zscaler.ziacloud.zia_atp_settings_info module – Retrieves the advanced threat configuration settings
Note
This module is part of the zscaler.ziacloud collection (version 2.0.3).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install zscaler.ziacloud.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: zscaler.ziacloud.zia_atp_settings_info.
New in zscaler.ziacloud 2.0.0
Synopsis
Retrieves the advanced threat configuration settings
Requirements
The below requirements are needed on the host that executes this module.
Zscaler SDK Python can be obtained from PyPI https://pypi.org/project/zscaler-sdk-python/
Parameters
Parameter |
Comments |
|---|---|
A string that contains the obfuscated API key. |
|
The client ID for OAuth2 authentication. |
|
The client secret for OAuth2 authentication. |
|
The Zscaler cloud name provisioned for your organization. Choices:
|
|
A string that contains the password for the API admin. |
|
The private key for JWT-based OAuth2 authentication. |
|
A dict containing authentication credentials. |
|
Obfuscated API key. |
|
OAuth2 client ID. |
|
OAuth2 client secret. |
|
Zscaler cloud name. Choices:
|
|
Password for the API admin. |
|
Private key for OAuth2 JWT. |
|
Sandbox Cloud environment. |
|
Sandbox API Key. |
|
Whether to use the legacy Zscaler API client. Choices:
|
|
Email ID of the API admin. |
|
Vanity domain for OAuth2. |
|
The Sandbox cloud environment for API access. |
|
A string that contains the Sandbox API Key. |
|
Whether to use the legacy Zscaler API client. Choices:
|
|
A string that contains the email ID of the API admin. |
|
The vanity domain provisioned by Zscaler for OAuth2 flows. |
Notes
Note
Check mode is not supported.
Examples
- name: Retrieves the advanced threat configuration settings
zscaler.ziacloud.zia_atp_settings_info:
provider: '{{ provider }}'
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
A dictionary of Advanced Threat Protection settings. Returned: always |
|
Indicates whether sites are allowed or blocked from accessing vulnerable ActiveX controls that are known to have been exploited. Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for ActiveX controls Returned: always |
|
Indicates whether to allow or block websites known to contain adware or spyware that displays malicious advertisements that can collect users’ information without their knowledge Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for adware and spyware sites Returned: always |
|
Indicates whether to send alerts upon detecting unknown or suspicious C2 traffic Returned: always |
|
Indicates whether to allow or block applications and methods used to obscure the destination and the content accessed by the user, therefore blocking traffic to anonymizing web proxies. Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for anonymizers Returned: always |
|
Indicates whether to allow or block the usage of BitTorrent, a popular P2P file sharing application that supports content download with encryption. Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for BitTorrent Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for blocked countries Returned: always |
|
Whether to allow or block requests to websites located in specific countries. Provide a ISO3166 Alpha2 code. Returned: always |
|
Indicates whether known web browser vulnerabilities prone to exploitation are allowed or blocked. Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for browser exploits Returned: always |
|
Indicates whether connections to known Command & Control (C2) Servers are allowed or blocked Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for connections to known C2 servers Returned: always |
|
Indicates whether botnets are allowed or blocked from sending or receiving commands to unknown servers Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for botnets Returned: always |
|
Indicates whether to allow or block third-party websites that gather cookie information, which can be used to personally identify users, track internet activity, or steal a user’s session or sensitive information. Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for cookie stealing Returned: always |
|
Indicates whether to allow or block cryptocurrency mining network traffic and scripts which can negatively impact endpoint device performance and potentially lead to a misuse of company resources. Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for cryptomining Returned: always |
|
Indicates whether to allow or block domains that are suspected to be generated using domain generation algorithms (DGA) Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for DGA domains Returned: always |
|
Indicates whether known file format vulnerabilities and suspicious or malicious content in Microsoft Office or PDF documents are allowed or blocked Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for file format vulnerabilities Returned: always |
|
Indicates whether to allow or block access to Google Hangouts, a popular P2P VoIP application. Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for Google Returned: always |
|
Indicates whether to allow or block IRC traffic being tunneled over HTTP and HTTPS Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for IRC tunnels Returned: always |
|
Indicates whether known phishing sites are allowed or blocked Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for known phishing sites Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for malicious URLs Returned: always |
|
Indicates whether known malicious sites and content are allowed or blocked Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for malicious sites Returned: always |
|
Indicates whether to allow or block this type of cross-site scripting (XSS) Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for (XSS) attacks Returned: always |
|
The Page Risk tolerance index set between 0 and 100 (100 being the highest risk). Users are blocked from accessing web pages with higher Page Risk than the specified value. Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for suspicious web pages Returned: always |
|
Indicates whether to allow or block SSH traffic being tunneled over HTTP and HTTPS Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for SSH tunnels Returned: always |
|
Indicates whether to allow or block any detections of communication and callback traffic associated with spyware agents and data transmission Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for suspected adware and spyware sites Returned: always |
|
Indicates whether to allow or block suspected phishing sites identified through heuristic detection. The Zscaler service can inspect the content of a website for indications that it might be a phishing site. Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for suspected phishing sites Returned: always |
|
Indicates whether to allow or block the usage of Tor, a popular P2P anonymizer protocol with support for encryption. Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for Tor Returned: always |
|
Indicates whether to allow or block web pages that pretend to contain useful information, to get higher ranking in search engine results or drive traffic to phishing, adware, or spyware distribution sites. Returned: always |
|
Indicates whether packet capture (PCAP) is enabled or not for web spam Returned: always |