zscaler.ziacloud.zia_risk_profiles module – Adds a new cloud application risk profile

Note

This module is part of the zscaler.ziacloud collection (version 2.0.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_risk_profiles.

New in zscaler.ziacloud 2.0.0

Synopsis

• Adds a new cloud application risk profile

Requirements

The below requirements are needed on the host that executes this module.

• Zscaler SDK Python can be obtained from PyPI https://pypi.org/project/zscaler-sdk-python/

Parameters

Parameter	Comments
admin_audit_logs string	Support for admin activity audit logs Choices: "ANY" "YES" "NO" "UN_KNOWN"
api_key string	A string that contains the obfuscated API key.
certifications list / elements=string	List of compliance certifications for the profile Choices: "CSA_STAR" "ISO_27001" "HIPAA" "FISMA" "FEDRAMP" "SOC2" "ISO_27018" "PCI_DSS" "ISO_27017" "SOC1" "SOC3" "GDPR" "CCPA" "FERPA" "COPPA" "HITECH" "EU_US_SWISS_PRIVACY_SHIELD" "EU_US_PRIVACY_SHIELD_FRAMEWORK" "CISP" "AICPA" "FIPS" "SAFE_BIOPHARMA" "ISAE_3000" "SSAE_18" "NIST" "ISO_14001" "SOC" "TRUSTE" "ISO_26262" "ISO_20252" "RGPD" "ISO_20243" "JIS_Q_27001" "ISO_10002" "JIS_Q_15001_2017" "ISMAP" "GAAP"
client_id string	The client ID for OAuth2 authentication.
client_secret string	The client secret for OAuth2 authentication.
cloud string	The Zscaler cloud name provisioned for your organization. Choices: "zscloud" "zscaler" "zscalerone" "zscalertwo" "zscalerthree" "zscalerbeta" "zscalergov" "zscalerten" "beta" "production"
custom_tags list / elements=dictionary	List of custom tag blocks to include or exclude
data_breach string	History of reported data breaches Choices: "ANY" "YES" "NO" "UN_KNOWN"
data_encryption_in_transit list / elements=string	Encryption methods supported for data in transit Choices: "ANY" "UN_KNOWN" "TLSV1_0" "TLSV1_1" "TLSV1_2" "TLSV1_3" "SSLV2" "SSLV3"
dns_caa_policy string	Presence of a DNS CAA policy Choices: "ANY" "YES" "NO" "UN_KNOWN"
domain_based_message_auth string	Support for Domain-Based Message Authentication (DMARC) Choices: "ANY" "YES" "NO" "UN_KNOWN"
domain_keys_identified_mail string	Support for DomainKeys Identified Mail (DKIM) Choices: "ANY" "YES" "NO" "UN_KNOWN"
evasive string	Support for anonymous or evasive access Choices: "ANY" "YES" "NO" "UN_KNOWN"
exclude_certificates integer	Whether to include (0) or exclude (1) certificates
file_sharing string	Support for file sharing features Choices: "ANY" "YES" "NO" "UN_KNOWN"
http_security_headers string	Support for standard HTTP security headers Choices: "ANY" "YES" "NO" "UN_KNOWN"
id integer	The unique identifier for the risk profile
malware_scanning_for_content string	Support for content malware scanning Choices: "ANY" "YES" "NO" "UN_KNOWN"
mfa_support string	Support for multi-factor authentication Choices: "ANY" "YES" "NO" "UN_KNOWN"
password string	A string that contains the password for the API admin.
password_strength string	Password strength rating in hosting info Choices: "ANY" "GOOD" "POOR" "UN_KNOWN"
poor_items_of_service string	Flag for questionable legal terms in the service Choices: "ANY" "YES" "NO" "UN_KNOWN"
private_key string	The private key for JWT-based OAuth2 authentication.
profile_name string / required	Cloud application risk profile name
profile_type string	Risk profile type. Supported value: CLOUD_APPLICATIONS Choices: "CLOUD_APPLICATIONS"
provider dictionary	A dict containing authentication credentials.
api_key string	Obfuscated API key.
client_id string	OAuth2 client ID.
client_secret string	OAuth2 client secret.
cloud string	Zscaler cloud name. Choices: "zscloud" "zscaler" "zscalerone" "zscalertwo" "zscalerthree" "zscalerbeta" "zscalergov" "zscalerten" "beta" "production"
password string	Password for the API admin.
private_key string	Private key for OAuth2 JWT.
sandbox_cloud string	Sandbox Cloud environment.
sandbox_token string	Sandbox API Key.
use_legacy_client boolean	Whether to use the legacy Zscaler API client. Choices: false ← (default) true
username string	Email ID of the API admin.
vanity_domain string	Vanity domain for OAuth2.
remote_screen_sharing string	Support for remote screen sharing capabilities Choices: "ANY" "YES" "NO" "UN_KNOWN"
risk_index list / elements=integer	Risk index scores assigned to cloud applications
sandbox_cloud string	The Sandbox cloud environment for API access.
sandbox_token string	A string that contains the Sandbox API Key.
sender_policy_framework string	Support for Sender Policy Framework (SPF) Choices: "ANY" "YES" "NO" "UN_KNOWN"
source_ip_restrictions string	Support for restricting access by source IP Choices: "ANY" "YES" "NO" "UN_KNOWN"
ssl_cert_key_size string	Minimum SSL certificate key size Choices: "ANY" "UN_KNOWN" "BITS_2048" "BITS_256" "BITS_3072" "BITS_384" "BITS_4096" "BITS_1024" "BITS_8192"
ssl_cert_validity string	Validity period of SSL certificates Choices: "ANY" "YES" "NO" "UN_KNOWN"
ssl_pinned string	Use of pinned SSL certificates Choices: "ANY" "YES" "NO" "UN_KNOWN"
state string	Specifies the desired state of the resource. Choices: "present" ← (default) "absent"
status string	Application status Choices: "UN_SANCTIONED" "SANCTIONED" "ANY"
support_for_waf string	Support for Web Application Firewalls Choices: "ANY" "YES" "NO" "UN_KNOWN"
use_legacy_client boolean	Whether to use the legacy Zscaler API client. Choices: false ← (default) true
username string	A string that contains the email ID of the API admin.
vanity_domain string	The vanity domain provisioned by Zscaler for OAuth2 flows.
vulnerability string	Mitigation for known CVE vulnerabilities Choices: "ANY" "YES" "NO" "UN_KNOWN"
vulnerability_disclosure string	Policy or transparency around vulnerability disclosure Choices: "ANY" "YES" "NO" "UN_KNOWN"
vulnerable_to_heart_bleed string	Whether the app is vulnerable to Heartbleed Choices: "ANY" "YES" "NO" "UN_KNOWN"
vulnerable_to_log_jam string	Whether the app is vulnerable to Logjam Choices: "ANY" "YES" "NO" "UN_KNOWN"
vulnerable_to_poodle string	Whether the app is vulnerable to POODLE Choices: "ANY" "YES" "NO" "UN_KNOWN"
weak_cipher_support string	Support for weak encryption ciphers Choices: "ANY" "YES" "NO" "UN_KNOWN"

