Table of Contents
Red Hat Ansible introduced Security Automation as a set of Ansible roles and modules dedicated to security teams. Their goal is to provide a faster, more efficient and streamlined way to automate the processes for the identification, triage, and response to security events. This effort targets integrations for automating and orchestrating enterprise security solutions not specifically designed to talk to each other and is more complex and higher-value than the application of a security baseline (PCI, STIG, CIS) to a server.
Roles to use Ansible Security Automation are available via Ansible Galaxy at galaxy.ansible.com/ansible_security. They can be downloaded into a roles/ directory, or referenced via a requirements.yml file.
Currently the following roles are available:
|acl_manager||Ansible role to manage access control lists for many firewall devices|
|ids_config||Intrusion Detection System Configuration Role|
|ids_install||A role to install many different Intrusion Detection Systems, these are defined as "providers" to the Role.|
|ids_rule||Ansible role to manage rules and signatures for Intrusion Detection Systems|
|ids_rule_facts||Intrusion Detection System Rule maintenance|
|log_manager||Role to manage logs in multiple firewall devices|
|splunkenterprisesecurity||Modules for interacting with Splunk Enterprise Security|
Some of the roles mentioned above come with additional modules which are included as part of the role.
Installing Ansible Security Automation Modules
Some modules are are part of the Ansible distribution, but may require a recent version of Ansible. For example, Check Point modules are part of the Ansible distribution starting with version 2.8.
Please install a recent version of Ansible Engine. Please note the compatibility between Ansible Engine and Ansible Tower versions.
The modules listed below are part of the Ansible distribution and are supported as Technical Preview as part of Red Hat Ansible Automation. The effort is based on development of the Ansible Security upstream project. As such the modules are tested as stable but the interface (module inputs) may receive future updates that could be incompatible with the current state. Additional information can be found at Top Support Policies for Red Hat Ansible Automation.
|Module Name [from Ansible devel -- deprecated]||Platform||Description|
|checkpoint_access_layer_facts||Check Point Enterprise Firewalls||Get access layer facts on Check Point over Web Services API|
|checkpoint_access_rule||Check Point Enterprise Firewalls||Manages access rules on Checkpoint over Web Services API|
|checkpoint_access_rule_facts||Check Point Enterprise Firewalls||Get access rules objects facts on Checkpoint over Web Services API|
|checkpoint_host||Check Point Enterprise Firewalls||Manages host objects on Checkpoint over Web Services API|
|checkpoint_host_facts||Check Point Enterprise Firewalls||Get host objects facts on Checkpoint over Web Services API|
|checkpoint_object_facts||Check Point Enterprise Firewalls||Get object facts on Check Point over Web Services API|
|checkpoint_run_script||Check Point Enterprise Firewalls||Run scripts on Checkpoint devices over Web Services API|
|checkpoint_session||Check Point Enterprise Firewalls||Manages session objects on Check Point over Web Services API|
|checkpoint_task_facts||Check Point Enterprise Firewalls||Get task objects facts on Checkpoint over Web Services API|
Further modules are part of the roles mentioned above.