zscaler.ziacloud.zia_sandbox_submission module – Submits a file to the ZIA Advanced Cloud Sandbox for analysis.

Note

This module is part of the zscaler.ziacloud collection (version 1.3.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_sandbox_submission.

New in zscaler.ziacloud 1.0.0

Synopsis

  • Submits a file to the ZIA Advanced Cloud Sandbox for analysis.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

api_key

string

A string that contains the obfuscated API key.

cloud

string

The Zscaler cloud name was provisioned for your organization.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

file_path

string / required

Path to the file that will be submitted for sandbox analysis.

force

boolean

Force ZIA to analyse the file even if it has been submitted previously.

Choices:

  • false

  • true

inspection_mode

string

Sandbox option submits raw or archive files e.g., ZIP to Sandbox for analysis.

You can submit up to 100 files per day and it supports all file types that are currently supported by Sandbox.

Out Of Band option Submits raw or archive files e.g., ZIP to the Zscaler service for out-of-band file inspection.

Generate real-time verdicts for known and unknown files.

Choices:

  • "sandbox" ← (default)

  • "out_of_band"

password

string

A string that contains the password for the API admin.

provider

dictionary

A dict object containing connection details. This is optional; credentials can also be provided directly at the top level.

api_key

string

A string that contains the obfuscated API key.

cloud

string

The Zscaler cloud name was provisioned for your organization.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

password

string

A string that contains the password for the API admin.

sandbox_token

string

A string that contains the Sandbox API Key.

username

string

A string that contains the email ID of the API admin.

sandbox_token

string

A string that contains the Sandbox API Key.

username

string

A string that contains the email ID of the API admin.

Examples

- name: Submit a file for analysis.
  zscaler.ziacloud.zia_sandbox_submission:
    provider: '{{ provider }}'
    file_path: "/path/to/malware.exe"
    force: true
    inspection_mode: sandbox

- name: Submit a file for analysis.
  zscaler.ziacloud.zia_sandbox_submission:
    provider: '{{ provider }}'
    file_path: "/path/to/malware.exe"
    inspection_mode: out_of_band

Authors

  • William Guilherme (@willguibr)