algosec_add_single_application_flow

New in version 0.1.0.

Synopsis

  • Create a new application flow on AlgoSec BusinessFlow.
  • Creation is skipped if the requested flow is a contained in one of the existing flows of the relevant application.

Requirements

Options

parameter required default choices comments
ip_address
 yes
IP address (or hostname) of the AlgoSec server.
user
 yes
Username credentials to use for auth.
password
 yes
Password credentials to use for auth.
certify_ssl
 no False
Set whether or not to validate the AlgoSec server SSL certificate. This flag might be set to False only in testing environments. It is highly unrecommended to set it to False in production environments.
app_name
 yes
BusinessFlow Application to add the flow to.
name
 yes
Name for the flow to be created
sources
 yes
Comma separated list of IPs or ABF network objects of traffic sources for the flow
destinations
 yes
Comma separated list of IPs or ABF network objects of traffic destinations for the flow
services
 yes
Comma separated list of traffic services to allow in the flow. Services can be as defined on AlgoSec BusinessFlow or in a proto/port format (only UDP and TCP are supported as proto. e.g. tcp/50).
users
 no
Comma separated list of users the flow is relevant to.
network_applications
 no
Comma separated list of network application names the flow is relevant to.
comment
 no Flow created by AlgoSecAnsible
Comment to attach to the flow
apply_draft
 no True
Apply the AlgoSec BusinessFlow application draft. Applying the application draft should be done after every batch of flow updates as each draft application may take a few minutes to execute. If you have more than one abf_flow_update module usage in your ansible playbook, it is recommended to set the "apply_draft" to False to all module calls but the last one (that should be True). Make sure that this module is called with "apply_draft" set to True at the last time it is used in an Ansible playbook.