zscaler.ziacloud.zia_casb_dlp_rules module – Manages CASB DLP rules

Note

This module is part of the zscaler.ziacloud collection (version 2.2.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_casb_dlp_rules.

New in zscaler.ziacloud 1.0.0

Synopsis 

Adds, updates, or removes SaaS Security Data at Rest Scanning DLP rules.

Requirements 

The below requirements are needed on the host that executes this module.

Zscaler SDK Python can be obtained from PyPI https://pypi.org/project/zscaler-sdk-python/

Parameters 

Parameter	Comments
action string	The configured action for the policy rule. Choices: `"OFLCASB_DLP_REPORT_INCIDENT"` `"OFLCASB_DLP_SHARE_READ_ONLY"` `"OFLCASB_DLP_EXTERNAL_SHARE_READ_ONLY"` `"OFLCASB_DLP_INTERNAL_SHARE_READ_ONLY"` `"OFLCASB_DLP_REMOVE_PUBLIC_LINK_SHARE"` `"OFLCASB_DLP_REVOKE_SHARE"` `"OFLCASB_DLP_REMOVE_EXTERNAL_SHARE"` `"OFLCASB_DLP_REMOVE_INTERNAL_SHARE"` `"OFLCASB_DLP_REMOVE_COLLABORATORS"` `"OFLCASB_DLP_REMOVE_INTERNAL_LINK_SHARE"` `"OFLCASB_DLP_REMOVE_DISCOVERABLE"` `"OFLCASB_DLP_NOTIFY_END_USER"` `"OFLCASB_DLP_APPLY_MIP_TAG"` `"OFLCASB_DLP_APPLY_BOX_TAG"` `"OFLCASB_DLP_MOVE_TO_RESTRICTED_FOLDER"` `"OFLCASB_DLP_REMOVE"` `"OFLCASB_DLP_QUARANTINE"` `"OFLCASB_DLP_APPLY_EMAIL_TAG"` `"OFLCASB_DLP_APPLY_GOOGLEDRIVE_LABEL"` `"OFLCASB_DLP_REMOVE_EXT_COLLABORATORS"` `"OFLCASB_DLP_QUARANTINE_TO_USER_ROOT_FOLDER"` `"OFLCASB_DLP_APPLY_WATERMARK"` `"OFLCASB_DLP_REMOVE_WATERMARK"` `"OFLCASB_DLP_APPLY_HEADER"` `"OFLCASB_DLP_APPLY_FOOTER"` `"OFLCASB_DLP_APPLY_HEADER_FOOTER"` `"OFLCASB_DLP_REMOVE_HEADER"` `"OFLCASB_DLP_REMOVE_FOOTER"` `"OFLCASB_DLP_REMOVE_HEADER_FOOTER"` `"OFLCASB_DLP_BLOCK"` `"OFLCASB_DLP_APPLY_ATLASSIAN_CLASSIFICATION_LABEL"` `"OFLCASB_DLP_ALLOW"` `"OFLCASB_DLP_REDACT"`
api_key string	A string that contains the obfuscated API key.
auditor_notification dictionary	Notification template for DLP email alerts. Provide as dict with `id` key.
bucket_owner string	A user who inspects their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field.
buckets list / elements=integer	List of bucket IDs for the Zscaler service to inspect for sensitive data.
casb_email_label dictionary	Email label associated with the rule. Provide as dict with `id` key.
casb_tombstone_template dictionary	Quarantine tombstone template. Provide as dict with `id` key.
client_id string	The client ID for OAuth2 authentication.
client_secret string	The client secret for OAuth2 authentication.
cloud string	The Zscaler cloud name provisioned for your organization. Choices: `"beta"` `"production"` `"zscaler"` `"zscalerbeta"` `"zscalergov"` `"zscalerone"` `"zscalerten"` `"zscalerthree"` `"zscalertwo"` `"zscloud"` `"zspreview"`
cloud_app_tenant_ids list / elements=integer	List of cloud application tenant IDs for which the rule is applied.
collaboration_scope list / elements=string	Collaboration scope for the rule.
components list / elements=string	List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
content_location string	The location for the content that the Zscaler service inspects for sensitive data. Choices: `"CONTENT_LOCATION_PRIVATE_CHANNEL"` `"CONTENT_LOCATION_PUBLIC_CHANNEL"` `"CONTENT_LOCATION_SHARED_CHANNEL"` `"CONTENT_LOCATION_DIRECT_MESSAGE"` `"CONTENT_LOCATION_MULTI_PERSON_DIRECT_MESSAGE"`
criteria_domain_profile_ids list / elements=integer	List of domain profile IDs that are mandatory in the criteria.
departments list / elements=integer	List of department IDs for which the rule is applied.
description string	An admin editable text-based description of the rule.
dlp_engines list / elements=integer	List of DLP engine IDs to which the DLP policy rule must be applied.
domains list / elements=string	The domain for the external organization sharing the channel. Only applicable when content_location is `CONTENT_LOCATION_SHARED_CHANNEL`.
email_recipient_profile_ids list / elements=integer	List of recipient profile IDs for which the rule is applied.
enabled boolean	Administrative state of the rule. If `true`, rule is ENABLED. If `false`, rule is DISABLED. Choices: `false` `true`
entity_group_ids list / elements=integer	List of entity group IDs that are part of the rule criteria.
excluded_domain_profile_ids list / elements=integer	List of domain profile IDs excluded from the criteria for the rule.
external_auditor_email string	Email address of the external auditor to whom the DLP email alerts are sent.
file_types list / elements=string	File types for which the rule is applied. If not set, applied across all file types.
groups list / elements=integer	List of group IDs for which the rule is applied.
id integer	The unique identifier for the CASB DLP rule. Used to reference an existing rule for update or delete.
include_criteria_domain_profile boolean	If true, criteria_domain_profiles is included as part of the criteria, else excluded. Choices: `false` `true`
include_email_recipient_profile boolean	If true, email_recipient_profiles is included as part of the criteria, else excluded. Choices: `false` `true`
include_entity_groups boolean	If true, entity_groups is included as part of the criteria, else excluded. Choices: `false` `true`
included_domain_profile_ids list / elements=integer	List of domain profile IDs included in the criteria for the rule.
labels list / elements=integer	List of rule label IDs associated with the rule.
name string / required	Rule name.
object_type_ids list / elements=integer	List of object type IDs for which the rule is applied.
order integer / required	Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules.
password string	A string that contains the password for the API admin.
private_key string	The private key for JWT-based OAuth2 authentication.
provider dictionary	A dict containing authentication credentials.
api_key string	Obfuscated API key.
client_id string	OAuth2 client ID.
client_secret string	OAuth2 client secret.
cloud string	Zscaler cloud name. Choices: `"beta"` `"production"` `"zscaler"` `"zscalerbeta"` `"zscalergov"` `"zscalerone"` `"zscalerten"` `"zscalerthree"` `"zscalertwo"` `"zscloud"` `"zspreview"`
password string	Password for the API admin.
private_key string	Private key for OAuth2 JWT.
sandbox_cloud string	Sandbox Cloud environment.
sandbox_token string	Sandbox API Key.
use_legacy_client boolean	Whether to use the legacy Zscaler API client. Choices: `false` ← (default) `true`
username string	Email ID of the API admin.
vanity_domain string	Vanity domain for OAuth2.
quarantine_location string	Location where all the quarantined files are moved and necessary actions are taken.
rank integer	Admin rank assigned to this rule. Mandatory when admin rank-based access restriction is enabled.
receiver dictionary	Details of the DLP Incident Receiver, Provide as dict with `id` key.
recipient string	Specifies if the email recipient is internal or external.
redaction_profile dictionary	Redaction profile in the criteria. Provide as dict with `id` key.
sandbox_cloud string	The Sandbox cloud environment for API access.
sandbox_token string	A string that contains the Sandbox API Key.
severity string	The severity level of the incidents that match the policy rule. Choices: `"RULE_SEVERITY_HIGH"` `"RULE_SEVERITY_MEDIUM"` `"RULE_SEVERITY_LOW"` `"RULE_SEVERITY_INFO"`
state string	Specifies the desired state of the resource. Choices: `"present"` ← (default) `"absent"`
tag dictionary	Tag applied to the rule. Provide as dict with `id` key.
type string / required	The type of SaaS Security Data at Rest Scanning DLP rule. Choices: `"OFLCASB_DLP_FILE"` `"OFLCASB_DLP_EMAIL"` `"OFLCASB_DLP_CRM"` `"OFLCASB_DLP_ITSM"` `"OFLCASB_DLP_COLLAB"` `"OFLCASB_DLP_REPO"` `"OFLCASB_DLP_STORAGE"` `"OFLCASB_DLP_GENAI"`
use_legacy_client boolean	Whether to use the legacy Zscaler API client. Choices: `false` ← (default) `true`
username string	A string that contains the email ID of the API admin.
users list / elements=integer	List of user IDs for which the rule is applied.
vanity_domain string	The vanity domain provisioned by Zscaler for OAuth2 flows.
watermark_delete_old_version boolean	Specifies whether to delete an old version of the watermarked file. Choices: `false` `true`
watermark_profile dictionary	Watermark profile applied to the rule. Provide as dict with `id` key.
without_content_inspection boolean	If true, Content Matching is set to None. Choices: `false` `true`
zscaler_incident_receiver dictionary	Zscaler Incident Receiver details. Provide as dict with `id` key.

