New in version 2.8.
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | |||
|---|---|---|---|---|---|
| dlp_sensor dictionary | Default: null | Configure DLP sensors. | |||
| comment string | Comment. | ||||
| dlp_log string |
| Enable/disable DLP logging. | |||
| extended_log string |
| Enable/disable extended logging for data leak prevention. | |||
| filter list | Set up DLP filters for this sensor. | ||||
| action string |
| Action to take with content that this DLP sensor matches. | |||
| archive string |
| Enable/disable DLP archiving. | |||
| company_identifier string | Enter a company identifier watermark to match. Only watermarks that your company has placed on the files are matched. | ||||
| expiry string | Quarantine duration in days, hours, minutes format (dddhhmm). | ||||
| file_size integer | Match files this size or larger (0 - 4294967295 kbytes). | ||||
| file_type integer | Select the number of a DLP file pattern table to match. Source dlp.filepattern.id. | ||||
| filter_by string |
| Select the type of content to match. | |||
| fp_sensitivity list | Select a DLP file pattern sensitivity to match. | ||||
| name string / required | Select a DLP sensitivity. Source dlp.fp-sensitivity.name. | ||||
| id integer / required | ID. | ||||
| match_percentage integer | Percentage of fingerprints in the fingerprint databases designated with the selected fp-sensitivity to match. | ||||
| name string | Filter name. | ||||
| proto string |
| Check messages or files over one or more of these protocols. | |||
| regexp string | Enter a regular expression to match (max. 255 characters). | ||||
| severity string |
| Select the severity or threat level that matches this filter. | |||
| type string |
| Select whether to check the content of messages (an email message) or files (downloaded files or email attachments). | |||
| flow_based string |
| Enable/disable flow-based DLP. | |||
| full_archive_proto string |
| Protocols to always content archive. | |||
| nac_quar_log string |
| Enable/disable NAC quarantine logging. | |||
| name string / required | Name of the DLP sensor. | ||||
| options string | Configure DLP options. | ||||
| replacemsg_group string | Replacement message group used by this DLP sensor. Source system.replacemsg-group.name. | ||||
| state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | |||
| summary_proto string |
| Protocols to always log summary. | |||
| host string | FortiOS or FortiGate IP address. | ||||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | |||
| password string | Default: "" | FortiOS or FortiGate password. | |||
| ssl_verify boolean added in 2.9 |
| Ensures FortiGate certificate must be verified by a proper CA. | |||
| state string added in 2.9 |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | |||
| username string | FortiOS or FortiGate username. | ||||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | |||
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure DLP sensors.
fortios_dlp_sensor:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
state: "present"
dlp_sensor:
comment: "Comment."
dlp_log: "enable"
extended_log: "enable"
filter:
-
action: "allow"
archive: "disable"
company_identifier: "myId_9"
expiry: "<your_own_value>"
file_size: "11"
file_type: "12 (source dlp.filepattern.id)"
filter_by: "credit-card"
fp_sensitivity:
-
name: "default_name_15 (source dlp.fp-sensitivity.name)"
id: "16"
match_percentage: "17"
name: "default_name_18"
proto: "smtp"
regexp: "<your_own_value>"
severity: "info"
type: "file"
flow_based: "enable"
full_archive_proto: "smtp"
nac_quar_log: "enable"
name: "default_name_26"
options: "<your_own_value>"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
summary_proto: "smtp"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fortios_dlp_sensor_module.html