- CheckMates
- :
- Products
- :
- Developers
- :
- Ansible
- :
- Re: threat protection overrides in Ansible
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
threat protection overrides in Ansible
I'm trying to use the override.remove command in Ansible to remove overrides for threat protections in a list.
If I run the following from CLI, it removes the override from the Basic profile:
set threat-protection uid 98969b14-2d75-0141-a880-5d1f5350e815 overrides.remove.1 "Basic"
However, when I try to run it from Ansible I get a message "Unrecognized parameter [overrides.remove.1]"
Here's my config:
uri:
url: "{{ checkpoint_api_root }}/set-threat-protection"
method: POST
headers:
Content-Type: application/json
Accept: application/json
X-chkp-sid: "{{ checkpoint_auth_sid }}"
body: '{"uid": "98969b14-2d75-0141-a880-5d1f5350e815", "overrides.remove.1": "Basic"}'
body_format: json
status_code: 200
Based on this postI tried breaking the command into brackets, but that usually resulted in an invalid JSON message.
I'm fairly new to Ansible and Check Point API, so there may be something obvious I'm missing. Any help is greatly appreciated!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The correct json format of the payload is this:
{
"overrides":{
"remove":[
"Basic"
]
},
"uid":"98969b14-2d75-0141-a880-5d1f5350e815"
}
Can you tell me why you are not using the Check Point collection of modules for ansible to do this?
The latest collection is available here:
https://galaxy.ansible.com/check_point/mgmt
The documentation is available here:
https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/index.html#plugins-in-check-poi...
The module to use for what you want to do is this one:
https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/cp_mgmt_threat_protection_overr...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @Jim_Oqvist ; I ended up finding the same solution in another article prior to seeing your reply, but I appreciate the help.
I don't have an answer as to why we're not using the Check Point modules, but I'll review the links provided.