Share
## https://sploitus.com/exploit?id=9C340D70-7A8F-59F1-A0A3-74FF1636E1C8
# Ansible Collection: stevefulme1.cisco_hypershield

Ansible Collection for Cisco Hypershield distributed security platform. Provides comprehensive automation for Tesseract agent management, microsegmentation policy, exploit protection, DPU security offload, observability, compliance reporting, and Event-Driven Ansible integration.

## Requirements

- **ansible-core** >= 2.16.0
- **Python** >= 3.10
- **Cisco Hypershield** deployment with API access to Security Cloud Control

## Installation

```bash
ansible-galaxy collection install stevefulme1.cisco_hypershield
```

Or from source:

```bash
ansible-galaxy collection install git+https://github.com/stevefulme1/cisco-hypershield.git
```

## Authentication

All modules require connection to the Hypershield Security Cloud Control API:

```yaml
- name: Example with auth parameters
  stevefulme1.cisco_hypershield.hypershield_agent_info:
    api_url: "https://hypershield.example.com/api/v1"
    api_key: "{{ vault_hypershield_api_key }}"
```

Or set environment variables:

```bash
export HYPERSHIELD_API_URL="https://hypershield.example.com/api/v1"
export HYPERSHIELD_API_KEY="your-api-key"
```

## Modules

### Agent Management

| Module | Description |
|--------|-------------|
| `hypershield_agent` | Deploy, configure, and manage Tesseract Security Agent |
| `hypershield_agent_info` | Query agent status, version, and health across fleet |
| `hypershield_agent_upgrade` | Orchestrate agent upgrades with confidence scoring |
| `hypershield_agent_group` | Manage agent groups for policy targeting |
| `hypershield_agent_group_info` | Query agent group membership and configuration |
| `hypershield_agent_label` | Manage labels and tags on agents |
| `hypershield_agent_health_check` | Run health checks and return diagnostics |
| `hypershield_agent_registration` | Register or deregister agents with management plane |
| `hypershield_dpu_config` | Configure NVIDIA BlueField DPU security offload |
| `hypershield_dpu_info` | Query DPU status, firmware, and offload configuration |

### Policy Management

| Module | Description |
|--------|-------------|
| `hypershield_microsegmentation_policy` | CRUD for microsegmentation policies |
| `hypershield_microsegmentation_policy_info` | Query microsegmentation policy state |
| `hypershield_zone_policy` | Manage zone-based firewall policies |
| `hypershield_zone_policy_info` | Query zone policies and membership |
| `hypershield_exploit_protection` | Configure distributed exploit protection rules |
| `hypershield_exploit_protection_info` | Query exploit protection coverage |
| `hypershield_policy_recommendation` | Retrieve AI-recommended policies |
| `hypershield_policy_recommendation_info` | Query recommendation history |
| `hypershield_network_rule` | Manage L3/L4 network access rules |
| `hypershield_network_rule_info` | Query network rules |

### Update Management

| Module | Description |
|--------|-------------|
| `hypershield_update` | Manage self-qualifying security updates |
| `hypershield_update_info` | Query update campaign status and history |
| `hypershield_dual_dataplane` | Configure shadow dataplane for update testing |
| `hypershield_update_confidence` | Query deployment confidence scores |
| `hypershield_update_promote` | Promote updates from shadow to production |

### Observability & Day-2 Operations

| Module | Description |
|--------|-------------|
| `hypershield_telemetry` | Configure telemetry collection and export |
| `hypershield_telemetry_info` | Query telemetry pipeline status |
| `hypershield_splunk_integration` | Set up Splunk telemetry correlation |
| `hypershield_threat_info` | Query detected threats and security events |
| `hypershield_compliance_report` | Generate compliance reports (CIS, NIST, PCI-DSS) |
| `hypershield_backup` | Backup and restore configuration |
| `hypershield_audit_log_info` | Query audit logs for config changes |

## Roles

| Role | Description |
|------|-------------|
| `deploy_agent` | End-to-end Tesseract agent deployment across fleet |
| `dpu_setup` | NVIDIA BlueField DPU security configuration |
| `baseline_policy` | Apply baseline microsegmentation and zone policies |
| `upgrade` | Orchestrated agent upgrade via dual-dataplane |
| `observability` | Complete telemetry and monitoring setup |

## Plugins

### EDA Event Sources

| Plugin | Description |
|--------|-------------|
| `hypershield_events` | Stream Hypershield security events for Event-Driven Ansible |

### EDA Event Filters

| Plugin | Description |
|--------|-------------|
| `severity_filter` | Filter events by severity threshold |

### Filter Plugins

| Plugin | Description |
|--------|-------------|
| `parse_cve` | Parse CVE identifiers from exploit protection data |
| `policy_diff` | Compare two policy states and return differences |

### Inventory Plugins

| Plugin | Description |
|--------|-------------|
| `hypershield_inventory` | Dynamic inventory from Hypershield agent fleet |

## Event-Driven Ansible Integration

The collection includes EDA event sources for real-time security response:

```yaml
- name: Respond to critical threats
  hosts: localhost
  sources:
    - stevefulme1.cisco_hypershield.hypershield_events:
        api_url: "{{ hypershield_api_url }}"
        api_key: "{{ hypershield_api_key }}"
        severity_filter: critical
  rules:
    - name: Auto-shield critical CVEs
      condition: event.threat.severity == "critical"
      action:
        run_playbook:
          name: remediate_threat.yml
```

## Examples

### Deploy agents across a datacenter

```yaml
- name: Deploy Hypershield agents
  hosts: datacenter
  roles:
    - role: stevefulme1.cisco_hypershield.deploy_agent
      vars:
        hypershield_api_url: "{{ vault_api_url }}"
        hypershield_api_key: "{{ vault_api_key }}"
        agent_enforcement_mode: observe
```

### Apply microsegmentation policy

```yaml
- name: Apply zero-trust microsegmentation
  stevefulme1.cisco_hypershield.hypershield_microsegmentation_policy:
    api_url: "{{ hypershield_api_url }}"
    api_key: "{{ hypershield_api_key }}"
    name: "web-tier-isolation"
    description: "Isolate web tier from database tier"
    rules:
      - action: allow
        source_zone: web
        destination_zone: app
        protocols: [tcp]
        ports: [8080, 8443]
      - action: deny
        source_zone: web
        destination_zone: database
    enforcement_mode: enforce
    state: present
```

### Emergency CVE shielding

```yaml
- name: Deploy exploit protection for critical CVE
  stevefulme1.cisco_hypershield.hypershield_exploit_protection:
    api_url: "{{ hypershield_api_url }}"
    api_key: "{{ hypershield_api_key }}"
    cve_id: "CVE-2024-21762"
    action: block
    scope: all_agents
    state: present
```

## License

GPL-3.0-or-later

## Author

Steve Fulmer (sfulmer@redhat.com)