addIntrusionPolicy
The addIntrusionPolicy operation handles configuration related to IntrusionPolicy model.
Description
This API call is not allowed on the standby unit in an HA pair.
This API is only supported for Snort 3. This will allow the creation of a custom Intrusion Policy in Snort 3 mode
Data Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| name | True | string | A mandatory Unicode alphanumeric string containing the name of the policy, from 1 to 65 characters. The string cannot include HTML tags. | |||
| description | False | string | A mandatory Unicode alphanumeric string containing the name of the group policy, from 1 to 65 characters. The string cannot include HTML tags. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| basePolicy | False | object | In snort 3, a mandatory field for user created policy referring to a system defined policy; for system defined policies it will be null. In snort 2, this field is not used and is set to null. Allowed types are: [IntrusionPolicy] |
|||
| rules | False | object | A reference link is provided here to fetch the IntrusionRule(s) separately. | |||
| ruleGroups | False | object | A reference link is provided here to fetch the IntrusionRuleGroup(s) separately. | |||
| inspectionMode | False | string | A enum value (DETECTION or PREVENTION(default)) that controls IPS inspection mode. In DETECTION mode, rules set to DROP are configured to ALERT result in alerts only. In PREVENTION mode, they apply as configured. | |||
| isSystemDefined | False | boolean | A boolean value that indicates if the current policy is system defined or not | |||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||
Example
- name: Execute 'addIntrusionPolicy' operation
ftd_configuration:
operation: "addIntrusionPolicy"
data:
name: "{{ name }}"
description: "{{ description }}"
basePolicy: "{{ base_policy }}"
rules: "{{ rules }}"
ruleGroups: "{{ rule_groups }}"
inspectionMode: "{{ inspection_mode }}"
isSystemDefined: "{{ is_system_defined }}"
type: "{{ type }}"