Ansible Security Community Collection
NOTE: THIS COLLECTION IS UNDER ACTIVE DEVELOPMENT AND SHOULD NOT BE CONSIDERED STABLE AT THIS TIME
This is the Ansible Collection provided by the Ansible Security Automation Team that aims to be the automation glue between disjoint systems and security appliances that have little to no integrations. Security Operators can utilize this Collection to be more productive, adapt to the growing demand of the modern IT landscape, ensure consistency in their IT environments, and respond to security incidents faster.
This Collection is meant for distribution via Ansible Galaxy as is available for all Ansible users to utilize, contribute to, and provide feedback about.
Using Ansible Security Community Collection
An example for using the Ansible Security Community Collection to manage a log source with IBM QRadar is as follows.
inventory.ini
(Note the password should be managed by a Vault for a production environment.
[qradar]
qradar.example.com
[qradar:vars]
ansible_network_os=ansible_security.community.qradar
ansible_user=admin
ansible_httpapi_pass=SuperSekretPassword
ansible_httpapi_use_ssl=yes
ansible_httpapi_validate_certs=yes
ansible_connection=httpapi
Define your collection search path at the Play level
Below we specify our collection at the Play level which allows us to use the
qradar_log_source_management
module without specifying the need for the
Ansible Collection Namespace.
qradar_with_collections_example.yml
---
- name: Testing URI manipulation of QRadar
hosts: qradar
gather_facts: false
collections:
- ansible_security.community
tasks:
- name: collection namespace block
block:
- name: create log source
qradar_log_source_management:
name: "Ansible Collections Example Log Source"
type_name: "Linux OS"
state: present
description: "Ansible Collections Example Log Source Description"
Define your collection search path at the Block level
Below we use the block
level keyword, we are able to use the qradar_log_source_management
module without the need for the Ansible Collection Namespace.
qradar_with_collections_block_example.yml
---
- name: Testing URI manipulation of QRadar
hosts: qradar
gather_facts: false
tasks:
- name: collection namespace block
block:
- name: create log source
qradar_log_source_management:
name: "Ansible Collections Example Log Source"
type_name: "Linux OS"
state: present
description: "Ansible Collections Example Log Source Description"
collections:
- ansible_security.community
Directory Structure
docs/
: local documentation for the collectionlicense.txt
: optional copy of license(s) for this collectiongalaxy.yml
: source data for the MANIFEST.json that will be part of the collection packageplaybooks/
: playbooks reside heretasks/
: this holds 'task list files' forinclude_tasks
/import_tasks
usage
plugins/
: all ansible plugins and modules go here, each in its own subdirmodules/
: ansible moduleslookups/
: lookup pluginsfilters/
: Jinja2 filter plugins- ... rest of plugins
README.md
: information file (this file)roles/
: directory for ansible rolestests/
: tests for the collection's content