Notes 

Note

Check mode is supported.
type and name are required for create. type with id or name for update/delete.

Examples 

- name: Create a CASB DLP rule
  zscaler.ziacloud.zia_casb_dlp_rules:
    provider: '{{ provider }}'
    name: "My DLP Rule"
    type: OFLCASB_DLP_ITSM
    order: 1
    description: "Rule created by Ansible"
    action: OFLCASB_DLP_REPORT_INCIDENT
    severity: RULE_SEVERITY_HIGH
    components:
      - COMPONENT_ITSM_OBJECTS
      - COMPONENT_ITSM_ATTACHMENTS
    collaboration_scope:
      - ANY
    file_types:
      - FTCATEGORY_APPX
      - FTCATEGORY_SQL

- name: Update a CASB DLP rule by ID
  zscaler.ziacloud.zia_casb_dlp_rules:
    provider: '{{ provider }}'
    id: 1070199
    type: OFLCASB_DLP_ITSM
    name: "Updated Rule Name"
    order: 1

- name: Delete a CASB DLP rule
  zscaler.ziacloud.zia_casb_dlp_rules:
    provider: '{{ provider }}'
    id: 1070199
    type: OFLCASB_DLP_ITSM
    state: absent

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
data dictionary	The CASB DLP rule resource record. Returned: on success

Authors

William Guilherme (@willguibr)

zscaler.ziacloud.zia_casb_dlp_rules module – Manages CASB DLP rules

Synopsis

Requirements

Parameters

Notes

Examples

Return Values