsec_integrity_monitoringrules/tasks/cli.yaml new file mode 100644 index 0000000..63f37af --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoringrules/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_integrity_monitoringrules/tasks/main.yaml b/tests/integration/targets/deepsec_integrity_monitoringrules/tasks/main.yaml new file mode 100644 index 0000000..ead62aa --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoringrules/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Invoke cli tests + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Invoke conditional tests + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/tests/integration/targets/deepsec_integrity_monitoringrules/tasks/redirection.yaml b/tests/integration/targets/deepsec_integrity_monitoringrules/tasks/redirection.yaml new file mode 100644 index 0000000..34256a6 --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoringrules/tasks/redirection.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_integrity_monitoringrules/tests/cli/basic.yaml b/tests/integration/targets/deepsec_integrity_monitoringrules/tests/cli/basic.yaml new file mode 100644 index 0000000..84ba3f4 --- /dev/null +++ b/tests/integration/targets/deepsec_integrity_monitoringrules/tests/cli/basic.yaml @@ -0,0 +1,145 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: "START cli/basic.yaml" + +- block: + - name: Create and Configure Integrity Monitoring Rules + register: result + trendmicro.deepsec.deepsec_integrity_monitoringrules: &id001 + state: present + config: + - name: THIS IS TEST IMR - 1 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 1 + real_time_monitoring_enabled: true + registry_included_values: + - test_1 + - test_2 + severity: medium + template: registry + - name: THIS IS TEST IMR - 2 + alert_enabled: false + description: THIS IS TEST IMR DESCRIPTION - 2 + real_time_monitoring_enabled: true + registry_attributes: + - test + severity: low + template: registry + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: Create and Configure Integrity Monitoring Rules (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_integrity_monitoringrules: *id001 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + - name: Gather Integrity Monitoring Rules + register: gather_result + trendmicro.deepsec.deepsec_integrity_monitoringrules: + state: gathered + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 + + - name: Assert task + ansible.builtin.assert: + that: + - gather_result.changed == false + - "{{ result['integrity_monitoringrules']['before'] == gather_result['gathered'] }}" + + - name: teardown + register: result + trendmicro.deepsec.deepsec_integrity_monitoringrules: &id002 + state: absent + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown idempotency check (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_integrity_monitoringrules: *id002 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + - name: Apply the gathered Integrity Monitoring Rules for verifying RTT + register: result + trendmicro.deepsec.deepsec_integrity_monitoringrules: + config: "{{ gather_result['gathered'] }}" + state: present + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: Apply the gathered Integrity Monitoring Rules for verifying RTT (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_integrity_monitoringrules: *id001 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + - name: Modify an existing Integrity Monitoring Rules + register: result + trendmicro.deepsec.deepsec_integrity_monitoringrules: &id003 + state: present + config: + - name: THIS IS TEST IMR - 2 + severity: medium + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: Modify an existing Integrity Monitoring Rules (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_integrity_monitoringrules: *id003 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + - name: teardown + register: result + trendmicro.deepsec.deepsec_integrity_monitoringrules: + state: absent + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + always: + - name: ALWAYS teardown/reset Integrity Monitoring Rules + trendmicro.deepsec.deepsec_integrity_monitoringrules: + state: absent + config: + - name: THIS IS TEST IMR - 1 + - name: THIS IS TEST IMR - 2 + +- name: Debug Statement + ansible.builtin.debug: + msg: "END cli/basic.yaml" diff --git a/tests/integration/targets/deepsec_intrusion_prevention_rules/defaults/main.yaml b/tests/integration/targets/deepsec_intrusion_prevention_rules/defaults/main.yaml new file mode 100644 index 0000000..10c0fab --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_prevention_rules/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/tests/integration/targets/deepsec_intrusion_prevention_rules/meta/main.yaml b/tests/integration/targets/deepsec_intrusion_prevention_rules/meta/main.yaml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_prevention_rules/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/deepsec_intrusion_prevention_rules/tasks/cli.yaml b/tests/integration/targets/deepsec_intrusion_prevention_rules/tasks/cli.yaml new file mode 100644 index 0000000..63f37af --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_prevention_rules/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_intrusion_prevention_rules/tasks/main.yaml b/tests/integration/targets/deepsec_intrusion_prevention_rules/tasks/main.yaml new file mode 100644 index 0000000..ead62aa --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_prevention_rules/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Invoke cli tests + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Invoke conditional tests + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/tests/integration/targets/deepsec_intrusion_prevention_rules/tasks/redirection.yaml b/tests/integration/targets/deepsec_intrusion_prevention_rules/tasks/redirection.yaml new file mode 100644 index 0000000..9172f30 --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_prevention_rules/tasks/redirection.yaml @@ -0,0 +1,6 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases diff --git a/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/_populate_ipr_config.yaml b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/_populate_ipr_config.yaml new file mode 100644 index 0000000..53368e3 --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/_populate_ipr_config.yaml @@ -0,0 +1,34 @@ +--- +- name: Populate Intrusion Prevention Rules for tests + tags: merged + trendmicro.deepsec.deepsec_intrusion_prevention_rules: &id001 + state: merged + config: + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + can_be_assigned_alone: true + template: signature + signature: test_new_signature + debug_mode_enabled: false + description: TEST DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 1 + priority: normal + severity: medium + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + can_be_assigned_alone: true + template: signature + signature: test_new_signature + debug_mode_enabled: false + description: TEST IPR + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 2 + priority: normal + severity: medium diff --git a/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/_remove_ipr_config.yaml b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/_remove_ipr_config.yaml new file mode 100644 index 0000000..f942e07 --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/_remove_ipr_config.yaml @@ -0,0 +1,7 @@ +--- +- name: Remove already configured IPR Config by Name + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + state: deleted + config: + - name: TEST IPR 1 + - name: TEST IPR 2 diff --git a/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/deleted.yaml b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/deleted.yaml new file mode 100644 index 0000000..cfdc5cf --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/deleted.yaml @@ -0,0 +1,42 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + Start Deleted integration state for deepsec_intrusion_prevention_rules ansible_connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_ipr_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_ipr_config.yaml + +- block: + - name: Delete attributes of provided configured IPRs + register: result + trendmicro.deepsec.deepsec_intrusion_prevention_rules: &id001 + config: + - name: TEST IPR 1 + - name: TEST IPR 2 + state: deleted + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + - "{{ merged['after'] | symmetric_difference(result['intrusion_prevention_rules']['before']) |\ + \ length == 4 }}" + - merged['before'] == result['intrusion_prevention_rules']['after'] + + - name: Delete attributes of all configured interfaces (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_intrusion_prevention_rules: *id001 + + - name: Assert that the previous delete task was idempotent + ansible.builtin.assert: + that: + - result.changed == false + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_ipr_config.yaml diff --git a/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/gathered.yaml b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/gathered.yaml new file mode 100644 index 0000000..e7e52a4 --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/gathered.yaml @@ -0,0 +1,32 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START deepsec_intrusion_prevention_rules gathered integration tests on connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_ipr_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_ipr_config.yaml + +- block: + - name: Gather the provided configuration with the exisiting running configuration + register: result + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + config: + - name: TEST IPR 1 + - name: TEST IPR 2 + state: gathered + + - name: Assert that the previous task + ansible.builtin.assert: + that: + - "{{ merged['after'] | symmetric_difference(result['gathered']) |\ + \ length == 4 }}" + - result['changed'] == false + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_ipr_config.yaml diff --git a/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/merged.yaml b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/merged.yaml new file mode 100644 index 0000000..6e25f44 --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/merged.yaml @@ -0,0 +1,68 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: START Merged deepsec_intrusion_prevention_rules state for integration tests on connection={{ ansible_connection }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_ipr_config.yaml + +- block: + - name: Merge and Create new Intrusion Prevention Rules + tags: merged + register: result + trendmicro.deepsec.deepsec_intrusion_prevention_rules: &id001 + state: merged + config: + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + can_be_assigned_alone: true + template: signature + signature: test_new_signature + debug_mode_enabled: false + description: TEST DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 1 + priority: normal + severity: medium + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + can_be_assigned_alone: true + template: signature + signature: test_new_signature + debug_mode_enabled: false + description: TEST IPR + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 2 + priority: normal + severity: medium + + - name: Assert that task reports change and after dict is correctly generated + ansible.builtin.assert: + that: + - result['changed'] == true + - "{{ merged['after'] | symmetric_difference(result['intrusion_prevention_rules']['after']) |\ + \ length == 4 }}" + + - name: Assert that before dicts are correctly generated + ansible.builtin.assert: + that: + - merged['before'] == result['intrusion_prevention_rules']['before'] + + - name: Merge provided configuration with device configuration (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_intrusion_prevention_rules: *id001 + + - name: Assert that the previous task was idempotent + ansible.builtin.assert: + that: + - result['changed'] == false + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_ipr_config.yaml diff --git a/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/replaced.yaml b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/replaced.yaml new file mode 100644 index 0000000..ce8f09d --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/replaced.yaml @@ -0,0 +1,57 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START Replaced deepsec_intrusion_prevention_rules state for integration tests on connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_ipr_config.yaml + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _populate_ipr_config.yaml + +- block: + - name: Replace existing Intrusion Prevention Rule + register: result + trendmicro.deepsec.deepsec_intrusion_prevention_rules: &id001 + state: replaced + config: + - alert_enabled: true + always_include_packet_data: false + application_type_id: 300 + can_be_assigned_alone: true + template: signature + signature: test_new_signature + debug_mode_enabled: false + description: Description for Replaced state + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 2 + priority: normal + severity: low + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + - "{{ replaced['before'] | symmetric_difference(result['intrusion_prevention_rules']['before']) |\ + \ length == 2 }}" + - "{{ replaced['after'] | symmetric_difference(result['intrusion_prevention_rules']['after']) |\ + \ length == 2 }}" + + - name: + Replaces device configuration of listed interfaces with provided configuration + (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_intrusion_prevention_rules: *id001 + + - name: Assert that task was idempotent + ansible.builtin.assert: + that: + - result['changed'] == false + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_ipr_config.yaml diff --git a/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/rtt.yaml b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/rtt.yaml new file mode 100644 index 0000000..f4b6533 --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_prevention_rules/tests/cli/rtt.yaml @@ -0,0 +1,101 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START deepsec_intrusion_prevention_rules round trip integration tests on connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_ipr_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_ipr_config.yaml + +- block: + - name: Apply the provided configuration (base config) + register: base_config + trendmicro.deepsec.deepsec_intrusion_prevention_rules: &id001 + state: merged + config: + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + can_be_assigned_alone: true + template: signature + signature: test_new_signature + debug_mode_enabled: false + description: TEST DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 1 + priority: normal + severity: medium + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + can_be_assigned_alone: true + template: signature + signature: test_new_signature + debug_mode_enabled: false + description: TEST IPR + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 2 + priority: normal + severity: medium + + - name: Gather TM IPR facts + register: gather_result + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + config: + - name: TEST IPR 1 + - name: TEST IPR 2 + state: gathered + + - name: Apply the configuration which need to be reverted + register: result + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + config: + - alert_enabled: true + always_include_packet_data: false + application_type_id: 300 + can_be_assigned_alone: true + template: signature + signature: test_new_signature + debug_mode_enabled: false + description: Description for Replaced state + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 2 + priority: normal + severity: low + state: replaced + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + - "{{ replaced['before'] | symmetric_difference(result['intrusion_prevention_rules']['before']) |\ + \ length == 2 }}" + - "{{ replaced['after'] | symmetric_difference(result['intrusion_prevention_rules']['after']) |\ + \ length == 2 }}" + + - name: Revert back to base config using facts round trip + register: revert + trendmicro.deepsec.deepsec_intrusion_prevention_rules: + config: "{{ gather_result['gathered'] }}" + state: replaced + + - name: Assert task + ansible.builtin.assert: + that: + - revert['changed'] == true + - "{{ merged['after'] | symmetric_difference(revert['intrusion_prevention_rules']['after']) |\ + \ length == 4 }}" + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_ipr_config.yaml diff --git a/tests/integration/targets/deepsec_intrusion_prevention_rules/vars/main.yaml b/tests/integration/targets/deepsec_intrusion_prevention_rules/vars/main.yaml new file mode 100644 index 0000000..741ef98 --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_prevention_rules/vars/main.yaml @@ -0,0 +1,69 @@ +--- +merged: + before: [] + + after: + - action: drop + alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + case_sensitive: false + debug_mode_enabled: false + description: "TEST DESCRIPTION" + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: "TEST IPR 1" + priority: normal + severity: medium + signature: test_new_signature + template: signature + - action: drop + alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + case_sensitive: false + debug_mode_enabled: false + description: "TEST IPR" + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: "TEST IPR 2" + priority: normal + severity: medium + signature: test_new_signature + template: signature + +replaced: + before: + - action: drop + alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + case_sensitive: false + debug_mode_enabled: false + description: "TEST DESCRIPTION" + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: "TEST IPR 1" + priority: normal + severity: medium + signature: test_new_signature + template: signature + after: + - action: drop + alert_enabled: true + always_include_packet_data: false + application_type_id: 300 + case_sensitive: false + debug_mode_enabled: false + description: Description for Replaced state + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: "TEST IPR 2" + priority: normal + severity: medium + signature: test_new_signature + template: signature diff --git a/tests/integration/targets/deepsec_intrusion_preventionrules/defaults/main.yaml b/tests/integration/targets/deepsec_intrusion_preventionrules/defaults/main.yaml new file mode 100644 index 0000000..10c0fab --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_preventionrules/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/tests/integration/targets/deepsec_intrusion_preventionrules/meta/main.yaml b/tests/integration/targets/deepsec_intrusion_preventionrules/meta/main.yaml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_preventionrules/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/deepsec_intrusion_preventionrules/tasks/cli.yaml b/tests/integration/targets/deepsec_intrusion_preventionrules/tasks/cli.yaml new file mode 100644 index 0000000..63f37af --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_preventionrules/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_intrusion_preventionrules/tasks/main.yaml b/tests/integration/targets/deepsec_intrusion_preventionrules/tasks/main.yaml new file mode 100644 index 0000000..ead62aa --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_preventionrules/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Invoke cli tests + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Invoke conditional tests + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/tests/integration/targets/deepsec_intrusion_preventionrules/tasks/redirection.yaml b/tests/integration/targets/deepsec_intrusion_preventionrules/tasks/redirection.yaml new file mode 100644 index 0000000..34256a6 --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_preventionrules/tasks/redirection.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_intrusion_preventionrules/tests/cli/basic.yaml b/tests/integration/targets/deepsec_intrusion_preventionrules/tests/cli/basic.yaml new file mode 100644 index 0000000..ae8bc26 --- /dev/null +++ b/tests/integration/targets/deepsec_intrusion_preventionrules/tests/cli/basic.yaml @@ -0,0 +1,134 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: "START cli/basic.yaml" + +- block: + - name: Create Intrusion Prevention Rules + register: result + trendmicro.deepsec.deepsec_intrusion_preventionrules: &id001 + state: present + config: + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + can_be_assigned_alone: true + template: signature + signature: test_new_signature_1 + debug_mode_enabled: false + description: TEST IPR 2 DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 1 + priority: normal + severity: medium + - alert_enabled: false + always_include_packet_data: false + application_type_id: 300 + can_be_assigned_alone: true + template: signature + signature: test_new_signature_2 + debug_mode_enabled: false + description: TEST IPR 2 DESCRIPTION + detect_only: false + event_logging_disabled: false + generate_event_on_packet_drop: true + name: TEST IPR 2 + priority: normal + severity: medium + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: Create Intrusion Prevention Rules (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_intrusion_preventionrules: *id001 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + - name: Gather Intrusion Prevention Rules + register: gather_result + trendmicro.deepsec.deepsec_intrusion_preventionrules: + state: gathered + config: + - name: TEST IPR 1 + - name: TEST IPR 2 + + - name: Assert task + ansible.builtin.assert: + that: + - gather_result.changed == false + - "{{ result['intrusion_preventionrules']['before'] == gather_result['gathered'] }}" + + - name: Teardown + register: result + trendmicro.deepsec.deepsec_intrusion_preventionrules: &id002 + state: absent + config: + - name: TEST IPR 1 + - name: TEST IPR 2 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: Teardown idempotency check (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_intrusion_preventionrules: *id002 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + - name: Apply the gathered Intrusion prevention rules for verifying RTT + register: result + trendmicro.deepsec.deepsec_intrusion_preventionrules: + config: "{{ gather_result['gathered'] }}" + state: present + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: Apply the gathered Intrusion prevention rules for verifying RTT (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_intrusion_preventionrules: *id001 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + - name: Teardown + register: result + trendmicro.deepsec.deepsec_intrusion_preventionrules: + state: absent + config: + - name: TEST IPR 1 + - name: TEST IPR 2 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + always: + - name: ALWAYS teardown/reset Intrusion prevention rules + trendmicro.deepsec.deepsec_intrusion_preventionrules: + state: absent + config: + - name: TEST IPR 1 + - name: TEST IPR 2 + +- name: Debug task + ansible.builtin.debug: + msg: "END cli/basic.yaml" diff --git a/tests/integration/targets/deepsec_log_inspection_rules/defaults/main.yaml b/tests/integration/targets/deepsec_log_inspection_rules/defaults/main.yaml new file mode 100644 index 0000000..10c0fab --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspection_rules/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/tests/integration/targets/deepsec_log_inspection_rules/meta/main.yaml b/tests/integration/targets/deepsec_log_inspection_rules/meta/main.yaml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspection_rules/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/deepsec_log_inspection_rules/tasks/cli.yaml b/tests/integration/targets/deepsec_log_inspection_rules/tasks/cli.yaml new file mode 100644 index 0000000..63f37af --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspection_rules/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_log_inspection_rules/tasks/main.yaml b/tests/integration/targets/deepsec_log_inspection_rules/tasks/main.yaml new file mode 100644 index 0000000..ead62aa --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspection_rules/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Invoke cli tests + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Invoke conditional tests + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/tests/integration/targets/deepsec_log_inspection_rules/tasks/redirection.yaml b/tests/integration/targets/deepsec_log_inspection_rules/tasks/redirection.yaml new file mode 100644 index 0000000..9172f30 --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspection_rules/tasks/redirection.yaml @@ -0,0 +1,6 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases diff --git a/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/_populate_lir_config.yaml b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/_populate_lir_config.yaml new file mode 100644 index 0000000..dceb06f --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/_populate_lir_config.yaml @@ -0,0 +1,40 @@ +--- +- name: Populate Log Inspection Rules for tests + tags: merged + trendmicro.deepsec.deepsec_log_inspection_rules: &id001 + state: merged + config: + - name: custom log_rule for mysqld event + description: log mysqld event + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100001 + rule_description: mysqld rule description + groups: + - test + alert_minimum_severity: 4 + alert_enabled: true + log_files: + log_files: + - location: /var/log/mysqld.log + format: mysql-log + - name: custom log_rule for daemon event + description: log daemon event + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100002 + rule_description: daemon rule description + groups: + - test + alert_minimum_severity: 5 + alert_enabled: true + log_files: + log_files: + - location: /var/log/daemon.log + format: syslog diff --git a/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/_remove_lir_config.yaml b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/_remove_lir_config.yaml new file mode 100644 index 0000000..846500e --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/_remove_lir_config.yaml @@ -0,0 +1,7 @@ +--- +- name: Remove already configured Log Inspection Rules Config by Name + trendmicro.deepsec.deepsec_log_inspection_rules: + state: deleted + config: + - name: custom log_rule for mysqld event + - name: custom log_rule for daemon event diff --git a/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/deleted.yaml b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/deleted.yaml new file mode 100644 index 0000000..954e81d --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/deleted.yaml @@ -0,0 +1,41 @@ +--- +- debug: + msg: + Start Deleted integration state for deepsec_log_inspection_rules ansible_connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_lir_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_lir_config.yaml + +- block: + - name: Delete attributes of provided configured Log Inspection Rules + register: result + trendmicro.deepsec.deepsec_log_inspection_rules: &id001 + config: + - name: custom log_rule for mysqld event + - name: custom log_rule for daemon event + state: deleted + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + - "{{ merged['after'] | symmetric_difference(result['log_inspection_rules']['before']) |\ + \ length == 4 }}" + - merged['before'] == result['log_inspection_rules']['after'] + + - name: Delete attributes of all Log Inspection Rules (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_log_inspection_rules: *id001 + + - name: Assert that the previous delete task was idempotent + ansible.builtin.assert: + that: + - result.changed == false + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_lir_config.yaml diff --git a/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/gathered.yaml b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/gathered.yaml new file mode 100644 index 0000000..bd34ddc --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/gathered.yaml @@ -0,0 +1,32 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START deepsec_log_inspection_rules gathered integration tests on connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_lir_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_lir_config.yaml + +- block: + - name: Gather the provided configuration with the exisiting running configuration + register: result + trendmicro.deepsec.deepsec_log_inspection_rules: + config: + - name: custom log_rule for mysqld event + - name: custom log_rule for daemon event + state: gathered + + - name: Assert task + ansible.builtin.assert: + that: + - "{{ merged['after'] | symmetric_difference(result['gathered']) |\ + \ length == 4 }}" + - result['changed'] == false + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_lir_config.yaml diff --git a/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/merged.yaml b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/merged.yaml new file mode 100644 index 0000000..5349230 --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/merged.yaml @@ -0,0 +1,76 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START Merged deepsec_log_inspection_rules state for integration tests on connection={{ + ansible_connection }} + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _remove_lir_config.yaml + +- block: + - name: Merge and Create new Log Inspection Rules + tags: merged + register: result + trendmicro.deepsec.deepsec_log_inspection_rules: &id001 + state: merged + config: + - name: custom log_rule for mysqld event + description: log mysqld event + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100001 + rule_description: mysqld rule description + groups: + - test + alert_minimum_severity: 4 + alert_enabled: true + log_files: + log_files: + - location: /var/log/mysqld.log + format: mysql-log + - name: custom log_rule for daemon event + description: log daemon event + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100002 + rule_description: daemon rule description + groups: + - test + alert_minimum_severity: 5 + alert_enabled: true + log_files: + log_files: + - location: /var/log/daemon.log + format: syslog + + - name: Assert that task reports change and after dict is correctly generated + ansible.builtin.assert: + that: + - result['changed'] == true + - "{{ merged['after'] | symmetric_difference(result['log_inspection_rules']['after']) |\ + \ length == 4 }}" + + - name: Assert that before dicts are correctly generated + ansible.builtin.assert: + that: + - merged['before'] == result['log_inspection_rules']['before'] + + - name: Merge provided configuration with device configuration (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_log_inspection_rules: *id001 + + - name: Assert that the previous task was idempotent + ansible.builtin.assert: + that: + - result['changed'] == false + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_lir_config.yaml diff --git a/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/replaced.yaml b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/replaced.yaml new file mode 100644 index 0000000..119d787 --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/replaced.yaml @@ -0,0 +1,83 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START Replaced deepsec_log_inspection_rules state for integration tests on connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_lir_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_lir_config.yaml + +- block: + - name: Replace existing Log Inspection Rules + register: result + trendmicro.deepsec.deepsec_log_inspection_rules: &id001 + state: replaced + config: + - name: custom log_rule for daemon event + description: Replaced log daemon event + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100003 + rule_description: daemon rule description + groups: + - test + alert_minimum_severity: 5 + alert_enabled: true + log_files: + log_files: + - location: /var/log/messages + format: syslog + + - name: To remove ID from the before dict + ansible.builtin.set_fact: + before: "{{ before | default([]) | combine({ item.key : item.value }) }}" + when: "{{item.key not in ['id']}}" + with_dict: "{{ dict }}" + loop: "{{ result['log_inspection_rules']['before'] }}" + + - name: To remove ID from the after dict + ansible.builtin.set_fact: + after: "{{ after | default([]) | combine({ item.key : item.value }) }}" + when: "{{item.key not in ['id']}}" + with_dict: "{{ dict }}" + loop: "{{ result['log_inspection_rules']['after'] }}" + + - name: Assert that task was completed and generated before and after as expected + ansible.builtin.assert: + that: + - result.changed == true + - "{{ replaced['before'] | symmetric_difference([before]) |\ + \ length == 0 }}" + - "{{ replaced['after'] | symmetric_difference([after]) |\ + \ length == 0 }}" + + - name: + Replaces device configuration of Log Inspection Rule with provided configuration + (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_log_inspection_rules: *id001 + + - name: To remove ID from the before dict + ansible.builtin.set_fact: + before: "{{ before | default([]) | combine({ item.key : item.value }) }}" + when: "{{item.key not in ['id']}}" + with_dict: "{{ dict }}" + loop: "{{ result['log_inspection_rules']['before'] }}" + + - name: Assert that task was idempotent and before is generated as expected + ansible.builtin.assert: + that: + - result['changed'] == false + - "{{ replaced['after'] | symmetric_difference([before]) |\ + \ length == 0 }}" + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_lir_config.yaml diff --git a/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/rtt.yaml b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/rtt.yaml new file mode 100644 index 0000000..18bc32f --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspection_rules/tests/cli/rtt.yaml @@ -0,0 +1,117 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: + START deepsec_log_inspection_rules round trip integration tests on connection={{ ansible_connection + }} + +- name: Remove config pre test runs + ansible.builtin.include_tasks: _remove_lir_config.yaml + +- name: Populate config pre test runs + ansible.builtin.include_tasks: _populate_lir_config.yaml + +- block: + - name: Apply the provided configuration (base config) + register: base_config + trendmicro.deepsec.deepsec_log_inspection_rules: &id001 + state: merged + config: + - name: custom log_rule for mysqld event + description: log mysqld event + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100001 + rule_description: mysqld rule description + groups: + - test + alert_minimum_severity: 4 + alert_enabled: true + log_files: + log_files: + - location: /var/log/mysqld.log + format: mysql-log + - name: custom log_rule for daemon event + description: log daemon event + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100002 + rule_description: daemon rule description + groups: + - test + alert_minimum_severity: 5 + alert_enabled: true + log_files: + log_files: + - location: /var/log/daemon.log + format: syslog + + - name: Gather TM Log Inspection Rules facts + register: gather_result + trendmicro.deepsec.deepsec_log_inspection_rules: + config: + - name: custom log_rule for mysqld event + - name: custom log_rule for daemon event + state: gathered + + - name: Apply the configuration which need to be reverted + register: result + trendmicro.deepsec.deepsec_log_inspection_rules: + config: + - name: custom log_rule for daemon event + description: Replaced log daemon event + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100003 + rule_description: daemon rule description + groups: + - test + alert_minimum_severity: 5 + alert_enabled: true + log_files: + log_files: + - location: /var/log/messages + format: syslog + state: replaced + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + - "{{ replaced['before'] | symmetric_difference(result['log_inspection_rules']['before']) |\ + \ length == 2 }}" + - "{{ replaced['after'] | symmetric_difference(result['log_inspection_rules']['after']) |\ + \ length == 2 }}" + + - name: Revert back to base config using facts round trip + register: revert + trendmicro.deepsec.deepsec_log_inspection_rules: + config: "{{ gather_result['gathered'] }}" + state: replaced + + - name: Debug task + ansible.builtin.debug: + msg: + - "{{ merged['after'] | symmetric_difference(revert['log_inspection_rules']['after']) |\ + \ length == 4 }}" + - "{{ merged['after'] | symmetric_difference(revert['log_inspection_rules']['after']) }}" + + - name: Assert task + ansible.builtin.assert: + that: + - revert['changed'] == true + - "{{ merged['after'] | symmetric_difference(revert['log_inspection_rules']['after']) |\ + \ length == 4 }}" + + always: + - name: Post test runs + ansible.builtin.include_tasks: _remove_lir_config.yaml diff --git a/tests/integration/targets/deepsec_log_inspection_rules/vars/main.yaml b/tests/integration/targets/deepsec_log_inspection_rules/vars/main.yaml new file mode 100644 index 0000000..5244435 --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspection_rules/vars/main.yaml @@ -0,0 +1,89 @@ +--- +merged: + before: [] + + after: + - alert_enabled: true + alert_minimum_severity: 4 + dependency: none + description: "log mysqld event" + groups: + - "test" + level: 0 + log_files: + log_files: + - format: mysql-log + location: /var/log/mysqld.log + minimum_agent_version: "6.0.0.0" + minimum_manager_version: "6.0.0" + name: "custom log_rule for mysqld event" + pattern: name + pattern_type: string + rule_description: "mysqld rule description" + rule_id: 100001 + sort_order: 15000 + template: basic-rule + - alert_enabled: true + alert_minimum_severity: 5 + dependency: none + description: "log daemon event" + groups: + - "test" + level: 0 + log_files: + log_files: + - format: syslog + location: /var/log/daemon.log + minimum_agent_version: "6.0.0.0" + minimum_manager_version: "6.0.0" + name: "custom log_rule for daemon event" + pattern: name + pattern_type: string + rule_description: "daemon rule description" + rule_id: 100002 + sort_order: 15000 + template: basic-rule + +replaced: + before: + - alert_enabled: true + alert_minimum_severity: 5 + dependency: "none" + description: "log daemon event" + groups: + - "test" + level: 0 + log_files: + log_files: + - format: syslog + location: /var/log/daemon.log + minimum_agent_version: "6.0.0.0" + minimum_manager_version: "6.0.0" + name: "custom log_rule for daemon event" + pattern: name + pattern_type: string + rule_description: "daemon rule description" + rule_id: 100002 + sort_order: 15000 + template: basic-rule + after: + - alert_enabled: true + alert_minimum_severity: 5 + dependency: "none" + description: "Replaced log daemon event" + groups: + - "test" + level: 0 + log_files: + log_files: + - format: syslog + location: /var/log/messages + minimum_agent_version: "6.0.0.0" + minimum_manager_version: "6.0.0" + name: "custom log_rule for daemon event" + pattern: name + pattern_type: string + rule_description: "daemon rule description" + rule_id: 100003 + sort_order: 15000 + template: basic-rule diff --git a/tests/integration/targets/deepsec_log_inspectionrules/defaults/main.yaml b/tests/integration/targets/deepsec_log_inspectionrules/defaults/main.yaml new file mode 100644 index 0000000..10c0fab --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspectionrules/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/tests/integration/targets/deepsec_log_inspectionrules/meta/main.yaml b/tests/integration/targets/deepsec_log_inspectionrules/meta/main.yaml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspectionrules/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/deepsec_log_inspectionrules/tasks/cli.yaml b/tests/integration/targets/deepsec_log_inspectionrules/tasks/cli.yaml new file mode 100644 index 0000000..63f37af --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspectionrules/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_log_inspectionrules/tasks/main.yaml b/tests/integration/targets/deepsec_log_inspectionrules/tasks/main.yaml new file mode 100644 index 0000000..ead62aa --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspectionrules/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Invoke cli tests + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Invoke conditional tests + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/tests/integration/targets/deepsec_log_inspectionrules/tasks/redirection.yaml b/tests/integration/targets/deepsec_log_inspectionrules/tasks/redirection.yaml new file mode 100644 index 0000000..34256a6 --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspectionrules/tasks/redirection.