Note
This plugin is part of the cisco.meraki collection (version 2.5.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install cisco.meraki.
To use it in a playbook, specify: cisco.meraki.meraki_mx_intrusion_prevention.
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| allowed_rules list / elements=dictionary | List of IDs related to rules which are allowed for the organization. | ||
| rule_id string | ID of rule as defined by Snort. | ||
| rule_message string added in 2.3.0 of cisco.meraki | Description of rule. This is overwritten by the API. Formerly message which was deprecated but still maintained as an alias.aliases: message | ||
| auth_key string / required | Authentication key provided by the dashboard. Required if environmental variable MERAKI_KEY is not set. | ||
| host string | Default: "api.meraki.com" | Hostname for Meraki dashboard. Can be used to access regional Meraki environments, such as China. | |
| ids_rulesets string |
| Ruleset complexity setting. | |
| internal_error_retry_time integer | Default: 60 | Number of seconds to retry if server returns an internal server error. | |
| mode string |
| Operational mode of Intrusion Prevention system. | |
| net_id string | ID number of a network. | ||
| net_name string | Name of a network. aliases: name, network | ||
| org_id string | ID of organization. | ||
| org_name string | Name of organization. aliases: organization | ||
| output_format string |
| Instructs module whether response keys should be snake case (ex. net_id) or camel case (ex. netId). | |
| output_level string |
| Set amount of debug output during module execution. | |
| protected_networks dictionary | Set included/excluded networks for Intrusion Prevention. | ||
| excluded_cidr list / elements=string | List of network IP ranges to exclude from scanning. | ||
| included_cidr list / elements=string | List of network IP ranges to include in scanning. | ||
| use_default boolean |
| Whether to use special IPv4 addresses per RFC 5735. | |
| rate_limit_retry_time integer | Default: 165 | Number of seconds to retry if rate limiter is triggered. | |
| state string |
| Create or modify an organization. | |
| timeout integer | Default: 30 | Time to timeout for HTTP requests. | |
| use_https boolean |
| If no, it will use HTTP. Otherwise it will use HTTPS.Only useful for internal Meraki developers. | |
| use_proxy boolean |
| If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts. | |
| validate_certs boolean |
| Whether to validate HTTP certificates. | |
Note
ANSIBLE_MERAKI_FORMAT environment variable to camelcase.- name: Set whitelist for organization
meraki_intrusion_prevention:
auth_key: '{{auth_key}}'
state: present
org_id: '{{test_org_id}}'
allowed_rules:
- rule_id: "meraki:intrusion/snort/GID/01/SID/5805"
rule_message: Test rule
delegate_to: localhost
- name: Query IPS info for organization
meraki_intrusion_prevention:
auth_key: '{{auth_key}}'
state: query
org_name: '{{test_org_name}}'
delegate_to: localhost
register: query_org
- name: Set full ruleset with check mode
meraki_intrusion_prevention:
auth_key: '{{auth_key}}'
state: present
org_name: '{{test_org_name}}'
net_name: '{{test_net_name}} - IPS'
mode: prevention
ids_rulesets: security
protected_networks:
use_default: true
included_cidr:
- 192.0.1.0/24
excluded_cidr:
- 10.0.1.0/24
delegate_to: localhost
- name: Clear rules from organization
meraki_intrusion_prevention:
auth_key: '{{auth_key}}'
state: absent
org_name: '{{test_org_name}}'
allowed_rules: []
delegate_to: localhost
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | ||
|---|---|---|---|---|
| data complex | success | Information about the Threat Protection settings. | ||
| idsRulesets string | success, when network is queried or modified | Setting of selected ruleset. Sample: balanced | ||
| mode string | success, when network is queried or modified | Enabled setting of intrusion prevention. Sample: enabled | ||
| protectedNetworks complex | success, when network is queried or modified | Networks protected by IPS. | ||
| excludedCidr string | success, when network is queried or modified | List of CIDR notiation networks to exclude from protection. Sample: 192.0.1.0/24 | ||
| includedCidr string | success, when network is queried or modified | List of CIDR notiation networks to protect. Sample: 192.0.1.0/24 | ||
| useDefault boolean | success, when network is queried or modified | Whether to use special IPv4 addresses. Sample: True | ||
| whitelistedRules complex | success, when organization is queried or modified | List of whitelisted IPS rules. | ||
| rule_message string | success, when organization is queried or modified | Description of rule. Sample: MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines | ||
| ruleId string | success, when organization is queried or modified | A rule identifier for an IPS rule. Sample: meraki:intrusion/snort/GID/01/SID/5805 | ||
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/cisco/meraki/meraki_mx_intrusion_prevention_module.html