faz_eventmgmt_config_correlationhandler – Config correlation-handler.

Added in version 1.8.0.

Warning

Starting in version 2.0.0, all variables will be named in the underscore naming convention.

  • Possible variable names before 2.0.0: variable-name, variable name, variable.name

  • Corresponding variable names since 2.0.0: variable_name

FortiAnalyzer Ansible v1.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.

Synopsis

  • This module is able to configure a FortiAnalyzer device.

  • Examples include all parameters and values need to be adjusted to data sources before usage.

  • This module supports check mode and diff mode.

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.16.0

FortiAnalyzer Version Compatibility

Supported Version Ranges: v7.2.2 -> latest

Parameters

  • access_token The token to access FortiAnalyzer without using ansible_username and ansible_password. type: str
  • bypass_validation Only set to True when module schema diffs with FortiAnalyzer API structure, module continues to execute without validating parameters type: bool default: False
  • enable_log Enable/Disable logging for task type: bool default: False
  • forticloud_access_token Access token of forticloud analyzer API users. type: str
  • log_path The path to save log. Used if enable_log is true. Please use absolute path instead of relative path. If the log_path setting is incorrect, the log will be saved in /tmp/fortianalyzer.ansible.logtype: str default: "/tmp/fortianalyzer.ansible.log"
  • proposed_method The overridden method for the underlying Json RPC request type: str choices: set, update, add
  • version_check If set to True, it will check whether the parameters used are supported by the corresponding version of FortiAnazlyer locally based on FNDN data. A warning will be returned in version_check_warning if there is a mismatch. This warning is only a suggestion and may not be accurate. type: bool default: False
  • rc_succeeded The rc codes list with which the conditions to succeed will be overriden type: list
  • rc_failed The rc codes list with which the conditions to fail will be overriden type: list
  • state The directive to create, update or delete an object type: str required: true choices: present, absent
  • adom The parameter in requested url type: str required: true
  • eventmgmt_config_correlationhandler Config correlation-handler. type: dict
    • content_pack_id type: str more...
    • content_pack_uuid type: str more...
    • handler_id type: str more...
    • indicator reference: /alert/correlation-handler/indicator type: list of dict more...
    • name type: str more...
    • rule reference: /alert/correlation-handler/rule type: list of dict more...
    • uuid type: str more...
    • version type: int more...
    • automation_stitch type: raw choices: [0: disable, 1: enable] more...
    • creation_time type: int default: 0 more...
    • data_selector 64 bytes, <br>reference: /eventmgmt/adom/<adom-name>/config/data-selector/selector-id type: str more...
    • description_ 1024 bytes type: str more...
    • enable type: int choices: [0: disable, 1: enable] default: 1 more...
    • enable_time type: int default: 0 more...
    • eventstatus 64 bytes type: str more...
    • eventtype 64 bytes type: str more...
    • extrainfo 256 bytes type: str more...
    • extrainfo_type type: int choices: [0: default, 1: custom] default: 0 more...
    • mitre_info 4096 bytes type: str more...
    • notification 64 bytes, <br>reference /eventmgmt/adom/<adom-name>/config/notification-profile/profile-id type: str more...
    • rule_relation 1024 bytes type: str more...
    • rule_relation_constraint 1024 bytes type: str more...
    • severity type: int choices: [0: critical, 1: high, 2: medium, 3: low] default: 2 more...
    • subject 128 bytes type: str more...
    • tags 128 bytes type: str more...
    • template_url 128 bytes type: str more...
    • update_time type: int default: 0 more...

Notes

Note

  • To create or update an object, use state: present directive.

  • To delete an object, use state: absent directive

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook
  hosts: fortianalyzers
  connection: httpapi
  gather_facts: false
  vars:
    ansible_network_os: fortinet.fortianalyzer.fortianalyzer
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
  tasks:
    - name: Config correlation-handler.
      fortinet.fortianalyzer.faz_eventmgmt_config_correlationhandler:
        # bypass_validation: false
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: present # <value in [present, absent]>
        eventmgmt_config_correlationhandler:
          handler_id: "your value" # Required variable, string
          # content_pack_id: <value of string>
          # content_pack_uuid: <value of string>
          # indicator: <value of dict>
          # name: <value of string>
          # rule: <value of dict>
          # uuid: <value of string>
          # version: <value of integer>
          # automation_stitch: <any type of data>
          # creation_time: <value of integer>
          # data_selector: <value of string>
          # description_: <value of string>
          # enable: <value in [disable, enable]>
          # enable_time: <value of integer>
          # eventstatus: <value of string>
          # eventtype: <value of string>
          # extrainfo: <value of string>
          # extrainfo_type: <value in [default, custom]>
          # mitre_info: <value of string>
          # notification: <value of string>
          # rule_relation: <value of string>
          # rule_relation_constraint: <value of string>
          # severity: <value in [critical, high, medium, ...]>
          # subject: <value of string>
          # tags: <value of string>
          # template_url: <value of string>
          # update_time: <value of integer>

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • meta The result of the request. returned: always type: dict
    • request_url The full url requested. returned: always type: str sample: /sys/login/user
    • response_code The status of api request. returned: always type: int sample: 0
    • response_data The data body of the api response. returned: optional type: list or dict
    • response_message The descriptive message of the api response. returned: always type: str sample: OK
    • system_information The information of the target system. returned: always type: dict
  • rc The status the request. returned: always type: int sample: 0
  • version_check_warning Warning if the parameters used in the playbook are not supported by the current fortianalyzer version. returned: if params are not supported in the current version type: list

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Xinwei Du (@dux-fortinet)

  • Maxx Liu (@MaxxLiu22)

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)