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_log_inspectionrules/tests/cli/basic.yaml b/tests/integration/targets/deepsec_log_inspectionrules/tests/cli/basic.yaml new file mode 100644 index 0000000..3522361 --- /dev/null +++ b/tests/integration/targets/deepsec_log_inspectionrules/tests/cli/basic.yaml @@ -0,0 +1,115 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: "START cli/basic.yaml" + +- block: + - name: Configure Log InspectionRules config + register: result + trendmicro.deepsec.deepsec_log_inspectionrules: &id001 + state: present + name: custom log_rule for mysqld event + description: some description + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100001 + rule_description: test rule description + groups: + - test + alert_minimum_severity: 4 + alert_enabled: true + log_files: + log_files: + - location: /var/log/mysqld.log + format: mysql-log + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: Configure Log InspectionRules config (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_log_inspectionrules: *id001 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + - name: Should not match for earlier created custom log + register: result + trendmicro.deepsec.deepsec_log_inspectionrules: + state: present + name: custom new log_rule for mysqld event + description: some description + minimum_agent_version: 6.0.0.0 + type: defined + template: basic-rule + pattern: name + pattern_type: string + rule_id: 100002 + rule_description: test rule description + groups: + - test + alert_minimum_severity: 4 + alert_enabled: true + log_files: + log_files: + - location: /var/log/mysqld.log + format: mysql-log + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown + register: result + trendmicro.deepsec.deepsec_log_inspectionrules: + state: absent + name: custom log_rule for mysqld event + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown + register: result + trendmicro.deepsec.deepsec_log_inspectionrules: + state: absent + name: custom new log_rule for mysqld event + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown idempotency check + register: result + trendmicro.deepsec.deepsec_log_inspectionrules: + state: absent + name: custom log_rule for mysqld event + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + always: + - name: teardown + trendmicro.deepsec.deepsec_log_inspectionrules: + state: absent + name: custom log_rule for mysqld event + + - name: teardown + trendmicro.deepsec.deepsec_log_inspectionrules: + state: absent + name: custom new log_rule for mysqld event + +- name: Debug Statement + ansible.builtin.debug: + msg: "END cli/basic.yaml" diff --git a/tests/integration/targets/deepsec_system_settings/defaults/main.yaml b/tests/integration/targets/deepsec_system_settings/defaults/main.yaml new file mode 100644 index 0000000..10c0fab --- /dev/null +++ b/tests/integration/targets/deepsec_system_settings/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/tests/integration/targets/deepsec_system_settings/meta/main.yaml b/tests/integration/targets/deepsec_system_settings/meta/main.yaml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/deepsec_system_settings/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/deepsec_system_settings/tasks/cli.yaml b/tests/integration/targets/deepsec_system_settings/tasks/cli.yaml new file mode 100644 index 0000000..63f37af --- /dev/null +++ b/tests/integration/targets/deepsec_system_settings/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_system_settings/tasks/main.yaml b/tests/integration/targets/deepsec_system_settings/tasks/main.yaml new file mode 100644 index 0000000..ead62aa --- /dev/null +++ b/tests/integration/targets/deepsec_system_settings/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Invoke cli tests + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Invoke conditional tests + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/tests/integration/targets/deepsec_system_settings/tasks/redirection.yaml b/tests/integration/targets/deepsec_system_settings/tasks/redirection.yaml new file mode 100644 index 0000000..34256a6 --- /dev/null +++ b/tests/integration/targets/deepsec_system_settings/tasks/redirection.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/deepsec_system_settings/tests/cli/basic.yaml b/tests/integration/targets/deepsec_system_settings/tests/cli/basic.yaml new file mode 100644 index 0000000..802d2c4 --- /dev/null +++ b/tests/integration/targets/deepsec_system_settings/tests/cli/basic.yaml @@ -0,0 +1,113 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: "START cli/basic.yaml" + +- block: + - name: Apply the input config to System Settings config + register: result + trendmicro.deepsec.deepsec_system_settings: &id001 + state: present + config: + platform_setting_syslog_config_id: + value: 12 + platform_setting_http_strict_transport_enabled: + value: true + platform_setting_demo_mode_enabled: + value: true + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: Apply the input config to System Settings config (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_system_settings: *id001 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + - name: Gather System Settings by System Settings Name + register: gather_result + trendmicro.deepsec.deepsec_system_settings: + state: gathered + config: + name: + - platform_setting_syslog_config_id + - platform_setting_http_strict_transport_enabled + - platform_setting_demo_mode_enabled + + - name: Debug task + ansible.builtin.debug: + msg: + - "{{ result['system_settings']['before'] }}" + - "{{ gather_result['gathered']['config'] }}" + + - name: Assert task + ansible.builtin.assert: + that: + - gather_result.changed == false + - "{{ result['system_settings']['before'] == gather_result['gathered']['config'] }}" + + - name: teardown + register: result + trendmicro.deepsec.deepsec_system_settings: + state: absent + config: + name: + - platform_setting_syslog_config_id + - platform_setting_http_strict_transport_enabled + - platform_setting_demo_mode_enabled + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown idempotency check + register: result + trendmicro.deepsec.deepsec_system_settings: + state: absent + config: + name: + - platform_setting_syslog_config_id + - platform_setting_http_strict_transport_enabled + - platform_setting_demo_mode_enabled + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + - name: Gather complete system settings + register: result + trendmicro.deepsec.deepsec_system_settings: + state: gathered + + - name: Apply the gathered system settings + register: result + trendmicro.deepsec.deepsec_system_settings: + config: "{{ result['gathered']['config'] }}" + state: present + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + always: + - name: teardown/reset system settings + trendmicro.deepsec.deepsec_system_settings: + state: absent + config: + name: + - platform_setting_syslog_config_id + - platform_setting_http_strict_transport_enabled + - platform_setting_demo_mode_enabled + +- name: Debug Statement + ansible.builtin.debug: + msg: "END cli/basic.yaml" diff --git a/tests/integration/targets/legacy_deepsec_syslog/defaults/main.yaml b/tests/integration/targets/legacy_deepsec_syslog/defaults/main.yaml new file mode 100644 index 0000000..10c0fab --- /dev/null +++ b/tests/integration/targets/legacy_deepsec_syslog/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/tests/integration/targets/legacy_deepsec_syslog/meta/main.yaml b/tests/integration/targets/legacy_deepsec_syslog/meta/main.yaml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/legacy_deepsec_syslog/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/legacy_deepsec_syslog/tasks/cli.yaml b/tests/integration/targets/legacy_deepsec_syslog/tasks/cli.yaml new file mode 100644 index 0000000..63f37af --- /dev/null +++ b/tests/integration/targets/legacy_deepsec_syslog/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/legacy_deepsec_syslog/tasks/main.yaml b/tests/integration/targets/legacy_deepsec_syslog/tasks/main.yaml new file mode 100644 index 0000000..ead62aa --- /dev/null +++ b/tests/integration/targets/legacy_deepsec_syslog/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Invoke cli tests + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Invoke conditional tests + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/tests/integration/targets/legacy_deepsec_syslog/tasks/redirection.yaml b/tests/integration/targets/legacy_deepsec_syslog/tasks/redirection.yaml new file mode 100644 index 0000000..34256a6 --- /dev/null +++ b/tests/integration/targets/legacy_deepsec_syslog/tasks/redirection.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/tests/integration/targets/legacy_deepsec_syslog/tests/cli/basic.yaml b/tests/integration/targets/legacy_deepsec_syslog/tests/cli/basic.yaml new file mode 100644 index 0000000..93b835f --- /dev/null +++ b/tests/integration/targets/legacy_deepsec_syslog/tests/cli/basic.yaml @@ -0,0 +1,96 @@ +--- +- name: Debug Statement + ansible.builtin.debug: + msg: "START cli/basic.yaml" + +- block: + - name: Configure syslog config + register: result + trendmicro.deepsec.deepsec_syslog: &id001 + state: present + name: TEST_SYSLOG_1 + facility: local0 + event_format: leef + direct: false + server: 192.0.2.0 + port: 514 + transport: udp + description: Syslog Api request from Ansible + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: Configure syslog config (IDEMPOTENT) + register: result + trendmicro.deepsec.deepsec_syslog: *id001 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + + - name: Should not match for TEST_SYSLOG_2 + register: result + trendmicro.deepsec.deepsec_syslog: + state: present + name: TEST_SYSLOG_2 + facility: local0 + event_format: leef + direct: false + server: 198.51.100.0 + port: 514 + transport: udp + description: Syslog Api request from Ansible + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown + register: result + trendmicro.deepsec.deepsec_syslog: + state: absent + name: TEST_SYSLOG_1 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown + register: result + trendmicro.deepsec.deepsec_syslog: + state: absent + name: TEST_SYSLOG_2 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == true + + - name: teardown idempotency check + register: result + trendmicro.deepsec.deepsec_syslog: + state: absent + name: TEST_SYSLOG_1 + + - name: Assert task + ansible.builtin.assert: + that: + - result.changed == false + always: + - name: teardown + trendmicro.deepsec.deepsec_syslog: + state: absent + name: TEST_SYSLOG_1 + - name: teardown + trendmicro.deepsec.deepsec_syslog: + state: absent + name: TEST_SYSLOG_2 + +- name: Debug Statement + ansible.builtin.debug: + msg: "END cli/basic.yaml" diff --git a/tests/sanity/ignore-2.10.txt b/tests/sanity/ignore-2.10.txt new file mode 100644 index 0000000..a12e07f --- /dev/null +++ b/tests/sanity/ignore-2.10.txt @@ -0,0 +1,10 @@ +plugins/modules/deepsec_integrity_monitoringrules.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_integrity_monitoringrules.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict +plugins/modules/deepsec_intrusion_preventionrules.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_intrusion_preventionrules.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict +plugins/modules/deepsec_firewallrules.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_firewallrules.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict +plugins/modules/deepsec_anti_malware.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_anti_malware.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict +plugins/modules/deepsec_log_inspectionrules.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_log_inspectionrules.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt new file mode 100644 index 0000000..a12e07f --- /dev/null +++ b/tests/sanity/ignore-2.11.txt @@ -0,0 +1,10 @@ +plugins/modules/deepsec_integrity_monitoringrules.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_integrity_monitoringrules.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict +plugins/modules/deepsec_intrusion_preventionrules.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_intrusion_preventionrules.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict +plugins/modules/deepsec_firewallrules.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_firewallrules.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict +plugins/modules/deepsec_anti_malware.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_anti_malware.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict +plugins/modules/deepsec_log_inspectionrules.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_log_inspectionrules.