/
FPSetRule.yml
36 lines (36 loc) · 1.23 KB
/
FPSetRule.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
commonfields:
id: FPSetRule
version: -1
name: FPSetRule
script: ''
type: python
subtype: python3
tags:
- forcepoint
- triton
comment: Adds (or updates existing) rule in Forcepoint Triton. Preserves order of rules and modifies policy in-place if a rule exists with the exact type and value.
system: true
args:
- name: policy
required: true
default: true
description: Policy/action assigned to the rule - "allow" or "deny" only.
- name: type
required: true
description: The Triton rule type - "dest_domain", "dest_ip", "dest_host" or "url_regex"
- name: value
required: true
description: The value to match for this rule (domain, regex, etc. depending on the type)
- name: remoteaccessname
description: If the Forcepoint Triton instance is configured as a RemoteAccess integration instance ‐ insert its name here. Replaces argument "tritonsystem".
- name: tritonsystem
description: System name of the linux host on which Forcepoint Triton is installed. Only use if not working with Triton as a RemoteAccess integration instance ‐ if so, use the "remoteaccessname" argument instead.
scripttarget: 0
dependson:
must:
- ssh
timeout: 0s
fromversion: 5.0.0
dockerimage: demisto/python3:3.10.12.63474
tests:
- No tests (auto formatted)