zscaler.ziacloud.zia_sandbox_submission module – Submits a file to the ZIA Advanced Cloud Sandbox for analysis.

Note

This module is part of the zscaler.ziacloud collection (version 2.0.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_sandbox_submission.

New in zscaler.ziacloud 1.0.0

Synopsis

  • Submits a file to the ZIA Advanced Cloud Sandbox for analysis.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

api_key

string

A string that contains the obfuscated API key.

client_id

string

The client ID for OAuth2 authentication.

client_secret

string

The client secret for OAuth2 authentication.

cloud

string

The Zscaler cloud name provisioned for your organization.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

file_path

string / required

Path to the file that will be submitted for sandbox analysis.

force

boolean

Force ZIA to analyse the file even if it has been submitted previously.

Choices:

  • false

  • true

inspection_mode

string

Sandbox option submits raw or archive files e.g., ZIP to Sandbox for analysis.

You can submit up to 100 files per day and it supports all file types that are currently supported by Sandbox.

Out Of Band option Submits raw or archive files e.g., ZIP to the Zscaler service for out-of-band file inspection.

Generate real-time verdicts for known and unknown files.

Choices:

  • "sandbox" ← (default)

  • "out_of_band"

password

string

A string that contains the password for the API admin.

private_key

string

The private key for JWT-based OAuth2 authentication.

provider

dictionary

A dict containing authentication credentials.

api_key

string

Obfuscated API key.

client_id

string

OAuth2 client ID.

client_secret

string

OAuth2 client secret.

cloud

string

Zscaler cloud name.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

password

string

Password for the API admin.

private_key

string

Private key for OAuth2 JWT.

sandbox_cloud

string

Sandbox Cloud environment.

sandbox_token

string

Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

Email ID of the API admin.

vanity_domain

string

Vanity domain for OAuth2.

sandbox_cloud

string

The Sandbox cloud environment for API access.

sandbox_token

string

A string that contains the Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

A string that contains the email ID of the API admin.

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Examples

- name: Submit a file for analysis.
  zscaler.ziacloud.zia_sandbox_submission:
    provider: '{{ provider }}'
    file_path: "/path/to/malware.exe"
    force: true
    inspection_mode: sandbox

- name: Submit a file for analysis.
  zscaler.ziacloud.zia_sandbox_submission:
    provider: '{{ provider }}'
    file_path: "/path/to/malware.exe"
    inspection_mode: out_of_band

Authors

  • William Guilherme (@willguibr)