Overview

Description

Ansible Security Collection for Trend Micro Deep Security

Readme

TrendMicro DeepSecurity Ansible Collection

The Ansible TrendMicro DeepSecurity collection includes a variety of Ansible content to help automate the management of TrendMicro DeepSecurity Endpoint Security solutions.

Ansible version compatibility

This collection has been tested against following Ansible versions: >=2.15.0.

For collections that support Ansible 2.9, please ensure you update your network_os to use the fully qualified collection name (for example, cisco.ios.ios). Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions. PEP440 is the schema used to describe the versions of Ansible.

Tested with Ansible

This collection has been tested against TrendMicro DeepSecurity with version 12.5.855.

External requirements

Supported connections

The TrendMicro DeepSecurity collection supports httpapi connections.

Included content

Httpapi plugins

Name	Description
trendmicro.deepsec.deepsec	HttpApi Plugin for Trend Micro Deep Security

Modules

Name	Description
trendmicro.deepsec.deepsec_anti_malware	Create a new antimalware under TrendMicro Deep Security Policy
trendmicro.deepsec.deepsec_anti_malwares	Manages AntiMalware Rule resource module
trendmicro.deepsec.deepsec_apikey	Create a new and manage API Keys.
trendmicro.deepsec.deepsec_firewall_rules	Manages Firewall Rule resource module
trendmicro.deepsec.deepsec_firewallrules	Create a new firewall rule.
trendmicro.deepsec.deepsec_hosts_info	Obtain information about one or many Hosts defined by TrendMicro Deep Security
trendmicro.deepsec.deepsec_integrity_monitoring_rules	Manages Integrity Monitoring Rule resource module
trendmicro.deepsec.deepsec_integrity_monitoringrules	Create/Configure Integrity Monitoring Rules.
trendmicro.deepsec.deepsec_intrusion_prevention_rules	Intrusion Prevention Rule resource module.
trendmicro.deepsec.deepsec_intrusion_preventionrules	Create a new intrusion prevention rule.
trendmicro.deepsec.deepsec_log_inspection_rules	Manages Log Inspection Rule resource module
trendmicro.deepsec.deepsec_log_inspectionrules	Create a new log inspection rule.
trendmicro.deepsec.deepsec_syslog	Configure or create a syslog configuration for TrendMicro Deep Security
trendmicro.deepsec.deepsec_system_settings	Modify the system settings for TrendMicro Deep Security.

Installing this collection

You can install the TrendMicro DeepSecurity collection with the Ansible Galaxy CLI:

ansible-galaxy collection install trendmicro.deepsec

You can also include it in a requirements.yml file and install it with ansible-galaxy collection install -r requirements.yml, using the format:

---
collections:
  - name: trendmicro.deepsec

Using TrendMicro DeepSecurity Ansible Collection

An example for using this collection to manage a TM deepsecurity policy resource TM DeepSecurity Polcies is as follows:

inventory.ini (Note the password should be managed by a Vault for a production environment. Trend Micro Deep security currently supports two ways as to how their REST API can be interacted with, and for each of the respective cases, the Ansible inventory will be changed slightly as mentioned below:

In case of the newer REST APIs the Ansible inventory will work with the network OS trendmicro.deepsec.deepsec, a Trend Micro api-secret-key and api-version key:

[deepsec]
host_deepsec.example.com

[deepsec:vars]
ansible_network_os=trendmicro.deepsec.deepsec
ansible_httpapi_use_ssl=true
ansible_httpapi_validate_certs=false
ansible_connection=httpapi
ansible_python_interpreter=/usr/bin/python
ansible_httpapi_session_key={'api-secret-key': 'secret-key', 'api-version': 'v1'}

In case of APIs using the legacy REST APIs, the Ansible inventory will also require the network OS trendmicro.deepsec.deepsec, but uses a username and a password.

[deepsec]
host_deepsec.example.com

[deepsec:vars]
ansible_user=admin
ansible_httpapi_pass=password
ansible_httpapi_use_ssl=true
ansible_httpapi_validate_certs=false
ansible_connection=ansible.netcommon.httpapi
ansible_network_os=trendmicro.deepsec.deepsec
ansible_python_interpreter=python

Using the modules with Fully Qualified Collection Name (FQCN)

You can either call modules by their Fully Qualified Collection Namespace (FQCN), like trendmicro.deepsec.deepsec, or you can call modules by their short name if you list the trendmicro.deepsec collection in the playbook's collections, as follows:

---
- hosts: trendmicro
  gather_facts: false
  connection: httpapi

  collections:
    - trendmicro.deepsec

  tasks:
    - name: Create/Config a new Firewall Rule Config
      trendmicro.deepsec.deepsec_firewallrules:
        state: present
        name: test_firewallrule config
        description: test firewall description
        action: deny
        priority: 0
        source_iptype: any
        destination_iptype: any
        direction: incoming
        protocol: tcp
        tcpflags:
          - syn

Contributing to this collection

We welcome community contributions to this collection. If you find problems, please open an issue or create a PR against the TrendMicro DeepSecurity collection repository. See Contributing to Ansible-maintained collections for complete details.

You can also join us on:

IRC - the #ansible-security irc.libera.chat channel

See the Ansible Community Guide for details on contributing to Ansible.

Code of Conduct

This collection follows the Ansible project's Code of Conduct. Please read and familiarize yourself with this document.

Release notes

Release notes are available here.

Roadmap

More information

Licensing

GNU General Public License v3.0 or later.

See LICENSE to see the full text.

Certification

Product
Red Hat Ansible Automation Platform 2.4

Documentation

Dependencies

This collection requires the following collections for use:

Name	Summary

This collection is used by the following collections:

Name	Summary	Version	Type

deepsec