zscaler.ziacloud.zia_casb_dlp_rules_info module – Gets information about CASB DLP rules

Note

This module is part of the zscaler.ziacloud collection (version 2.2.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_casb_dlp_rules_info.

New in zscaler.ziacloud 1.0.0

Synopsis

  • Gets a list of CASB DLP rules or retrieves a specific rule by ID or name.

  • The rule type must be specified to identify which rule category to query.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

api_key

string

A string that contains the obfuscated API key.

client_id

string

The client ID for OAuth2 authentication.

client_secret

string

The client secret for OAuth2 authentication.

cloud

string

The Zscaler cloud name provisioned for your organization.

Choices:

  • "beta"

  • "production"

  • "zscaler"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerone"

  • "zscalerten"

  • "zscalerthree"

  • "zscalertwo"

  • "zscloud"

  • "zspreview"

id

integer

The unique identifier for the CASB DLP rule.

System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.

name

string

Rule name. Used to look up a rule by name within the specified type.

password

string

A string that contains the password for the API admin.

private_key

string

The private key for JWT-based OAuth2 authentication.

provider

dictionary

A dict containing authentication credentials.

api_key

string

Obfuscated API key.

client_id

string

OAuth2 client ID.

client_secret

string

OAuth2 client secret.

cloud

string

Zscaler cloud name.

Choices:

  • "beta"

  • "production"

  • "zscaler"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerone"

  • "zscalerten"

  • "zscalerthree"

  • "zscalertwo"

  • "zscloud"

  • "zspreview"

password

string

Password for the API admin.

private_key

string

Private key for OAuth2 JWT.

sandbox_cloud

string

Sandbox Cloud environment.

sandbox_token

string

Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

Email ID of the API admin.

vanity_domain

string

Vanity domain for OAuth2.

sandbox_cloud

string

The Sandbox cloud environment for API access.

sandbox_token

string

A string that contains the Sandbox API Key.

type

string / required

The type of SaaS Security Data at Rest Scanning DLP rule.

This parameter is required to identify which rule category to query.

Choices:

  • "OFLCASB_DLP_FILE"

  • "OFLCASB_DLP_EMAIL"

  • "OFLCASB_DLP_CRM"

  • "OFLCASB_DLP_ITSM"

  • "OFLCASB_DLP_COLLAB"

  • "OFLCASB_DLP_REPO"

  • "OFLCASB_DLP_STORAGE"

  • "OFLCASB_DLP_GENAI"

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

A string that contains the email ID of the API admin.

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Notes

Note

  • Check mode is not supported.

Examples

- name: Get all CASB DLP rules of type ITSM
  zscaler.ziacloud.zia_casb_dlp_rules_info:
    provider: '{{ provider }}'
    type: OFLCASB_DLP_ITSM

- name: Get a CASB DLP rule by ID
  zscaler.ziacloud.zia_casb_dlp_rules_info:
    provider: '{{ provider }}'
    type: OFLCASB_DLP_ITSM
    id: 1070199

- name: Get a CASB DLP rule by name
  zscaler.ziacloud.zia_casb_dlp_rules_info:
    provider: '{{ provider }}'
    type: OFLCASB_DLP_ITSM
    name: "My DLP Rule"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

rules

list / elements=dictionary

A list of CASB DLP rules fetched based on the given criteria.

Returned: always

action

string

The configured action for the policy rule.

Returned: when available

bucket_owner

string

User who inspects their buckets for sensitive data.

Returned: when available

collaboration_scope

list / elements=string

Collaboration scope for the rule.

Returned: when available

components

list / elements=string

List of components for which the rule is applied.

Returned: when available

content_location

string

The location for the content that the service inspects.

Returned: when available

description

string

An admin editable text-based description of the rule.

Returned: when available

domains

list / elements=string

The domain for the external organization sharing the channel.

Returned: when available

external_auditor_email

string

Email address of the external auditor for DLP alerts.

Returned: when available

file_types

list / elements=string

File types for which the rule is applied.

Returned: when available

id

integer

The unique identifier for the CASB DLP rule.

Returned: always

name

string

Rule name.

Returned: always

order

integer

Order of rule execution with respect to other rules.

Returned: always

rank

integer

Admin rank assigned to the rule.

Returned: when available

severity

string

The severity level of the incidents that match the policy rule.

Returned: when available

state

string

Administrative state of the rule (ENABLED, DISABLED).

Returned: always

type

string

The type of SaaS Security Data at Rest Scanning DLP rule.

Returned: always

Authors

  • William Guilherme (@willguibr)