This is the Ansible Collection provided by the Ansible Security Automation Team for automating actions in Symantec Endpoint Protection Manager.
This Collection is meant for distribution via Ansible Galaxy as is available for all Ansible users to utilize, contribute to, and provide feedback about.
An example for using this collection to manage Symantec Endpoint Protection Manager is as follows.
inventory.ini (Note the password should be managed by a Vault for a production environment.
[epm]
epm.example.com
[epm:vars]
ansible_connection=httpapi
ansible_network_os=symantec.epm.epm
ansible_user=Admin
ansible_httpapi_pass=SuperSekretPassword
ansible_httpapi_port=8446
ansible_httpapi_use_ssl=yes
ansible_httpapi_validate_certs=yes
Alternatively this can be done with an authentication token. (FIXME - TODO)
inventory.ini (Note the password should be managed by a Vault for a production environment.
[epm]
epm.example.com
[epm:vars]
ansible_network_os=symantec.epm.epm
ansible_user=admin
ansible_httpapi_pass=SuperSekretPassword
ansible_httpapi_use_ssl=yes
ansible_httpapi_validate_certs=yes
ansible_connection=httpapi
With Ansible Collections there are various ways to utilize them either by calling specific Content from the Collection, such as a module, by it's Fully Qualified Collection Name (FQCN) as we'll show in this example or by defining a Collection Search Path as the examples below will display. Note that this is the recommended method.
epm_with_collections_example.yml
---
- name: Start baseline scan and quarantine old versions of Windows
hosts: epm
tasks:
- name: get computers
symantec.epm.computers_info:
register: computers_info_out
- name: start a baseline scan
symantec.epm.baseline:
computers: "{{ computers_info_out['id_list'] }}"
- name: get all computers still running Windows XP or Windows 7
symantec.epm.computers_info:
os:
- "Win7"
- "WinXP"
register: legacy_windows_computer_info_out
- name: quarantine all legacy EOL versions of Windows
symantec.epm.quarantine_endpoints:
computers: "{{ legacy_windows_computer_info_out['id_list'] }}"
when: legacy_windows_computer_info_out['id_list']|length > 0
Below we specify our collection at the
Play
level which allows us to use the symantec.epm modules without
the need for the FQCN for each task.
epm_with_collections_example.yml
---
- name: Start baseline scan and quarantine old versions of Windows
hosts: epm
collections: symantec.epm
tasks:
- name: get computers
computers_info:
register: computers_info_out
- name: start a baseline scan
baseline:
computers: "{{ computers_info_out['id_list'] }}"
- name: get all computers still running Windows XP or Windows 7
computers_info:
os:
- "Win7"
- "WinXP"
register: legacy_windows_computer_info_out
- name: quarantine all legacy EOL versions of Windows
quarantine_endpoints:
computers: "{{ legacy_windows_computer_info_out['id_list'] }}"
when: legacy_windows_computer_info_out['id_list']|length > 0
Another option for Collection use is below. Here we use the
block
level keyword instead of Play
level as with the previous example. In this scenario we are able to use the
symantec.epm modules without the need for the FQCN for each
task but with an optionally more specific scope of Collection Search Path than
specifying at the Play level.
epm_with_collections_block_example.yml
- name: Start baseline scan and quarantine old versions of Windows
hosts: epm
tasks:
- name: run collection scope in a block
collections:
- symantec.epm
block:
- name: get computers
computers_info:
register: computers_info_out
- name: start a baseline scan
baseline:
computers: "{{ computers_info_out['id_list'] }}"
- name: get all computers still running Windows XP or Windows 7
computers_info:
os:
- "Win7"
- "WinXP"
register: legacy_windows_computer_info_out
- name: quarantine all legacy EOL versions of Windows
quarantine_endpoints:
computers: "{{ legacy_windows_computer_info_out['id_list'] }}"
when: legacy_windows_computer_info_out['id_list']|length > 0