zscaler.ziacloud.zia_atp_settings module – Updates the advanced threat configuration settings

Note

This module is part of the zscaler.ziacloud collection (version 2.0.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_atp_settings.

New in zscaler.ziacloud 2.0.0

Synopsis 

Updates the advanced threat configuration settings

Requirements 

The below requirements are needed on the host that executes this module.

Zscaler SDK Python can be obtained from PyPI https://pypi.org/project/zscaler-sdk-python/

Parameters 

Parameter	Comments
active_x_blocked boolean	Indicates whether sites are allowed or blocked from accessing vulnerable ActiveX controls that are known to have been exploited. Choices: `false` `true`
active_x_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for ActiveX controls Choices: `false` `true`
ad_spyware_sites_blocked boolean	Indicates whether to allow or block websites known to contain adware or spyware that displays malicious advertisements that can collect users’ information without their knowledge Choices: `false` `true`
ad_spyware_sites_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for adware and spyware sites Choices: `false` `true`
alert_for_unknown_or_suspicious_c2_traffic boolean	Indicates whether to send alerts upon detecting unknown or suspicious C2 traffic Choices: `false` `true`
anonymizer_blocked boolean	Indicates whether to allow or block applications and methods used to obscure the destination and the content accessed by the user, therefore blocking traffic to anonymizing web proxies. Choices: `false` `true`
anonymizer_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for anonymizers Choices: `false` `true`
api_key string	A string that contains the obfuscated API key.
bit_torrent_blocked boolean	Indicates whether to allow or block the usage of BitTorrent, a popular P2P file sharing application that supports content download with encryption. Choices: `false` `true`
bit_torrent_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for BitTorrent Choices: `false` `true`
block_countries_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for blocked countries Choices: `false` `true`
blocked_countries list / elements=string	Whether to allow or block requests to websites located in specific countries. Provide a ISO3166 Alpha2 code. Visit the following site for reference https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes
browser_exploits_blocked boolean	Indicates whether known web browser vulnerabilities prone to exploitation are allowed or blocked. Choices: `false` `true`
browser_exploits_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for browser exploits Choices: `false` `true`
client_id string	The client ID for OAuth2 authentication.
client_secret string	The client secret for OAuth2 authentication.
cloud string	The Zscaler cloud name provisioned for your organization. Choices: `"zscloud"` `"zscaler"` `"zscalerone"` `"zscalertwo"` `"zscalerthree"` `"zscalerbeta"` `"zscalergov"` `"zscalerten"` `"beta"` `"production"`
cmd_ctl_server_blocked boolean	Indicates whether connections to known Command & Control (C2) Servers are allowed or blocked Choices: `false` `true`
cmd_ctl_server_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for connections to known C2 servers Choices: `false` `true`
cmd_ctl_traffic_blocked boolean	Indicates whether botnets are allowed or blocked from sending or receiving commands to unknown servers Choices: `false` `true`
cmd_ctl_traffic_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for botnets Choices: `false` `true`
cookie_stealing_blocked boolean	Indicates whether to allow or block third-party websites that gather cookie information which can be used to personally identify users, track internet activity, or steal a user’s session or sensitive information. Choices: `false` `true`
cookie_stealing_pcap_enabled boolean	Indicates whether packet capture (PCAP) is enabled or not for cookie stealing Choices: `false` `true`
crypto_mining_blocked boolean	Indicates whether to allow or block cryptocurrency mining network traffic and scripts Which can negatively impact endpoint device performance and potentially lead to a misuse of company resources. Choices: `false` `true`
crypto_mining_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for cryptomining Choices: `false` `true`
dga_domains_blocked boolean	Indicates whether to allow or block domains that are suspected to be generated using domain generation algorithms (DGA) Choices: `false` `true`
dga_domains_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for DGA domains Choices: `false` `true`
file_format_vunerabilites_blocked boolean	Indicates whether known file format vulnerabilities and suspicious or malicious content in Microsoft Office or PDF documents are allowed or blocked Choices: `false` `true`
file_format_vunerabilites_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for file format vulnerabilities Choices: `false` `true`
google_talk_blocked boolean	Indicates whether to allow or block access to Google Hangouts, a popular P2P VoIP application. Choices: `false` `true`
google_talk_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for Google Choices: `false` `true`
irc_tunnelling_blocked boolean	Indicates whether to allow or block IRC traffic being tunneled over HTTP and HTTPS Choices: `false` `true`
irc_tunnelling_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for IRC tunnels Choices: `false` `true`
known_phishing_sites_blocked boolean	Indicates whether known phishing sites are allowed or blocked Choices: `false` `true`
known_phishing_sites_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for known phishing sites Choices: `false` `true`
malicious_urls_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for malicious URLs Choices: `false` `true`
malware_sites_blocked boolean	Indicates whether known malicious sites and content are allowed or blocked Choices: `false` `true`
malware_sites_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for malicious sites Choices: `false` `true`
password string	A string that contains the password for the API admin.
potential_malicious_requests_blocked boolean	Indicates whether to allow or block this type of cross-site scripting (XSS) Choices: `false` `true`
potential_malicious_requests_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for (XSS) attacks Choices: `false` `true`
private_key string	The private key for JWT-based OAuth2 authentication.
provider dictionary	A dict containing authentication credentials.
api_key string	Obfuscated API key.
client_id string	OAuth2 client ID.
client_secret string	OAuth2 client secret.
cloud string	Zscaler cloud name. Choices: `"zscloud"` `"zscaler"` `"zscalerone"` `"zscalertwo"` `"zscalerthree"` `"zscalerbeta"` `"zscalergov"` `"zscalerten"` `"beta"` `"production"`
password string	Password for the API admin.
private_key string	Private key for OAuth2 JWT.
sandbox_cloud string	Sandbox Cloud environment.
sandbox_token string	Sandbox API Key.
use_legacy_client boolean	Whether to use the legacy Zscaler API client. Choices: `false` ← (default) `true`
username string	Email ID of the API admin.
vanity_domain string	Vanity domain for OAuth2.
risk_tolerance integer	The Page Risk tolerance index set between 0 and 100 (100 being the highest risk). Users are blocked from accessing web pages with higher Page Risk than the specified value.
risk_tolerance_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for suspicious web pages Choices: `false` `true`
sandbox_cloud string	The Sandbox cloud environment for API access.
sandbox_token string	A string that contains the Sandbox API Key.
ssh_tunnelling_blocked boolean	Indicates whether to allow or block SSH traffic being tunneled over HTTP and HTTPS Choices: `false` `true`
ssh_tunnelling_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for SSH tunnels Choices: `false` `true`
state string	Specifies the desired state of the resource. Choices: `"present"` ← (default)
suspect_adware_spyware_sites_blocked boolean	Indicates whether to allow or block any detections of communication and callback traffic associated with spyware agents and data transmission Choices: `false` `true`
suspect_adware_spyware_sites_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for suspected adware and spyware sites Choices: `false` `true`
suspected_phishing_sites_blocked boolean	Indicates whether to allow or block suspected phishing sites identified through heuristic detection. The Zscaler service can inspect the content of a website for indications that it might be a phishing site. Choices: `false` `true`
suspected_phishing_sites_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for suspected phishing sites Choices: `false` `true`
tor_blocked boolean	Indicates whether to allow or block the usage of Tor, a popular P2P anonymizer protocol with support for encryption. Choices: `false` `true`
tor_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for Tor Choices: `false` `true`
use_legacy_client boolean	Whether to use the legacy Zscaler API client. Choices: `false` ← (default) `true`
username string	A string that contains the email ID of the API admin.
vanity_domain string	The vanity domain provisioned by Zscaler for OAuth2 flows.
webspam_blocked boolean	Indicates whether to allow or block web pages that pretend to contain useful information, To get higher ranking in search engine results or drive traffic to phishing, adware, or spyware distribution sites. Choices: `false` `true`
webspam_capture boolean	Indicates whether packet capture (PCAP) is enabled or not for web spam Choices: `false` `true`