Notes

Note

• Check mode is supported.

Examples

- name: Configure Risk Profiles
  zscaler.ziacloud.zia_risk_profiles:
    profile_name: "RiskProfile_12345"
    profile_type: "CLOUD_APPLICATIONS"
    status: "SANCTIONED"
    risk_index: [1, 2, 3, 4, 5]
    custom_tags: []
    certifications:
      - AICPA
      - CCPA
      - CISP
      - ISO_27001
    password_strength: "GOOD"
    poor_items_of_service: "YES"
    admin_audit_logs: "YES"
    data_breach: "YES"
    source_ip_restrictions: "YES"
    file_sharing: "YES"
    mfa_support: "YES"
    ssl_pinned: "YES"
    data_encryption_in_transit:
      - SSLV2
      - SSLV3
      - TLSV1_0
      - TLSV1_1
      - TLSV1_2
      - TLSV1_3
      - UN_KNOWN
    http_security_headers: "YES"
    evasive: "YES"
    dns_caa_policy: "YES"
    ssl_cert_validity: "YES"
    weak_cipher_support: "YES"
    vulnerability: "YES"
    vulnerable_to_heart_bleed: "YES"
    ssl_cert_key_size: "BITS_2048"
    vulnerable_to_poodle: "YES"
    support_for_waf: "YES"
    vulnerability_disclosure: "YES"
    domain_keys_identified_mail: "YES"
    malware_scanning_for_content: "YES"
    domain_based_message_auth: "YES"
    sender_policy_framework: "YES"
    remote_screen_sharing: "YES"
    vulnerable_to_log_jam: "YES"

Authors

• William Guilherme (@willguibr)

Collection links

• Issue Tracker
• Repository (Sources)