zscaler.ziacloud.zia_ips_signature_rules module – Manages ZIA custom IPS Signature Rules
Note
This module is part of the zscaler.ziacloud collection (version 2.2.3).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install zscaler.ziacloud.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: zscaler.ziacloud.zia_ips_signature_rules.
New in zscaler.ziacloud 2.1.0
Synopsis
Adds, updates, or deletes a custom IPS (Intrusion Prevention System) signature rule.
On create, the supplied
rule_textis validated against the ZIA dynamic-validation endpoint before submission.
Requirements
The below requirements are needed on the host that executes this module.
Zscaler SDK Python can be obtained from PyPI https://pypi.org/project/zscaler-sdk-python/
Parameters
Parameter |
Comments |
|---|---|
A string that contains the obfuscated API key. |
|
The client ID for OAuth2 authentication. |
|
The client secret for OAuth2 authentication. |
|
The Zscaler cloud name provisioned for your organization. Choices:
|
|
Additional notes or information about the IPS Signature Rule. |
|
The unique identifier for the IPS Signature Rule. |
|
The name of the IPS Signature Rule. |
|
A string that contains the password for the API admin. |
|
The private key for JWT-based OAuth2 authentication. |
|
A dict containing authentication credentials. |
|
Obfuscated API key. |
|
OAuth2 client ID. |
|
OAuth2 client secret. |
|
Zscaler cloud name. Choices:
|
|
Password for the API admin. |
|
Private key for OAuth2 JWT. |
|
Sandbox Cloud environment. |
|
Sandbox API Key. |
|
Whether to use the legacy Zscaler API client. Choices:
|
|
Email ID of the API admin. |
|
Vanity domain for OAuth2. |
|
The custom signature rule text in Suricata/Snort-style syntax. On create, this value is validated against the ZIA dynamic-validation endpoint before submission. |
|
The Sandbox cloud environment for API access. |
|
A string that contains the Sandbox API Key. |
|
Specifies the desired state of the resource. Choices:
|
|
Whether to use the legacy Zscaler API client. Choices:
|
|
A string that contains the email ID of the API admin. |
|
The vanity domain provisioned by Zscaler for OAuth2 flows. |
Notes
Note
Check mode is supported.
Examples
- name: Create/Update an IPS Signature Rule
zscaler.ziacloud.zia_ips_signature_rules:
provider: '{{ provider }}'
name: "Custom_IPS_Rule_Example"
description: "Blocks requests to /admin"
rule_text: >-
alert http any any -> any any (msg:"HTTP /admin"; content:"/admin";
http_uri; nocase; sid:1000010; rev:1;)
state: present
- name: Delete an IPS Signature Rule by name
zscaler.ziacloud.zia_ips_signature_rules:
provider: '{{ provider }}'
name: "Custom_IPS_Rule_Example"
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The IPS Signature Rule resource record after the operation. Returned: on success |
|
Additional notes about the IPS Signature Rule. Returned: success Sample: |
|
The unique identifier for the IPS Signature Rule. Returned: success Sample: |
|
The name of the IPS Signature Rule. Returned: success Sample: |
|
The custom signature rule text. Returned: success |