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict diff --git a/tests/sanity/ignore-2.12.txt b/tests/sanity/ignore-2.12.txt new file mode 100644 index 0000000..0cd1efe --- /dev/null +++ b/tests/sanity/ignore-2.12.txt @@ -0,0 +1 @@ +tests/unit/mock/loader.py pylint:arguments-renamed diff --git a/tests/sanity/ignore-2.13.txt b/tests/sanity/ignore-2.13.txt new file mode 100644 index 0000000..0cd1efe --- /dev/null +++ b/tests/sanity/ignore-2.13.txt @@ -0,0 +1 @@ +tests/unit/mock/loader.py pylint:arguments-renamed diff --git a/tests/sanity/ignore-2.14.txt b/tests/sanity/ignore-2.14.txt new file mode 100644 index 0000000..0cd1efe --- /dev/null +++ b/tests/sanity/ignore-2.14.txt @@ -0,0 +1 @@ +tests/unit/mock/loader.py pylint:arguments-renamed diff --git a/tests/sanity/ignore-2.15.txt b/tests/sanity/ignore-2.15.txt new file mode 100644 index 0000000..0cd1efe --- /dev/null +++ b/tests/sanity/ignore-2.15.txt @@ -0,0 +1 @@ +tests/unit/mock/loader.py pylint:arguments-renamed diff --git a/tests/sanity/ignore-2.16.txt b/tests/sanity/ignore-2.16.txt new file mode 100644 index 0000000..0cd1efe --- /dev/null +++ b/tests/sanity/ignore-2.16.txt @@ -0,0 +1 @@ +tests/unit/mock/loader.py pylint:arguments-renamed diff --git a/tests/sanity/ignore-2.17.txt b/tests/sanity/ignore-2.17.txt new file mode 100644 index 0000000..c9373dd --- /dev/null +++ b/tests/sanity/ignore-2.17.txt @@ -0,0 +1 @@ +tests/unit/mock/loader.py pylint:arguments-renamed \ No newline at end of file diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt new file mode 100644 index 0000000..a12e07f --- /dev/null +++ b/tests/sanity/ignore-2.9.txt @@ -0,0 +1,10 @@ +plugins/modules/deepsec_integrity_monitoringrules.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_integrity_monitoringrules.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict +plugins/modules/deepsec_intrusion_preventionrules.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_intrusion_preventionrules.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict +plugins/modules/deepsec_firewallrules.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_firewallrules.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict +plugins/modules/deepsec_anti_malware.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_anti_malware.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict +plugins/modules/deepsec_log_inspectionrules.py validate-modules:deprecation-mismatch # 2.9 expects METADATA +plugins/modules/deepsec_log_inspectionrules.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict diff --git a/tests/unit/__init__.py b/tests/unit/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/tests/unit/compat/__init__.py b/tests/unit/compat/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/tests/unit/compat/mock.py b/tests/unit/compat/mock.py new file mode 100644 index 0000000..e25e838 --- /dev/null +++ b/tests/unit/compat/mock.py @@ -0,0 +1,28 @@ +# pylint: skip-file +# (c) 2014, Toshio Kuratomi +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +# Make coding more python3-ish +from __future__ import absolute_import, division, print_function + + +__metaclass__ = type + +""" +Compat module for Python3.x's unittest.mock module +""" +from unittest.mock import * diff --git a/tests/unit/compat/unittest.py b/tests/unit/compat/unittest.py new file mode 100644 index 0000000..df3379b --- /dev/null +++ b/tests/unit/compat/unittest.py @@ -0,0 +1,39 @@ +# (c) 2014, Toshio Kuratomi +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +# Make coding more python3-ish +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +""" +Compat module for Python2.7's unittest module +""" + +import sys + +# Allow wildcard import because we really do want to import all of +# unittests's symbols into this compat shim +# pylint: disable=wildcard-import,unused-wildcard-import +if sys.version_info < (2, 7): + try: + # Need unittest2 on python2.6 + from unittest2 import * + except ImportError: + print("You need unittest2 installed on python2.6.x to run tests") +else: + from unittest import * diff --git a/tests/unit/mock/__init__.py b/tests/unit/mock/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/tests/unit/mock/loader.py b/tests/unit/mock/loader.py new file mode 100644 index 0000000..d7f4c18 --- /dev/null +++ b/tests/unit/mock/loader.py @@ -0,0 +1,116 @@ +# (c) 2012-2014, Michael DeHaan +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +# Make coding more python3-ish +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import os + +from ansible.errors import AnsibleParserError +from ansible.parsing.dataloader import DataLoader +from ansible.module_utils._text import to_bytes, to_text + + +class DictDataLoader(DataLoader): + def __init__(self, file_mapping=None): + file_mapping = {} if file_mapping is None else file_mapping + assert isinstance(file_mapping) == dict + + super(DictDataLoader, self).__init__() + + self._file_mapping = file_mapping + self._build_known_directories() + self._vault_secrets = None + + def load_from_file(self, path, cache=True, unsafe=False): + path = to_text(path) + if path in self._file_mapping: + return self.load(self._file_mapping[path], path) + return None + + # TODO: the real _get_file_contents returns a bytestring, so we actually convert the + # unicode/text it's created with to utf-8 + def _get_file_contents(self, path): + path = to_text(path) + if path in self._file_mapping: + return (to_bytes(self._file_mapping[path]), False) + else: + raise AnsibleParserError("file not found: %s" % path) + + def path_exists(self, path): + path = to_text(path) + return path in self._file_mapping or path in self._known_directories + + def is_file(self, path): + path = to_text(path) + return path in self._file_mapping + + def is_directory(self, path): + path = to_text(path) + return path in self._known_directories + + def list_directory(self, path): + ret = [] + path = to_text(path) + for x in list(self._file_mapping.keys()) + self._known_directories: + if x.startswith(path): + if os.path.dirname(x) == path: + ret.append(os.path.basename(x)) + return ret + + def is_executable(self, path): + # FIXME: figure out a way to make paths return true for this + return False + + def _add_known_directory(self, directory): + if directory not in self._known_directories: + self._known_directories.append(directory) + + def _build_known_directories(self): + self._known_directories = [] + for path in self._file_mapping: + dirname = os.path.dirname(path) + while dirname not in ("/", ""): + self._add_known_directory(dirname) + dirname = os.path.dirname(dirname) + + def push(self, path, content): + rebuild_dirs = False + if path not in self._file_mapping: + rebuild_dirs = True + + self._file_mapping[path] = content + + if rebuild_dirs: + self._build_known_directories() + + def pop(self, path): + if path in self._file_mapping: + del self._file_mapping[path] + self._build_known_directories() + + def clear(self): + self._file_mapping = dict() + self._known_directories = [] + + def get_basedir(self): + return os.getcwd() + + def set_vault_secrets(self, vault_secrets): + self._vault_secrets = vault_secrets diff --git a/tests/unit/mock/path.py b/tests/unit/mock/path.py new file mode 100644 index 0000000..1e59028 --- /dev/null +++ b/tests/unit/mock/path.py @@ -0,0 +1,12 @@ +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible_collections.trendmicro.deepsec.tests.unit.compat.mock import ( + MagicMock, +) +from ansible.utils.path import unfrackpath + + +mock_unfrackpath_noop = MagicMock( + spec_set=unfrackpath, side_effect=lambda x, *args, **kwargs: x +) diff --git a/tests/unit/mock/procenv.py b/tests/unit/mock/procenv.py new file mode 100644 index 0000000..f7ab5fe --- /dev/null +++ b/tests/unit/mock/procenv.py @@ -0,0 +1,94 @@ +# (c) 2016, Matt Davis +# (c) 2016, Toshio Kuratomi +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +# Make coding more python3-ish +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import sys +import json + +from contextlib import contextmanager +from io import BytesIO, StringIO +from ansible_collections.trendmicro.deepsec.tests.unit.compat import unittest +from ansible.module_utils.six import PY3 +from ansible.module_utils._text import to_bytes + + +@contextmanager +def swap_stdin_and_argv(stdin_data="", argv_data=tuple()): + """ + context manager that temporarily masks the test runner's values for stdin and argv + """ + real_stdin = sys.stdin + real_argv = sys.argv + + if PY3: + fake_stream = StringIO(stdin_data) + fake_stream.buffer = BytesIO(to_bytes(stdin_data)) + else: + fake_stream = BytesIO(to_bytes(stdin_data)) + + try: + sys.stdin = fake_stream + sys.argv = argv_data + + yield + finally: + sys.stdin = real_stdin + sys.argv = real_argv + + +@contextmanager +def swap_stdout(): + """ + context manager that temporarily replaces stdout for tests that need to verify output + """ + old_stdout = sys.stdout + + if PY3: + fake_stream = StringIO() + else: + fake_stream = BytesIO() + + try: + sys.stdout = fake_stream + + yield fake_stream + finally: + sys.stdout = old_stdout + + +class ModuleTestCase(unittest.TestCase): + def setUp(self, module_args=None): + if module_args is None: + module_args = { + "_ansible_remote_tmp": "/tmp", + "_ansible_keep_remote_files": False, + } + + args = json.dumps(dict(ANSIBLE_MODULE_ARGS=module_args)) + + # unittest doesn't have a clean place to use a context manager, so we have to enter/exit manually + self.stdin_swap = swap_stdin_and_argv(stdin_data=args) + self.stdin_swap.__enter__() + + def tearDown(self): + # unittest doesn't have a clean place to use a context manager, so we have to enter/exit manually + self.stdin_swap.__exit__(None, None, None) diff --git a/tests/unit/mock/vault_helper.py b/tests/unit/mock/vault_helper.py new file mode 100644 index 0000000..b34ae13 --- /dev/null +++ b/tests/unit/mock/vault_helper.py @@ -0,0 +1,42 @@ +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +# Make coding more python3-ish +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from ansible.module_utils._text import to_bytes + +from ansible.parsing.vault import VaultSecret + + +class TextVaultSecret(VaultSecret): + """A secret piece of text. ie, a password. Tracks text encoding. + + The text encoding of the text may not be the default text encoding so + we keep track of the encoding so we encode it to the same bytes.""" + + def __init__(self, text, encoding=None, errors=None, _bytes=None): + super(TextVaultSecret, self).__init__() + self.text = text + self.encoding = encoding or "utf-8" + self._bytes = _bytes + self.errors = errors or "strict" + + @property + def bytes(self): + """The text encoded with encoding, unless we specifically set _bytes.""" + return self._bytes or to_bytes( + self.text, encoding=self.encoding, errors=self.errors + ) diff --git a/tests/unit/mock/yaml_helper.py b/tests/unit/mock/yaml_helper.py new file mode 100644 index 0000000..5df30aa --- /dev/null +++ b/tests/unit/mock/yaml_helper.py @@ -0,0 +1,167 @@ +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +import io +import yaml + +from ansible.module_utils.six import PY3 +from ansible.parsing.yaml.loader import AnsibleLoader +from ansible.parsing.yaml.dumper import AnsibleDumper + + +class YamlTestUtils(object): + """Mixin class to combine with a unittest.TestCase subclass.""" + + def _loader(self, stream): + """Vault related tests will want to override this. + + Vault cases should setup a AnsibleLoader that has the vault password.""" + return AnsibleLoader(stream) + + def _dump_stream(self, obj, stream, dumper=None): + """Dump to a py2-unicode or py3-string stream.""" + if PY3: + return yaml.dump(obj, stream, Dumper=dumper) + else: + return yaml.dump(obj, stream, Dumper=dumper, encoding=None) + + def _dump_string(self, obj, dumper=None): + """Dump to a py2-unicode or py3-string""" + if PY3: + return yaml.dump(obj, Dumper=dumper) + else: + return yaml.dump(obj, Dumper=dumper, encoding=None) + + def _dump_load_cycle(self, obj): + # Each pass though a dump or load revs the 'generation' + # obj to yaml string + string_from_object_dump = self._dump_string(obj, dumper=AnsibleDumper) + + # wrap a stream/file like StringIO around that yaml + stream_from_object_dump = io.StringIO(string_from_object_dump) + loader = self._loader(stream_from_object_dump) + # load the yaml stream to create a new instance of the object (gen 2) + obj_2 = loader.get_data() + + # dump the gen 2 objects directory to strings + string_from_object_dump_2 = self._dump_string( + obj_2, dumper=AnsibleDumper + ) + + # The gen 1 and gen 2 yaml strings + self.assertEqual(string_from_object_dump, string_from_object_dump_2) + # the gen 1 (orig) and gen 2 py object + self.assertEqual(obj, obj_2) + + # again! gen 3... load strings into py objects + stream_3 = io.StringIO(string_from_object_dump_2) + loader_3 = self._loader(stream_3) + obj_3 = loader_3.get_data() + + string_from_object_dump_3 = self._dump_string( + obj_3, dumper=AnsibleDumper + ) + + self.assertEqual(obj, obj_3) + # should be transitive, but... + self.assertEqual(obj_2, obj_3) + self.assertEqual(string_from_object_dump, string_from_object_dump_3) + + def _old_dump_load_cycle(self, obj): + """Dump the passed in object to yaml, load it back up, dump again, compare.""" + stream = io.StringIO() + + yaml_string = self._dump_string(obj, dumper=AnsibleDumper) + self._dump_stream(obj, stream, dumper=AnsibleDumper) + + yaml_string_from_stream = stream.getvalue() + + # reset