diff --git a/specs/objects/profiles/vulnerability.yaml b/specs/objects/profiles/vulnerability.yaml new file mode 100644 index 0000000..ed60c01 --- /dev/null +++ b/specs/objects/profiles/vulnerability.yaml @@ -0,0 +1,665 @@ +name: vulnerability-security-profile +terraform_provider_config: + description: Vulnerability Security Profile + skip_resource: false + skip_datasource: false + resource_type: entry + resource_variants: [] + suffix: vulnerability_security_profile + plural_suffix: '' + plural_name: '' + plural_description: '' +go_sdk_config: + skip: false + package: + - objects + - profiles + - vulnerability +xpath_suffix: +- profiles +- vulnerability +locations: +- name: shared + xpath: + path: + - config + - shared + vars: [] + description: Location in Shared Panorama + devices: + - panorama + - ngfw + validators: [] + required: false + read_only: false +- name: device-group + xpath: + path: + - config + - devices + - $panorama_device + - device-group + - $device_group + vars: + - name: panorama_device + description: Panorama device name + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: device_group + description: Device Group name + required: true + validators: + - type: not-values + spec: + values: + - value: shared + error: The device group name cannot be "shared". Use the "shared" location + instead + type: entry + description: Located in a specific Device Group + devices: + - panorama + validators: [] + required: false + read_only: false +entries: +- name: name + description: '' + validators: [] +imports: [] +spec: + params: + - name: description + type: string + profiles: + - xpath: + - description + validators: + - type: length + spec: + min: 0 + max: 255 + spec: {} + description: '' + required: false + - name: disable-override + type: enum + profiles: + - xpath: + - disable-override + validators: + - type: values + spec: + values: + - 'yes' + - 'no' + spec: + default: 'no' + values: + - value: 'yes' + - value: 'no' + description: disable object override in child device groups + required: false + - name: rules + type: list + profiles: + - xpath: + - rules + - entry + type: entry + validators: [] + spec: + type: object + items: + type: object + spec: + params: + - name: threat-name + type: string + profiles: + - xpath: + - threat-name + validators: [] + spec: + default: any + description: Threat name + required: false + - name: host + type: enum + profiles: + - xpath: + - host + validators: + - type: values + spec: + values: + - any + - client + - server + spec: + default: any + values: + - value: any + - value: client + - value: server + description: '' + required: false + - name: category + type: string + profiles: + - xpath: + - category + validators: [] + spec: + default: any + description: '' + required: false + - name: packet-capture + type: enum + profiles: + - xpath: + - packet-capture + validators: + - type: values + spec: + values: + - disable + - single-packet + - extended-capture + spec: + default: disable + values: + - value: disable + - value: single-packet + - value: extended-capture + description: '' + required: false + - name: cve + type: list + profiles: + - xpath: + - cve + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + - name: vendor-id + type: list + profiles: + - xpath: + - vendor-id + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + - name: severity + type: list + profiles: + - xpath: + - severity + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + - name: action + type: object + profiles: + - xpath: + - action + validators: [] + spec: + params: [] + variants: + - name: default + type: object + profiles: + - xpath: + - default + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: allow + type: object + profiles: + - xpath: + - allow + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: alert + type: object + profiles: + - xpath: + - alert + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: drop + type: object + profiles: + - xpath: + - drop + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: reset-client + type: object + profiles: + - xpath: + - reset-client + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: reset-server + type: object + profiles: + - xpath: + - reset-server + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: reset-both + type: object + profiles: + - xpath: + - reset-both + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: block-ip + type: object + profiles: + - xpath: + - block-ip + validators: [] + spec: + params: + - name: track-by + type: enum + profiles: + - xpath: + - track-by + validators: + - type: values + spec: + values: + - source + - source-and-destination + spec: + values: + - value: source + - value: source-and-destination + description: '' + required: