zscaler.ziacloud.zia_sandbox_rules module – Adds a Sandbox policy rule

Note

This module is part of the zscaler.ziacloud collection (version 2.0.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_sandbox_rules.

New in zscaler.ziacloud 2.0.0

Synopsis

  • Adds a Sandbox policy rule

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

api_key

string

A string that contains the obfuscated API key.

ba_policy_categories

list / elements=string

The threat categories to which the rule applies

Choices:

  • "ADWARE_BLOCK"

  • "BOTMAL_BLOCK"

  • "ANONYP2P_BLOCK"

  • "RANSOMWARE_BLOCK"

  • "OFFSEC_TOOLS_BLOCK"

  • "SUSPICIOUS_BLOCK"

ba_rule_action

string

The action configured for the rule that must take place if the traffic matches the rule criteria

Choices:

  • "ALLOW"

  • "BLOCK"

by_threat_score

integer

Minimum threat score can be set between 40 to 70

client_id

string

The client ID for OAuth2 authentication.

client_secret

string

The client secret for OAuth2 authentication.

cloud

string

The Zscaler cloud name provisioned for your organization.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

departments

list / elements=integer

The departments to which the Sandbox Rule applies

description

string

Additional information about the rule

enabled

boolean

Determines whether the Sandbox Rule is enabled or disabled

Choices:

  • false

  • true

file_types

list / elements=string

The threat categories to which the rule applies

Choices:

  • "FTCATEGORY_BAT"

  • "FTCATEGORY_APK"

  • "FTCATEGORY_WINDOWS_SCRIPT_FILES"

  • "FTCATEGORY_JAVA_APPLET"

  • "FTCATEGORY_PDF_DOCUMENT"

  • "FTCATEGORY_MS_RTF"

  • "FTCATEGORY_FLASH"

  • "FTCATEGORY_POWERSHELL"

  • "FTCATEGORY_WINDOWS_LIBRARY"

  • "FTCATEGORY_MS_EXCEL"

  • "FTCATEGORY_HTA"

  • "FTCATEGORY_VISUAL_BASIC_SCRIPT"

  • "FTCATEGORY_MS_POWERPOINT"

  • "FTCATEGORY_TAR"

  • "FTCATEGORY_WINDOWS_EXECUTABLES"

  • "FTCATEGORY_SCZIP"

  • "FTCATEGORY_RAR"

  • "FTCATEGORY_ZIP"

  • "FTCATEGORY_P7Z"

  • "FTCATEGORY_MICROSOFT_INSTALLER"

  • "FTCATEGORY_BZIP2"

  • "FTCATEGORY_PYTHON"

  • "FTCATEGORY_MS_WORD"

  • "FTCATEGORY_ISO"

  • "FTCATEGORY_DMG"

  • "FTCATEGORY_JPEG"

  • "FTCATEGORY_PNG"

first_time_enable

boolean

Indicates whether a First-Time Action is specifically configured for the rule.

The First-Time Action takes place when users download unknown files.

The action to be applied is specified using the firstTimeOperation field.

Choices:

  • false

  • true

first_time_operation

string

The action that must take place when users download unknown files for the first time

Choices:

  • "ALLOW_SCAN"

  • "QUARANTINE"

  • "ALLOW_NOSCAN"

  • "QUARANTINE_ISOLATE"

groups

list / elements=integer

The groups to which the Sandbox Rule applies

id

integer

Unique identifier for the Sandbox Rule

labels

list / elements=integer

Labels that are applicable to the rule.

location_groups

list / elements=integer

The location groups to which the Sandbox Rule applies

locations

list / elements=integer

The locations to which the Sandbox Rule applies

ml_action_enabled

boolean

Indicates whether to enable or disable the AI Instant Verdict option

To have the Zscaler service use AI analysis to instantly assign threat scores to unknown files.

This option is available to use only with specific rule actions such as Quarantine and Allow and Scan for First-Time Action.

Choices:

  • false

  • true

name

string / required

Name of the Sandbox Rule

order

integer

Rule order number of the Sandbox Rule

password

string

A string that contains the password for the API admin.

private_key

string

The private key for JWT-based OAuth2 authentication.

protocols

list / elements=string

The protocols to which the rule applies

Choices:

  • "FOHTTP_RULE"

  • "FTP_RULE"

  • "HTTPS_RULE"

  • "HTTP_RULE"

provider

dictionary

A dict containing authentication credentials.

api_key

string

Obfuscated API key.

client_id

string

OAuth2 client ID.

client_secret

string

OAuth2 client secret.

cloud

string

Zscaler cloud name.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

password

string

Password for the API admin.

private_key

string

Private key for OAuth2 JWT.

sandbox_cloud

string

Sandbox Cloud environment.

sandbox_token

string

Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

Email ID of the API admin.

vanity_domain

string

Vanity domain for OAuth2.

rank

integer

Admin rank of the Sandbox Rule

Default: 7

sandbox_cloud

string

The Sandbox cloud environment for API access.

sandbox_token

string

A string that contains the Sandbox API Key.

state

string

Specifies the desired state of the resource.

Choices:

  • "present" ← (default)

  • "absent"

url_categories

list / elements=string

The URL categories to which the rule applies

Use the info resource zia_url_categories_info to retrieve the category names.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

A string that contains the email ID of the API admin.

users

list / elements=integer

The users to which the Sandbox Rule applies

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

zpa_app_segments

list / elements=dictionary

The list of ZPA Application Segments for which this rule is applicable.

This field is applicable only for the ZPA forwarding method.

external_id

string

Indicates the external ID. Applicable only when this reference is of an external entity.

name

string

The name of the Application Segment

Notes

Note

  • Check mode is supported.

Examples

- name: Create/update  firewall filtering rule
  zscaler.ziacloud.zia_cloud_firewall_filtering_rule:
    provider: '{{ provider }}'
    state: present
    name: "Ansible_Example_Rule"
    description: "TT#1965232865"
    action: "ALLOW"
    enabled: true
    order: 1
    enable_full_logging: true
    exclude_src_countries: true
    source_countries:
      - BR
      - CA
      - US
    dest_countries:
      - BR
      - CA
      - US
    device_trust_levels:
      - "UNKNOWN_DEVICETRUSTLEVEL"
      - "LOW_TRUST"
      - "MEDIUM_TRUST"
      - "HIGH_TRUST"

Authors

  • William Guilherme (@willguibr)