Notes 

Note

Check mode is not supported.

Examples 

- name: Updates the advanced threat configuration settings
  zscaler.ziacloud.zia_atp_settings:
    provider: '{{ provider }}'
    risk_tolerance: 50
    risk_tolerance_capture: false
    cmd_ctl_server_blocked: true
    cmd_ctl_server_capture: false
    cmd_ctl_traffic_blocked: true
    cmd_ctl_traffic_capture: false
    malware_sites_blocked: true
    malware_sites_capture: false
    active_x_blocked: true
    active_x_capture: false
    browser_exploits_blocked: true
    browser_exploits_capture: false
    file_format_vunerabilites_blocked: true
    file_format_vunerabilites_capture: false
    known_phishing_sites_blocked: true
    known_phishing_sites_capture: false
    suspected_phishing_sites_blocked: true
    suspected_phishing_sites_capture: false
    suspect_adware_spyware_sites_blocked: true
    suspect_adware_spyware_sites_capture: false
    webspam_blocked: true
    webspam_capture: false
    irc_tunnelling_blocked: true
    irc_tunnelling_capture: false
    anonymizer_blocked: true
    anonymizer_capture: false
    cookie_stealing_blocked: true
    cookie_stealing_pcap_enabled: false
    potential_malicious_requests_blocked: true
    potential_malicious_requests_capture: false
    blocked_countries:
      - BR
      - CA
      - CN
      - RU
      - US
    block_countries_capture: false
    bit_torrent_blocked: true
    bit_torrent_capture: false
    tor_blocked: true
    tor_capture: false
    google_talk_blocked: true
    google_talk_capture: false
    ssh_tunnelling_blocked: true
    ssh_tunnelling_capture: false
    crypto_mining_blocked: true
    crypto_mining_capture: false

Authors

William Guilherme (@willguibr)

zscaler.ziacloud.zia_atp_settings module – Updates the advanced threat configuration settings

Synopsis

Requirements

Parameters

Notes

Examples