false + - name: duration + type: int64 + profiles: + - xpath: + - duration + validators: + - type: length + spec: + min: 1 + max: 3600 + spec: {} + description: Duration for block ip + required: false + variants: [] + description: '' + required: false + description: '' + required: false + variants: [] + description: '' + required: false + - name: threat-exception + type: list + profiles: + - xpath: + - threat-exception + - entry + type: entry + validators: [] + spec: + type: object + items: + type: object + spec: + params: + - name: packet-capture + type: enum + profiles: + - xpath: + - packet-capture + validators: + - type: values + spec: + values: + - disable + - single-packet + - extended-capture + spec: + default: disable + values: + - value: disable + - value: single-packet + - value: extended-capture + description: '' + required: false + - name: action + type: object + profiles: + - xpath: + - action + validators: [] + spec: + params: [] + variants: + - name: default + type: object + profiles: + - xpath: + - default + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: allow + type: object + profiles: + - xpath: + - allow + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: alert + type: object + profiles: + - xpath: + - alert + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: drop + type: object + profiles: + - xpath: + - drop + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: reset-client + type: object + profiles: + - xpath: + - reset-client + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: reset-server + type: object + profiles: + - xpath: + - reset-server + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: reset-both + type: object + profiles: + - xpath: + - reset-both + validators: [] + spec: + params: [] + variants: [] + description: '' + required: false + - name: block-ip + type: object + profiles: + - xpath: + - block-ip + validators: [] + spec: + params: + - name: track-by + type: enum + profiles: + - xpath: + - track-by + validators: + - type: values + spec: + values: + - source + - source-and-destination + spec: + values: + - value: source + - value: source-and-destination + description: '' + required: false + - name: duration + type: int64 + profiles: + - xpath: + - duration + validators: + - type: length + spec: + min: 1 + max: 3600 + spec: {} + description: Duration for block ip + required: false + variants: [] + description: '' + required: false + description: '' + required: false + - name: time-attribute + type: object + profiles: + - xpath: + - time-attribute + validators: [] + spec: + params: + - name: interval + type: int64 + profiles: + - xpath: + - interval + validators: + - type: length + spec: + min: 1 + max: 3600 + spec: {} + description: '' + required: false + - name: threshold + type: int64 + profiles: + - xpath: + - threshold + validators: + - type: length + spec: + min: 1 + max: 65535 + spec: {} + description: '' + required: false + - name: track-by + type: enum + profiles: + - xpath: + - track-by + validators: + - type: values + spec: + values: + - source + - destination + - source-and-destination + spec: + values: + - value: source + - value: destination + - value: source-and-destination + description: '' + required: false + variants: [] + description: '' + required: false + - name: exempt-ip + type: list + profiles: + - xpath: + - exempt-ip + - entry + type: entry + validators: [] + spec: + type: object + items: + type: object + spec: + params: [] + variants: [] + description: '' + required: false + variants: [] + description: '' + required: false + - name: cloud-inline-analysis + type: bool + profiles: + - xpath: + - cloud-inline-analysis + validators: [] + spec: {} + description: Enable cloud inline analysis + required: false + - name: inline-exception-edl-url + type: list + profiles: + - xpath: + - inline-exception-edl-url + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + - name: inline-exception-ip-address + type: list + profiles: + - xpath: + - inline-exception-ip-address + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + - name: mica-engine-vulnerability-enabled + type: list + profiles: + - xpath: + - mica-engine-vulnerability-enabled + - entry + type: entry + validators: [] + spec: + type: object + items: + type: object + spec: + params: + - name: inline-policy-action + type: enum + profiles: + - xpath: + - inline-policy-action + validators: + - type: values + spec: + values: + - alert + - allow + - reset-both + - reset-client + - reset-server + spec: + default: alert + values: + - value: alert + - value: allow + - value: reset-both + - value: reset-client + - value: reset-server + description: '' + required: false + variants: [] + description: '' + required: false + variants: []