Server IP : 85.214.239.14 / Your IP : 18.219.107.243 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /proc/2/root/usr/lib/python3/dist-packages/ansible_collections/ibm/qradar/plugins/modules/ |
Upload File : |
#!/usr/bin/python # -*- coding: utf-8 -*- # (c) 2019, Adam Miller (admiller@redhat.com) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = """ --- module: rule short_description: Manage state of QRadar Rules, with filter options description: - Manage state of QRadar Rules, with filter options version_added: "1.0.0" deprecated: alternative: qradar_analytics_rules why: Newer and updated modules released with more functionality. removed_at_date: '2024-09-01' options: id: description: - Manage state of a QRadar Rule by ID required: false type: int name: description: - Manage state of a QRadar Rule by name required: false type: str state: description: - Manage state of a QRadar Rule required: True choices: [ "enabled", "disabled", "absent" ] type: str owner: description: - Manage ownership of a QRadar Rule required: false type: str author: Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security> """ # FIXME - provide correct example here RETURN = """ """ EXAMPLES = """ - name: Enable Rule 'Ansible Example DDoS Rule' qradar_rule: name: 'Ansible Example DDOS Rule' state: enabled """ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.six.moves.urllib.parse import quote from ansible_collections.ibm.qradar.plugins.module_utils.qradar import ( QRadarRequest, ) import json def main(): argspec = dict( id=dict(required=False, type="int"), name=dict(required=False, type="str"), state=dict( required=True, choices=["enabled", "disabled", "absent"], type="str", ), owner=dict(required=False, type="str"), ) module = AnsibleModule( argument_spec=argspec, supports_check_mode=True, required_one_of=[("name", "id")], mutually_exclusive=[("name", "id")], ) qradar_request = QRadarRequest( module, not_rest_data_keys=["id", "name", "state", "owner"], ) # if module.params['name']: # # FIXME - QUERY HERE BY NAME NATIVELY VIA REST API (DOESN'T EXIST YET) # found_offense = qradar_request.get('/api/analytics/rules?filter={0}'.format(module.params['name'])) module.params["rule"] = {} if module.params["id"]: code, module.params["rule"] = qradar_request.get( "/api/analytics/rules/{0}".format(module.params["id"]) ) elif module.params["name"]: code, rules = qradar_request.get( "/api/analytics/rules?filter={0}".format( quote('"{0}"'.format(module.params["name"])) ) ) if rules: module.params["rule"] = rules[0] module.params["id"] = rules[0]["id"] if module.params["state"] == "enabled": if module.params["rule"]: if module.params["rule"]["enabled"] is True: # Already enabled if module.params["id"]: module.exit_json( msg="No change needed for rule ID: {0}".format( module.params["id"] ), qradar_return_data={}, changed=False, ) if module.params["name"]: module.exit_json( msg="Successfully enabled rule named: {0}".format( module.params["name"] ), qradar_return_data={}, changed=False, ) else: # Not enabled, enable It module.params["rule"]["enabled"] = True qradar_return_data = qradar_request.post_by_path( "api/analytics/rules/{0}".format( module.params["rule"]["id"] ), data=json.dumps(module.params["rule"]), ) if module.params["id"]: module.exit_json( msg="Successfully enabled rule ID: {0}".format( module.params["id"] ), qradar_return_data=qradar_return_data, changed=True, ) if module.params["name"]: module.exit_json( msg="Successfully enabled rule named: {0}".format( module.params["name"] ), qradar_return_data=qradar_return_data, changed=True, ) else: if module.params["id"]: module.fail_json( msg="Unable to find rule ID: {0}".format( module.params["id"] ) ) if module.params["name"]: module.fail_json( msg='Unable to find rule named: "{0}"'.format( module.params["name"] ) ) elif module.params["state"] == "disabled": if module.params["rule"]: if module.params["rule"]["enabled"] is False: # Already disabled if module.params["id"]: module.exit_json( msg="No change needed for rule ID: {0}".format( module.params["id"] ), qradar_return_data={}, changed=False, ) if module.params["name"]: module.exit_json( msg="Successfully enabled rule named: {0}".format( module.params["name"] ), qradar_return_data={}, changed=False, ) else: # Not disabled, disable It module.params["rule"]["enabled"] = False qradar_return_data = qradar_request.post_by_path( "api/analytics/rules/{0}".format( module.params["rule"]["id"] ), data=json.dumps(module.params["rule"]), ) if module.params["id"]: module.exit_json( msg="Successfully disabled rule ID: {0}".format( module.params["id"] ), qradar_return_data=qradar_return_data, changed=True, ) if module.params["name"]: module.exit_json( msg="Successfully disabled rule named: {0}".format( module.params["name"] ), qradar_return_data=qradar_return_data, changed=True, ) else: if module.params["id"]: module.fail_json( msg="Unable to find rule ID: {0}".format( module.params["id"] ) ) if module.params["name"]: module.fail_json( msg='Unable to find rule named: "{0}"'.format( module.params["name"] ) ) elif module.params["state"] == "absent": if module.params["rule"]: code, qradar_return_data = qradar_request.delete( "/api/analytics/rules/{0}".format(module.params["rule"]["id"]) ) if module.params["id"]: module.exit_json( msg="Successfully deleted rule ID: {0}".format( module.params["id"] ), qradar_return_data=qradar_return_data, changed=True, ) if module.params["name"]: module.exit_json( msg="Successfully deleted rule named: {0}".format( module.params["name"] ), qradar_return_data=qradar_return_data, changed=True, ) else: module.exit_json(msg="Nothing to do, rule not found.") module.exit_json(rules=rules, changed=False) if __name__ == "__main__": main()