cp_mgmt_threat_exception_facts – Get threat-exception objects facts on Check Point over Web Services API

New in version 2.9.

Synopsis

  • Get threat-exception objects facts on Check Point devices.
  • All operations are performed over Web Services API.
  • This module handles both operations, get a specific object and get several objects, For getting a specific object use the parameter ‘name’.

Parameters

Parameter Choices/Defaults Comments
dereference_group_members
boolean
    Choices:
  • no
  • yes
Indicates whether to dereference "members" field by details level for every object in reply.
details_level
string
    Choices:
  • uid
  • standard
  • full
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
exception_group_name
string
The name of the exception-group.
exception_group_uid
string
The UID of the exception-group.
filter
string
Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
filter_settings
dictionary
Sets filter preferences.
packet_search_settings
dictionary
When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
expand_group_members
boolean
    Choices:
  • no
  • yes
When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at least one member of the group.
expand_group_with_exclusion_members
boolean
    Choices:
  • no
  • yes
When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that match at least one member of the "include" part and is not a member of the "except" part.
match_on_any
boolean
    Choices:
  • no
  • yes
Whether to match on 'Any' object.
match_on_group_with_exclusion
boolean
    Choices:
  • no
  • yes
Whether to match on a group-with-exclusion.
match_on_negate
boolean
    Choices:
  • no
  • yes
Whether to match on a negated cell.
search_mode
string
    Choices:
  • general
  • packet
When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
layer
string
Layer that the rule belongs to identified by the name or UID.
limit
integer
No more than that many results will be returned. This parameter is relevant only for getting few objects.
name
string
The name of the layer containing the parent threat rule. This parameter is relevant only for getting few objects.
offset
integer
Skip that many results before beginning to return them. This parameter is relevant only for getting few objects.
order
list
Sorts results by the given field. By default the results are sorted in the ascending order by name. This parameter is relevant only for getting few objects.
ASC
string
    Choices:
  • name
Sorts results by the given field in ascending order.
DESC
string
    Choices:
  • name
Sorts results by the given field in descending order.
package
string
Name of the package.
rule_name
string
The name of the parent rule.
show_membership
boolean
    Choices:
  • no
  • yes
Indicates whether to calculate and show "groups" field for every object in reply.
use_object_dictionary
boolean
    Choices:
  • no
  • yes
N/A
version
string
Version of checkpoint. If not given one, the latest version taken.

Examples

- name: show-threat-exception
  cp_mgmt_threat_exception_facts:
    name: Exception Rule
    layer: New Layer 1
    rule_name: Threat Rule 1

- name: show-threat-rule-exception-rulebase
  cp_mgmt_threat_exception_facts:
    name: Standard Threat Prevention
    rule_name: Threat Rule 1

Status

Authors

  • Or Soffer (@chkp-orso)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.