zscaler.ziacloud.zia_casb_malware_rules module – Manages CASB Malware rules

Note

This module is part of the zscaler.ziacloud collection (version 2.2.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_casb_malware_rules.

New in zscaler.ziacloud 1.0.0

Synopsis

  • Adds, updates, or removes SaaS Security Data at Rest Scanning Malware rules.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

action

string

The configured action for the policy rule.

Choices:

  • "OFLCASB_AVP_QUARANTINE"

  • "OFLCASB_AVP_REMOVE"

  • "OFLCASB_AVP_REPORT_MALWARE"

  • "OFLCASB_AVP_APPLY_EMAIL_TAG"

  • "OFLCASB_AVP_BLOCK"

  • "OFLCASB_AVP_ALLOW"

api_key

string

A string that contains the obfuscated API key.

bucket_ids

list / elements=integer

List of bucket IDs for the Zscaler service to inspect for sensitive data.

casb_email_label

dictionary

Email label associated with the rule. Provide as dict with id key.

casb_tombstone_template

dictionary

Quarantine tombstone template. Provide as dict with id key.

client_id

string

The client ID for OAuth2 authentication.

client_secret

string

The client secret for OAuth2 authentication.

cloud

string

The Zscaler cloud name provisioned for your organization.

Choices:

  • "beta"

  • "production"

  • "zscaler"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerone"

  • "zscalerten"

  • "zscalerthree"

  • "zscalertwo"

  • "zscloud"

  • "zspreview"

cloud_app_tenant_ids

list / elements=integer

List of cloud application tenant IDs for which the rule is applied.

description

string

An admin editable text-based description of the rule.

Accepted for playbook compatibility; CASB Malware API may not support or return this field.

enabled

boolean

Administrative state of the rule.

If true, rule is ENABLED. If false, rule is DISABLED.

Choices:

  • false

  • true

id

integer

The unique identifier for the CASB Malware rule.

Used to reference an existing rule for update or delete.

labels

list / elements=integer

List of rule label IDs associated with the rule.

name

string / required

Rule name.

order

integer / required

Order of rule execution with respect to other SaaS Security Data at Rest Scanning Malware rules.

password

string

A string that contains the password for the API admin.

private_key

string

The private key for JWT-based OAuth2 authentication.

provider

dictionary

A dict containing authentication credentials.

api_key

string

Obfuscated API key.

client_id

string

OAuth2 client ID.

client_secret

string

OAuth2 client secret.

cloud

string

Zscaler cloud name.

Choices:

  • "beta"

  • "production"

  • "zscaler"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerone"

  • "zscalerten"

  • "zscalerthree"

  • "zscalertwo"

  • "zscloud"

  • "zspreview"

password

string

Password for the API admin.

private_key

string

Private key for OAuth2 JWT.

sandbox_cloud

string

Sandbox Cloud environment.

sandbox_token

string

Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

Email ID of the API admin.

vanity_domain

string

Vanity domain for OAuth2.

quarantine_location

string

Location where all the quarantined files are moved and necessary actions are taken.

rank

integer

Admin rank assigned to this rule. Mandatory when admin rank-based access restriction is enabled.

Accepted for playbook compatibility; CASB Malware API may not support or return this field.

sandbox_cloud

string

The Sandbox cloud environment for API access.

sandbox_token

string

A string that contains the Sandbox API Key.

string

Enables or disables the scan inbound email link.

Choices:

  • "SCAN_EMAIL_LINK_ENABLE"

  • "SCAN_EMAIL_LINK_DISABLE"

state

string

Specifies the desired state of the resource.

Choices:

  • "present" ← (default)

  • "absent"

type

string / required

The type of SaaS Security Data at Rest Scanning Malware rule.

Choices:

  • "OFLCASB_AVP_FILE"

  • "OFLCASB_AVP_EMAIL"

  • "OFLCASB_AVP_CRM"

  • "OFLCASB_AVP_ITSM"

  • "OFLCASB_AVP_COLLAB"

  • "OFLCASB_AVP_REPO"

  • "OFLCASB_AVP_STORAGE"

  • "OFLCASB_AVP_GENAI"

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

A string that contains the email ID of the API admin.

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Notes

Note

  • Check mode is supported.

  • type and name are required for create. type with id or name for update/delete.

Examples

- name: Create a CASB Malware rule
  zscaler.ziacloud.zia_casb_malware_rules:
    provider: '{{ provider }}'
    name: "My Malware Rule"
    type: OFLCASB_AVP_REPO
    order: 1
    action: OFLCASB_AVP_REPORT_MALWARE
    enabled: true
    cloud_app_tenant_ids:
      - 15881081
    labels:
      - 1441065
    bucket_ids:
      - 1442271
      - 1442270

- name: Update a CASB Malware rule by ID
  zscaler.ziacloud.zia_casb_malware_rules:
    provider: '{{ provider }}'
    id: 1072401
    type: OFLCASB_AVP_REPO
    name: "Updated Rule Name"
    order: 1

- name: Delete a CASB Malware rule
  zscaler.ziacloud.zia_casb_malware_rules:
    provider: '{{ provider }}'
    id: 1072401
    type: OFLCASB_AVP_REPO
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

data

dictionary

The CASB Malware rule resource record.

Returned: on success

Authors

  • William Guilherme (@willguibr)