Examples¶
algosec_define_application_flows¶
Match the application flows of an AlgoSec BusinessFlow application to a requested configuration
---
- name: Update application flows of an AlgoSec BusinessFlow application
hosts: algosec-server
gather_facts: False
roles:
- role: algosec.algosec
tasks:
- name: Grab AlgoSec credentials from ansible-vault
include_vars: 'algosec-secrets.yml'
no_log: 'yes'
- name: Set App flows on ABF using JSON configuration loaded from file
# We use delegation to use the local python interpreter (and virtualenv if enabled)
delegate_to: localhost
vars:
flows_data: "{{ lookup('file','vars/application-flows.json')|from_json }}"
algosec_define_application_flows:
ip_address: "{{ ip_address }}"
user: "{{ username }}"
password: "{{ password }}"
app_name: "{{ item.app_name}}"
app_flows: "{{item.app_flows}}"
with_items: "{{ flows_data.applications }}"
Example For Application Flows JSON File¶
{
"applications": [
{
"app_name": "TEST",
"app_flows": {
"flow1": {
"sources": ["HR Payroll server", "192.168.0.0/16"],
"destinations": ["16.47.71.62"],
"services": ["HTTPS"]
},
"flow2": {
"sources": ["10.0.0.1"],
"destinations": ["10.0.0.2"],
"services": ["udp/501"]
},
"flow3": {
"sources": ["1.2.3.4"],
"destinations": ["3.4.5.6"],
"services": ["SSH"]
}
}
},
{
"app_name": "ANOTHER-APP",
"app_flows": {
"new-flow": {
"sources": ["1.2.3.4"],
"destinations": ["3.4.5.6"],
"services": ["SSH"]
}
}
}
]
}
algosec_add_single_application_flow¶
Create new Application Flows on AlgoSec BusinessFlow
---
- name: Create a flow on an AlsogsecBusinessFlow App
hosts: algosec-server
gather_facts: False
roles:
- role: algosec.algosec
tasks:
- name: Grab the credentials from ansible-vault
include_vars: 'algosec-secrets.yml'
no_log: 'yes'
- name: Create the flow on ABF
# We use delegation to use the local python interpreter (and virtualenv if enabled)
delegate_to: localhost
algosec_add_single_application_flow:
ip_address: "{{ ip_address }}"
user: "{{ username }}"
password: "{{ password }}"
app_name: Payroll
name: payroll-server-auth
sources: ["192.168.12.12"]
destinations: ["16.47.71.62", "16.47.71.63"]
services: ["HTTPS", "tcp/23"]
algosec_provision_network_connectivity¶
Check and create traffic change requests with AlgoSec FireFlow.
---
- name: Create Traffic Change Request if needed
hosts: algosec-server
gather_facts: False
roles:
- role: algosec.algosec
tasks:
- name: Grab the credentials from ansible-vault
include_vars: 'algosec-secrets.yml'
no_log: 'yes'
- name: Create Traffic Change Request
# We use delegation to use the local python interpreter (and virtualenv if enabled)
delegate_to: localhost
algosec_provision_network_connectivity:
ip_address: "{{ ip_address }}"
user: "{{ username }}"
password: "{{ password }}"
requestor: Almog Cohen
email: almog@email.com
traffic_lines:
# This is an 'allow' traffic line
- action: true
sources: ["192.168.12.12", "123.123.132.123"]
destinations: ["16.47.71.62", "234.234.234.234"]
services: ["HTTPS", "http", "tcp/80", "tcp/51"]
# This is a drop traffic line
- action: false
sources: ["10.0.0.1"]
destinations: ["10.0.1.0"]
services: ["HTTPS"]
register: result
- name: Print the test results
debug: var=result