stream + stream.seek(0) + + loader = self._loader(stream) + # loader = AnsibleLoader(stream, vault_password=self.vault_password) + obj_from_stream = loader.get_data() + + stream_from_string = io.StringIO(yaml_string) + loader2 = self._loader(stream_from_string) + # loader2 = AnsibleLoader(stream_from_string, vault_password=self.vault_password) + obj_from_string = loader2.get_data() + + stream_obj_from_stream = io.StringIO() + stream_obj_from_string = io.StringIO() + + if PY3: + yaml.dump( + obj_from_stream, stream_obj_from_stream, Dumper=AnsibleDumper + ) + yaml.dump( + obj_from_stream, stream_obj_from_string, Dumper=AnsibleDumper + ) + else: + yaml.dump( + obj_from_stream, + stream_obj_from_stream, + Dumper=AnsibleDumper, + encoding=None, + ) + yaml.dump( + obj_from_stream, + stream_obj_from_string, + Dumper=AnsibleDumper, + encoding=None, + ) + + yaml_string_stream_obj_from_stream = stream_obj_from_stream.getvalue() + yaml_string_stream_obj_from_string = stream_obj_from_string.getvalue() + + stream_obj_from_stream.seek(0) + stream_obj_from_string.seek(0) + + if PY3: + yaml_string_obj_from_stream = yaml.dump( + obj_from_stream, Dumper=AnsibleDumper + ) + yaml_string_obj_from_string = yaml.dump( + obj_from_string, Dumper=AnsibleDumper + ) + else: + yaml_string_obj_from_stream = yaml.dump( + obj_from_stream, Dumper=AnsibleDumper, encoding=None + ) + yaml_string_obj_from_string = yaml.dump( + obj_from_string, Dumper=AnsibleDumper, encoding=None + ) + + assert yaml_string == yaml_string_obj_from_stream + assert ( + yaml_string + == yaml_string_obj_from_stream + == yaml_string_obj_from_string + ) + assert ( + yaml_string + == yaml_string_obj_from_stream + == yaml_string_obj_from_string + == yaml_string_stream_obj_from_stream + == yaml_string_stream_obj_from_string + ) + assert obj == obj_from_stream + assert obj == obj_from_string + assert obj == yaml_string_obj_from_stream + assert obj == yaml_string_obj_from_string + assert ( + obj + == obj_from_stream + == obj_from_string + == yaml_string_obj_from_stream + == yaml_string_obj_from_string + ) + return { + "obj": obj, + "yaml_string": yaml_string, + "yaml_string_from_stream": yaml_string_from_stream, + "obj_from_stream": obj_from_stream, + "obj_from_string": obj_from_string, + "yaml_string_obj_from_string": yaml_string_obj_from_string, + } diff --git a/tests/unit/plugins/action/__init__.py b/tests/unit/plugins/action/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/tests/unit/plugins/action/test_deepsec_anti_malwares.py b/tests/unit/plugins/action/test_deepsec_anti_malwares.py new file mode 100644 index 0000000..ba6d323 --- /dev/null +++ b/tests/unit/plugins/action/test_deepsec_anti_malwares.py @@ -0,0 +1,287 @@ +# Copyright (c) 2022 Red Hat +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import unittest +import tempfile +from ansible.playbook.task import Task +from ansible.template import Templar +from ansible_collections.trendmicro.deepsec.plugins.action.deepsec_anti_malwares import ( + ActionModule, +) +from ansible_collections.ansible.utils.tests.unit.compat.mock import ( + MagicMock, + patch, +) + +RESPONSE_PAYLOAD = { + "anti_malwares": [ + { + "alert_enabled": True, + "amsi_scan_enabled": True, + "behavior_monitoring_enabled": False, + "cpu_usage": "low", + "custom_remediation_actions_enabled": False, + "description": "test malware 2 description", + "directories_to_scan": "all-directories", + "document_exploit_heuristic_level": "default", + "document_exploit_protection": "critical-only", + "document_exploit_protection_enabled": True, + "files_to_scan": "all-files", + "id": "48", + "intelli_trap_enabled": False, + "machine_learning_enabled": True, + "memory_scan_enabled": False, + "microsoft_office_enabled": True, + "microsoft_office_layers": "3", + "name": "test_malware_2", + "network_directories_enabled": False, + "real_time_scan": "read-write", + "scan_action_for_machine_learning": "pass", + "scan_compressed_enabled": False, + "scan_type": "real-time", + "spyware_enabled": True, + } + ] +} + +REQUEST_PAYLOAD = [ + { + "name": "test_malware_1", + "description": "test malware 1 description", + "scan_action_for_virus": "pass", + "alert_enabled": "true", + "scan_type": "on-demand", + "real_time_scan": "read-only", + "cpu_usage": "medium", + }, + { + "name": "test_malware_2", + "description": "test malware 2 description", + "scan_action_for_virus": "pass", + "alert_enabled": "true", + "scan_type": "real-time", + "real_time_scan": "read-write", + "cpu_usage": "low", + }, +] + + +class TestDeepsecFirewallRules(unittest.TestCase): + def setUp(self): + task = MagicMock(Task) + # Ansible > 2.13 looks for check_mode in task + task.check_mode = False + play_context = MagicMock() + # Ansible <= 2.13 looks for check_mode in play_context + play_context.check_mode = False + connection = patch( + "ansible_collections.trendmicro.deepsec.plugins.action.deepsec_anti_malwares.Connection" + ) + fake_loader = {} + templar = Templar(loader=fake_loader) + self._plugin = ActionModule( + task=task, + connection=connection, + play_context=play_context, + loader=fake_loader, + templar=templar, + shared_loader_obj=None, + ) + self._plugin._task.action = "anti_malwares" + self._plugin.api_return = "anti_malwares" + self._task_vars = {} + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_anti_malwares_merged(self, connection): + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = {} + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin._task.args = { + "state": "merged", + "config": REQUEST_PAYLOAD, + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_anti_malwares_merged_idempotent(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + + self._plugin._task.args = { + "state": "merged", + "config": [ + { + "name": "test_malware_1", + "description": "test malware 1 description", + "scan_action_for_virus": "pass", + "alert_enabled": "true", + "scan_type": "on-demand", + "real_time_scan": "read-only", + "cpu_usage": "medium", + }, + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_anti_malwares_replaced(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "replaced", + "config": [ + { + "name": "test_malware_2", + "description": "Replace test malware 2 description", + "scan_action_for_virus": "quarantine", + "alert_enabled": True, + "files_to_scan": "intelliscan-file-types", + "scan_type": "real-time", + "real_time_scan": "read-only", + "cpu_usage": "medium", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_anti_malwares_replaced_idempotent(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = { + self._plugin.api_return: [ + { + "alert_enabled": True, + "amsi_scan_enabled": True, + "behavior_monitoring_enabled": False, + "custom_remediation_actions_enabled": False, + "cpu_usage": "medium", + "description": "Replace test malware 2 description", + "directories_to_scan": "all-directories", + "document_exploit_heuristic_level": "default", + "document_exploit_protection": "critical-only", + "document_exploit_protection_enabled": True, + "files_to_scan": "intelliscan-file-types", + "id": "48", + "intelli_trap_enabled": False, + "machine_learning_enabled": True, + "memory_scan_enabled": False, + "microsoft_office_enabled": True, + "microsoft_office_layers": "3", + "name": "test_malware_2", + "network_directories_enabled": False, + "real_time_scan": "read-only", + "scan_action_for_machine_learning": "pass", + "scan_compressed_enabled": False, + "scan_type": "real-time", + "spyware_enabled": True, + "scan_action_for_virus": "quarantine", + } + ] + } + self._plugin._task.args = { + "state": "replaced", + "config": [ + { + "name": "test_malware_2", + "description": "Replace test malware 2 description", + "scan_action_for_virus": "quarantine", + "alert_enabled": True, + "files_to_scan": "intelliscan-file-types", + "scan_type": "real-time", + "real_time_scan": "read-only", + "cpu_usage": "medium", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_anti_malwares_deleted(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "deleted", + "config": [ + { + "name": "test_malware_2", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_anti_malwares_deleted_idempotent(self, connection): + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = {} + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin._task.args = { + "state": "deleted", + "config": [ + { + "name": "test_malware_2", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_anti_malwares_gathered(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "gathered", + "config": [{"name": "test_malware_2"}], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) diff --git a/tests/unit/plugins/action/test_deepsec_firewall_rules.py b/tests/unit/plugins/action/test_deepsec_firewall_rules.py new file mode 100644 index 0000000..5bc59b5 --- /dev/null +++ b/tests/unit/plugins/action/test_deepsec_firewall_rules.py @@ -0,0 +1,316 @@ +# Copyright (c) 2022 Red Hat +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import unittest +import tempfile +from ansible.playbook.task import Task +from ansible.template import Templar +from ansible_collections.trendmicro.deepsec.plugins.action.deepsec_firewall_rules import ( + ActionModule, +) +from ansible_collections.ansible.utils.tests.unit.compat.mock import ( + MagicMock, + patch, +) + +RESPONSE_PAYLOAD = { + "firewall_rules": [ + { + "action": "deny", + "priority": "0", + "direction": "incoming", + "description": "incoming firewall 1 rule description", + "frameType": "ip", + "frameNumber": 2048, + "frameNot": False, + "protocol": "tcp", + "protocolNot": False, + "sourceIPType": "any", + "sourceIPNot": False, + "sourceMACType": "any", + "sourceMACNot": False, + "sourcePortType": "any", + "sourcePortNot": False, + "destinationIPType": "any", + "destinationIPNot": False, + "destinationMACType": "any", + "destinationMACNot": False, + "destinationPortType": "any", + "destinationPortNot": False, + "anyFlags": True, + "logDisabled": True, + "includePacketData": False, + "alertEnabled": False, + "ID": 146, + "name": "test_firewallrule_1", + } + ] +} + +REQUEST_PAYLOAD = [ + { + "name": "test_firewallrule_1", + "description": "incoming firewall 1 rule description", + "action": "deny", + "priority": 0, + "source_iptype": "any", + "destination_iptype": "any", + "direction": "incoming", + "protocol": "tcp", + "log_disabled": True, + }, + { + "name": "test_firewallrule_2", + "description": "incoming firewall 2 rule description", + "action": "deny", + "priority": 0, + "source_iptype": "any", + "source_ipnot": False, + "source_port_type": "any", + "destination_iptype": "any", + "direction": "incoming", + "protocol": "tcp", + }, +] + + +class TestDeepsecFirewallRules(unittest.TestCase): + def setUp(self): + task = MagicMock(Task) + # Ansible > 2.13 looks for check_mode in task + task.check_mode = False + play_context = MagicMock() + # Ansible <= 2.13 looks for check_mode in play_context + play_context.check_mode = False + connection = patch( + "ansible_collections.trendmicro.deepsec.plugins.action.deepsec_firewall_rules.Connection" + ) + fake_loader = {} + templar = Templar(loader=fake_loader) + self._plugin = ActionModule( + task=task, + connection=connection, + play_context=play_context, + loader=fake_loader, + templar=templar, + shared_loader_obj=None, + ) + self._plugin._task.action = "deepsec_firewall_rules" + self._plugin.api_return = "firewall_rules" + self._task_vars = {} + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_firewall_rules_merged(self, connection): + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = {} + self._plugin._connection.socket_path = tempfile.NamedTemporaryFile().name + self._plugin._connection._shell = MagicMock() + self._plugin._task.args = { + "state": "merged", + "config": REQUEST_PAYLOAD, + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_firewall_rules_merged_idempotent(self, connection): + self._plugin._connection.socket_path = tempfile.NamedTemporaryFile().name + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "merged", + "config": [ + { + "name": "test_firewallrule_1", + "description": "incoming firewall 1 rule description", + "action": "deny", + "priority": 0, + "source_iptype": "any", + "destination_iptype": "any", + "direction": "incoming", + "protocol": "tcp", + "log_disabled": True, + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + config_respose = { + "id": 146, + "frame_type": "ip", + "frame_number": 2048, + "frame_not": False, + "protocol_not": False, + "source_iptype": "any", + "source_ipnot": False, + "source_mactype": "any", + "source_macnot": False, + "source_port_type": "any", + "source_port_not": False, + "destination_iptype": "any", + "destination_ipnot": False, + "destination_mactype": "any", + "destination_macnot": False, + "destination_port_type": "any", + "destination_port_not": False, + "any_flags": True, + "log_disabled": True, + "include_packet_data": False, + "alert_enabled": False, + "action": "deny", + "priority": "0", + "direction": "incoming", + "description": "incoming firewall 1 rule description", + "protocol": "tcp", + "name": "test_firewallrule_1", + } + + self.assertEqual(result["firewall_rules"]["before"][0]["name"], config_respose["name"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_firewall_rules_replaced(self, connection): + self._plugin._connection.socket_path = tempfile.NamedTemporaryFile().name + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "replaced", + "config": [ + { + "name": "test_firewallrule_1", + "description": "outgoing firewall 1 replaced rule", + "action": "deny", + "priority": 0, + "source_iptype": "any", + "destination_iptype": "any", + "direction": "outgoing", + "protocol": "tcp", + "log_disabled": True, + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_firewall_rules_replaced_idempotent(self, connection): + self._plugin._connection.socket_path = tempfile.NamedTemporaryFile().name + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = { + "firewall_rules": [ + { + "action": "deny", + "priority": "0", + "direction": "outgoing", + "description": "outgoing firewall 1 replaced rule", + "frameType": "ip", + "frameNumber": 2048, + "frameNot": False, + "protocol": "tcp", + "protocolNot": False, + "sourceIPType": "any", + "sourceIPNot": False, + "sourceMACType": "any", + "sourceMACNot": False, + "sourcePortType": "any", + "sourcePortNot": False, + "destinationIPType": "any", + "destinationIPNot": False, + "destinationMACType": "any", + "destinationMACNot": False, + "destinationPortType": "any", + "destinationPortNot": False, + "anyFlags": True, + "logDisabled": True, + "includePacketData": False, + "alertEnabled": False, + "ID": 147, + "name": "test_firewallrule_1", + } + ] + } + self._plugin._task.args = { + "state": "replaced", + "config": [ + { + "name": "test_firewallrule_1", + "description": "outgoing firewall 1 replaced rule", + "action": "deny", + "priority": 0, + "source_iptype": "any", + "destination_iptype": "any", + "direction": "outgoing", + "protocol": "tcp", + "log_disabled": True, + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_firewall_rules_deleted(self, connection): + self._plugin._connection.socket_path = tempfile.NamedTemporaryFile().name + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "deleted", + "config": [ + { + "name": "test_firewallrule_1", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_firewall_rules_deleted_idempotent(self, connection): + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = {} + self._plugin._connection.socket_path = tempfile.NamedTemporaryFile().name + self._plugin._connection._shell = MagicMock() + self._plugin._task.args = { + "state": "deleted", + "config": [ + { + "name": "test_firewallrule_1", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_firewall_rules_gathered(self, connection): + self._plugin._connection.socket_path = tempfile.NamedTemporaryFile().name + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "gathered", + "config": [{"name": "test_firewallrule_1"}], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) diff --git a/tests/unit/plugins/action/test_deepsec_integrity_monitoring_rules.py b/tests/unit/plugins/action/test_deepsec_integrity_monitoring_rules.py new file mode 100644 index 0000000..b843626 --- /dev/null +++ b/tests/unit/plugins/action/test_deepsec_integrity_monitoring_rules.py @@ -0,0 +1,273 @@ +# Copyright (c) 2022 Red Hat +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import unittest +import tempfile +from ansible.playbook.task import Task +from ansible.template import Templar +from ansible_collections.trendmicro.deepsec.plugins.action.deepsec_integrity_monitoring_rules import ( + ActionModule, +) +from ansible_collections.ansible.utils.tests.unit.compat.mock import ( + MagicMock, + patch, +) + +RESPONSE_PAYLOAD = { + "integrity_monitoring_rules": [ + { + "alert_enabled": False, + "description": "THIS IS TEST IMR DESCRIPTION - 1", + "id": "328", + "minimum_agent_version": "6.0.0.0", + "minimum_manager_version": "6.0.0", + "name": "THIS IS TEST IMR - 1", + "real_time_monitoring_enabled": True, + "registry_attributes": ["STANDARD"], + "registry_excluded_values": [""], + "registry_include_default_value": True, + "registry_include_sub_keys": False, + "registry_included_values": ["test_1", "test_2"], + "registry_key_root": "HKEY_CLASSES_ROOT", + "registry_key_value": "\\", + "severity": "medium", + "template": "registry", + } + ] +} + +REQUEST_PAYLOAD = [ + { + "name": "THIS IS TEST IMR - 1", + "alert_enabled": False, + "description": "THIS IS TEST IMR DESCRIPTION - 1", + "real_time_monitoring_enabled": True, + "registry_included_values": ["test_1", "test_2"], + "severity": "medium", + "template": "registry", + }, + { + "name": "THIS IS TEST IMR - 2", + "alert_enabled": False, + "description": "THIS IS TEST IMR DESCRIPTION - 2", + "real_time_monitoring_enabled": True, + "registry_included_values": ["test"], + "severity": "low", + "template": "registry", + }, +] + + +class TestDeepsecIntegrityMonitoringRules(unittest.TestCase): + def setUp(self): + task = MagicMock(Task) + # Ansible > 2.13 looks for check_mode in task + task.check_mode = False + play_context = MagicMock() + # Ansible <= 2.13 looks for check_mode in play_context + play_context.check_mode = False + connection = patch( + "ansible_collections.trendmicro.deepsec.plugins.action.deepsec_integrity_monitoring_rules.Connection" + ) + fake_loader = {} + templar = Templar(loader=fake_loader) + self._plugin = ActionModule( + task=task, + connection=connection, + play_context=play_context, + loader=fake_loader, + templar=templar, + shared_loader_obj=None, + ) + self._plugin.api_return = "integrity_monitoring_rules" + self._plugin._task.action = "deepsec_integrity_monitoring_rules" + self._task_vars = {} + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_integrity_monitoring_rules_merged(self, connection): + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = {} + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin._task.args = { + "state": "merged", + "config": REQUEST_PAYLOAD, + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_integrity_monitoring_rules_merged_idempotent( + self, connection + ): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "merged", + "config": [ + { + "name": "THIS IS TEST IMR - 1", + "alert_enabled": False, + "description": "THIS IS TEST IMR DESCRIPTION - 1", + "real_time_monitoring_enabled": True, + "registry_included_values": ["test_1", "test_2"], + "severity": "medium", + "template": "registry", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_integrity_monitoring_rules_replaced(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "replaced", + "config": [ + { + "name": "THIS IS TEST IMR - 1", + "alert_enabled": False, + "description": "THIS IS REPLACED TEST IMR DESCRIPTION - 1", + "real_time_monitoring_enabled": True, + "registry_included_values": ["test_3", "test_4"], + "severity": "low", + "template": "registry", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_integrity_monitoring_rules_replaced_idempotent( + self, connection + ): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = { + "integrity_monitoring_rules": [ + { + "alert_enabled": False, + "description": "THIS IS REPLACED TEST IMR DESCRIPTION - 1", + "id": "328", + "minimum_agent_version": "6.0.0.0", + "minimum_manager_version": "6.0.0", + "name": "THIS IS TEST IMR - 1", + "real_time_monitoring_enabled": True, + "registry_attributes": ["STANDARD"], + "registry_excluded_values": [""], + "registry_include_default_value": True, + "registry_include_sub_keys": False, + "registry_included_values": ["test_3", "test_4"], + "registry_key_root": "HKEY_CLASSES_ROOT", + "registry_key_value": "\\", + "severity": "low", + "template": "registry", + } + ] + } + self._plugin._task.args = { + "state": "replaced", + "config": [ + { + "name": "THIS IS TEST IMR - 1", + "alert_enabled": False, + "description": "THIS IS REPLACED TEST IMR DESCRIPTION - 1", + "real_time_monitoring_enabled": True, + "registry_included_values": ["test_3", "test_4"], + "severity": "low", + "template": "registry", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_integrity_monitoring_rules_deleted(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "deleted", + "config": [ + { + "name": "test_firewallrule_1", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_integrity_monitoring_rules_deleted_idempotent( + self, connection + ): + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = {} + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin._task.args = { + "state": "deleted", + "config": [ + { + "name": "THIS IS TEST IMR - 1", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_integrity_monitoring_rules_gathered(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "gathered", + "config": [{"name": "THIS IS TEST IMR - 1"}], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) diff --git a/tests/unit/plugins/action/test_deepsec_intrusion_prevention_rules.py b/tests/unit/plugins/action/test_deepsec_intrusion_prevention_rules.py new file mode 100644 index 0000000..50ec9be --- /dev/null +++ b/tests/unit/plugins/action/test_deepsec_intrusion_prevention_rules.py @@ -0,0 +1,303 @@ +# Copyright (c) 2022 Red Hat +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import unittest +import tempfile +from ansible.playbook.task import Task +from ansible.template import Templar +from ansible_collections.trendmicro.deepsec.plugins.action.deepsec_intrusion_prevention_rules import ( + ActionModule, +) +from ansible_collections.ansible.utils.tests.unit.compat.mock import ( + MagicMock, + patch, +) + +RESPONSE_PAYLOAD = { + "intrusion_prevention_rules": [ + { + "action": "drop", + "alert_enabled": False, + "always_include_packet_data": False, + "application_type_id": 300, + "case_sensitive": False, + "debug_mode_enabled": False, + "description": "TEST IPR 1 DESCRIPTION", + "detect_only": False, + "event_logging_disabled": False, + "generate_event_on_packet_drop": True, + "id": "8657", + "name": "TEST IPR 1", + "priority": "normal", + "severity": "medium", + "signature": "test_new_signature_1", + "template": "signature", + } + ] +} + +REQUEST_PAYLOAD = [ + { + "alert_enabled": False, + "always_include_packet_data": False, + "application_type_id": 300, + "template": "signature", + "signature": "test_new_signature_1", + "debug_mode_enabled": False, + "description": "TEST IPR 1 DESCRIPTION", + "detect_only": False, + "event_logging_disabled": False, + "generate_event_on_packet_drop": True, + "name": "TEST IPR 1", + "priority": "normal", + "severity": "medium", + }, + { + "alert_enabled": False, + "always_include_packet_data": False, + "application_type_id": 300, + "template": "signature", + "signature": "test_new_signature_2", + "debug_mode_enabled": False, + "description": "TEST IPR 2 DESCRIPTION", + "detect_only": False, + "event_logging_disabled": False, + "generate_event_on_packet_drop": True, + "name": "TEST IPR 2", + "priority": "normal", + "severity": "medium", + }, +] + + +class TestDeepsecIntrusionPreventionRules(unittest.TestCase): + def setUp(self): + task = MagicMock(Task) + # Ansible > 2.13 looks for check_mode in task + task.check_mode = False + play_context = MagicMock() + # Ansible <= 2.13 looks for check_mode in play_context + play_context.check_mode = False + connection = patch( + "ansible_collections.trendmicro.deepsec.plugins.action.deepsec_intrusion_prevention_rules.Connection" + ) + fake_loader = {} + templar = Templar(loader=fake_loader) + self._plugin = ActionModule( + task=task, + connection=connection, + play_context=play_context, + loader=fake_loader, + templar=templar, + shared_loader_obj=None, + ) + self._plugin._task.action = "deepsec_intrusion_prevention_rules" + self._plugin.api_return = "intrusion_prevention_rules" + self._task_vars = {} + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_intrusion_prevention_rules_merged(self, connection): + self._plugin.search_for_ipr_name = MagicMock() + self._plugin.search_for_ipr_name.return_value = {} + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin._task.args = { + "state": "merged", + "config": REQUEST_PAYLOAD, + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_intrusion_prevention_rules_merged_idempotent( + self, connection + ): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_ipr_name = MagicMock() + self._plugin.search_for_ipr_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "merged", + "config": [ + { + "alert_enabled": False, + "always_include_packet_data": False, + "application_type_id": 300, + "template": "signature", + "signature": "test_new_signature_1", + "debug_mode_enabled": False, + "description": "TEST IPR 1 DESCRIPTION", + "detect_only": False, + "event_logging_disabled": False, + "generate_event_on_packet_drop": True, + "name": "TEST IPR 1", + "priority": "normal", + "severity": "medium", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_intrusion_prevention_rules_replaced(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_ipr_name = MagicMock() + self._plugin.search_for_ipr_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "replaced", + "config": [ + { + "alert_enabled": False, + "always_include_packet_data": False, + "application_type_id": 300, + "template": "signature", + "signature": "test_new_signature_1", + "debug_mode_enabled": False, + "description": "TEST IPR 1 REPLACE DESCRIPTION", + "detect_only": False, + "event_logging_disabled": False, + "generate_event_on_packet_drop": True, + "name": "TEST IPR 1", + "priority": "normal", + "severity": "low", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_intrusion_prevention_rules_replaced_idempotent( + self, connection + ): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_ipr_name = MagicMock() + self._plugin.search_for_ipr_name.return_value = { + "intrusion_prevention_rules": [ + { + "action": "drop", + "alert_enabled": False, + "always_include_packet_data": False, + "application_type_id": 300, + "case_sensitive": False, + "debug_mode_enabled": False, + "description": "TEST IPR 1 REPLACE DESCRIPTION", + "detect_only": False, + "event_logging_disabled": False, + "generate_event_on_packet_drop": True, + "id": "8657", + "name": "TEST IPR 1", + "priority": "normal", + "severity": "low", + "signature": "test_new_signature_1", + "template": "signature", + } + ] + } + self._plugin._task.args = { + "state": "replaced", + "config": [ + { + "alert_enabled": False, + "always_include_packet_data": False, + "application_type_id": 300, + "template": "signature", + "signature": "test_new_signature_1", + "debug_mode_enabled": False, + "description": "TEST IPR 1 REPLACE DESCRIPTION", + "detect_only": False, + "event_logging_disabled": False, + "generate_event_on_packet_drop": True, + "name": "TEST IPR 1", + "priority": "normal", + "severity": "low", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_intrusion_prevention_rules_deleted(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_ipr_name = MagicMock() + self._plugin.search_for_ipr_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "deleted", + "config": [ + { + "name": "TEST IPR 1", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_intrusion_prevention_rules_deleted_idempotent( + self, connection + ): + self._plugin.search_for_ipr_name = MagicMock() + self._plugin.search_for_ipr_name.return_value = {} + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin._task.args = { + "state": "deleted", + "config": [ + { + "name": "TEST IPR 1", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_intrusion_prevention_rules_gathered(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_ipr_name = MagicMock() + self._plugin.search_for_ipr_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "gathered", + "config": [{"name": "TEST IPR 1"}], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) diff --git a/tests/unit/plugins/action/test_deepsec_log_inspection_rules.py b/tests/unit/plugins/action/test_deepsec_log_inspection_rules.py new file mode 100644 index 0000000..2b569f4 --- /dev/null +++ b/tests/unit/plugins/action/test_deepsec_log_inspection_rules.py @@ -0,0 +1,341 @@ +# Copyright (c) 2022 Red Hat +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import unittest +import tempfile +from ansible.playbook.task import Task +from ansible.template import Templar +from ansible_collections.trendmicro.deepsec.plugins.action.deepsec_log_inspection_rules import ( + ActionModule, +) +from ansible_collections.ansible.utils.tests.unit.compat.mock import ( + MagicMock, + patch, +) + +RESPONSE_PAYLOAD = { + "log_inspection_rules": [ + { + "alert_enabled": True, + "alert_minimum_severity": 4, + "dependency": "none", + "description": "MYSQLD description", + "groups": ["test"], + "id": "179", + "level": "0", + "logFiles": { + "logFiles": [ + {"location": "/var/log/mysqld.log", "format": "mysql-log"} + ] + }, + "minimum_agent_version": "6.0.0.0", + "minimum_manager_version": "6.0.0", + "name": "custom log_rule for mysqld event", + "pattern": "name", + "pattern_type": "string", + "rule_description": "sqld rule description", + "rule_id": 100001, + "sort_order": "15000", + "template": "basic-rule", + } + ] +} + +REQUEST_PAYLOAD = [ + { + "name": "custom log_rule for mysqld event", + "description": "MYSQLD description", + "minimum_agent_version": "6.0.0.0", + "type": "defined", + "template": "basic-rule", + "pattern": "name", + "pattern_type": "string", + "rule_id": 100001, + "rule_description": "sqld rule description", + "groups": ["test"], + "alert_minimum_severity": 4, + "alert_enabled": True, + "log_files": { + "log_files": [ + {"location": "/var/log/mysqld.log", "format": "mysql-log"} + ] + }, + }, + { + "name": "custom log_rule for daemon event", + "description": "DAEMON description", + "minimum_agent_version": "6.0.0.0", + "type": "defined", + "template": "basic-rule", + "pattern": "name", + "pattern_type": "string", + "rule_id": 100002, + "rule_description": "deamon rule description", + "groups": ["test"], + "alert_minimum_severity": 3, + "alert_enabled": True, + "log_files": { + "log_files": [ + {"location": "/var/log/daemon.log", "format": "eventlog"} + ] + }, + }, +] + + +class TestDeepsecFirewallRules(unittest.TestCase): + def setUp(self): + task = MagicMock(Task) + # Ansible > 2.13 looks for check_mode in task + task.check_mode = False + play_context = MagicMock() + # Ansible <= 2.13 looks for check_mode in play_context + play_context.check_mode = False + connection = patch( + "ansible_collections.trendmicro.deepsec.plugins.action.deepsec_log_inspection_rules.Connection" + ) + fake_loader = {} + templar = Templar(loader=fake_loader) + self._plugin = ActionModule( + task=task, + connection=connection, + play_context=play_context, + loader=fake_loader, + templar=templar, + shared_loader_obj=None, + ) + self._plugin._task.action = "deepsec_log_inspection_rules" + self._plugin.api_return = "log_inspection_rules" + self._task_vars = {} + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_log_inspection_rules_merged(self, connection): + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = {} + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin._task.args = { + "state": "merged", + "config": REQUEST_PAYLOAD, + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_log_inspection_rules_merged_idempotent(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "merged", + "config": [ + { + "name": "custom log_rule for mysqld event", + "description": "MYSQLD description", + "minimum_agent_version": "6.0.0.0", + "type": "defined", + "template": "basic-rule", + "pattern": "name", + "pattern_type": "string", + "rule_id": 100001, + "rule_description": "sqld rule description", + "groups": ["test"], + "alert_minimum_severity": 4, + "alert_enabled": True, + "log_files": { + "log_files": [ + { + "location": "/var/log/mysqld.log", + "format": "mysql-log", + } + ] + }, + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_log_inspection_rules_replaced(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "replaced", + "config": [ + { + "name": "custom log_rule for mysqld event", + "description": "REPLACED log mysqld event", + "minimum_agent_version": "6.0.0.0", + "type": "defined", + "template": "basic-rule", + "pattern": "name", + "pattern_type": "string", + "rule_id": "100003", + "rule_description": "mysqld rule description", + "groups": ["test"], + "alert_minimum_severity": 5, + "alert_enabled": True, + "log_files": { + "log_files": [ + { + "location": "/var/log/mysqld.log", + "format": "mysql-log", + } + ] + }, + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_log_inspection_rules_replaced_idempotent( + self, connection + ): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = { + "log_inspection_rules": [ + { + "alert_enabled": True, + "alert_minimum_severity": 3, + "dependency": "none", + "description": "REPLACED log daemon event", + "groups": ["test"], + "id": "181", + "level": "0", + "logFiles": { + "logFiles": [ + { + "location": "/var/log/daemon.log", + "format": "eventlog", + } + ] + }, + "minimum_agent_version": "6.0.0.0", + "minimum_manager_version": "6.0.0", + "name": "custom log_rule for daemon event", + "pattern": "name", + "pattern_type": "string", + "rule_description": "daemon rule description", + "rule_id": 100002, + "sort_order": "15000", + "template": "basic-rule", + } + ] + } + self._plugin._task.args = { + "state": "replaced", + "config": [ + { + "name": "custom log_rule for daemon event", + "description": "REPLACED log daemon event", + "minimum_agent_version": "6.0.0.0", + "type": "defined", + "template": "basic-rule", + "pattern": "name", + "pattern_type": "string", + "rule_id": 100002, + "rule_description": "daemon rule description", + "groups": ["test"], + "alert_minimum_severity": 3, + "alert_enabled": True, + "log_files": { + "log_files": [ + { + "location": "/var/log/daemon.log", + "format": "eventlog", + } + ] + }, + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_log_inspection_rules_deleted(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "deleted", + "config": [ + { + "name": "custom log_rule for mysqld event", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertTrue(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_log_inspection_rules_deleted_idempotent(self, connection): + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = {} + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin._task.args = { + "state": "deleted", + "config": [ + { + "name": "custom log_rule for mysqld event", + } + ], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) + + @patch("ansible.module_utils.connection.Connection.__rpc__") + def test_deepsec_log_inspection_rules_gathered(self, connection): + self._plugin._connection.socket_path = ( + tempfile.NamedTemporaryFile().name + ) + self._plugin._connection._shell = MagicMock() + self._plugin.search_for_resource_name = MagicMock() + self._plugin.search_for_resource_name.return_value = RESPONSE_PAYLOAD + self._plugin._task.args = { + "state": "gathered", + "config": [{"name": "custom log_rule for mysqld event"}], + } + result = self._plugin.run(task_vars=self._task_vars) + self.assertFalse(result["changed"]) diff --git a/tests/unit/plugins/modules/__init__.py b/tests/unit/plugins/modules/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/tests/unit/plugins/modules/conftest.py b/tests/unit/plugins/modules/conftest.py new file mode 100644 index 0000000..e19a1e0 --- /dev/null +++ b/tests/unit/plugins/modules/conftest.py @@ -0,0 +1,40 @@ +# Copyright (c) 2017 Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import json + +import pytest + +from ansible.module_utils.six import string_types +from ansible.module_utils._text import to_bytes +from ansible.module_utils.common._collections_compat import MutableMapping + + +@pytest.fixture +def patch_ansible_module(request, mocker): + if isinstance(request.param, string_types): + args = request.param + elif isinstance(request.param, MutableMapping): + if "ANSIBLE_MODULE_ARGS" not in request.param: + request.param = {"ANSIBLE_MODULE_ARGS": request.param} + if "_ansible_remote_tmp" not in request.param["ANSIBLE_MODULE_ARGS"]: + request.param["ANSIBLE_MODULE_ARGS"][ + "_ansible_remote_tmp" + ] = "/tmp" + if ( + "_ansible_keep_remote_files" + not in request.param["ANSIBLE_MODULE_ARGS"] + ): + request.param["ANSIBLE_MODULE_ARGS"][ + "_ansible_keep_remote_files" + ] = False + args = json.dumps(request.param) + else: + raise Exception( + "Malformed data to the patch_ansible_module pytest fixture" + ) + + mocker.patch("ansible.module_utils.basic._ANSIBLE_ARGS", to_bytes(args)) diff --git a/tests/unit/plugins/modules/utils.py b/tests/unit/plugins/modules/utils.py new file mode 100644 index 0000000..d55afc0 --- /dev/null +++ b/tests/unit/plugins/modules/utils.py @@ -0,0 +1,51 @@ +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +import json + +from ansible_collections.trendmicro.deepsec.tests.unit.compat import unittest +from ansible_collections.trendmicro.deepsec.tests.unit.compat.mock import patch +from ansible.module_utils import basic +from ansible.module_utils._text import to_bytes + + +def set_module_args(args): + if "_ansible_remote_tmp" not in args: + args["_ansible_remote_tmp"] = "/tmp" + if "_ansible_keep_remote_files" not in args: + args["_ansible_keep_remote_files"] = False + + args = json.dumps({"ANSIBLE_MODULE_ARGS": args}) + basic._ANSIBLE_ARGS = to_bytes(args) + + +class AnsibleExitJson(Exception): + pass + + +class AnsibleFailJson(Exception): + pass + + +def exit_json(*args, **kwargs): + if "changed" not in kwargs: + kwargs["changed"] = False + raise AnsibleExitJson(kwargs) + + +def fail_json(*args, **kwargs): + kwargs["failed"] = True + raise AnsibleFailJson(kwargs) + + +class ModuleTestCase(unittest.TestCase): + def setUp(self): + self.mock_module = patch.multiple( + basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json + ) + self.mock_module.start() + self.mock_sleep = patch("time.sleep") + self.mock_sleep.start() + set_module_args({}) + self.addCleanup(self.mock_module.stop) + self.addCleanup(self.mock_sleep.stop) diff --git a/tests/unit/requirements.txt b/tests/unit/requirements.txt new file mode 100644 index 0000000..a9772be --- /dev/null +++ b/tests/unit/requirements.txt @@ -0,0 +1,42 @@ +boto3 +placebo +pycrypto +passlib +pypsrp +python-memcached +pytz +pyvmomi +redis +requests +setuptools > 0.6 # pytest-xdist installed via requirements does not work with very old setuptools (sanity_ok) +unittest2 ; python_version < '2.7' +importlib ; python_version < '2.7' +netaddr +ipaddress +netapp-lib +solidfire-sdk-python + +# requirements for F5 specific modules +f5-sdk ; python_version >= '2.7' +f5-icontrol-rest ; python_version >= '2.7' +deepdiff + +# requirement for Fortinet specific modules +pyFMG + +# requirement for aci_rest module +xmljson + +# requirement for winrm connection plugin tests +pexpect + +# requirement for the linode module +linode-python # APIv3 +linode_api4 ; python_version > '2.6' # APIv4 + +# requirement for the gitlab module +python-gitlab +httmock + +# requirment for kubevirt modules +openshift ; python_version >= '2.7'