| Parameter | Choices/Defaults | Comments | 
                
                                                            | activate_protections_by_extended_attributes 
                    list
                                                                 |  | Activate protections by these extended attributes. | 
                                                        
                                                |  | category 
                    string
                                                                 |  | IPS tag category name. | 
                            
                                                |  | name 
                    string
                                                                 |  | IPS tag name. | 
                                            
                                                            | active_protections_performance_impact 
                    string
                                                                 | Choices:
                                                                                                                                                            highmediumlowvery_low | Protections with this performance impact only will be activated in the profile. | 
                            
                                                            | active_protections_severity 
                    string
                                                                 | Choices:
                                                                                                                                                            CriticalHighMedium or aboveLow or above | Protections with this severity only will be activated in the profile. | 
                            
                                                            | anti_bot 
                    boolean
                                                                 |  | Is Anti-Bot blade activated. | 
                            
                                                            | anti_virus 
                    boolean
                                                                 |  | Is Anti-Virus blade activated. | 
                            
                                                            | auto_publish_session 
                    boolean
                                                                 |  | Publish the current session if changes have been performed after task completes. | 
                            
                                                            | color 
                    string
                                                                 | Choices:
                                                                                                                                                            aquamarineblackbluecrete blueburlywoodcyandark greenkhakiorchiddark orangedark sea greenpinkturquoisedark bluefirebrickbrownforest greengolddark goldgraydark graylight greenlemon chiffoncoralsea greensky bluemagentapurpleslate blueviolet rednavy blueoliveorangeredsiennayellow | Color of the object. Should be one of existing colors. | 
                            
                                                            | comments 
                    string
                                                                 |  | Comments string. | 
                            
                                                            | confidence_level_high 
                    string
                                                                 | Choices:
                                                                                                                                                            InactiveAskPreventDetect | Action for protections with high confidence level. | 
                            
                                                            | confidence_level_low 
                    string
                                                                 | Choices:
                                                                                                                                                            InactiveAskPreventDetect | Action for protections with low confidence level. | 
                            
                                                            | confidence_level_medium 
                    string
                                                                 | Choices:
                                                                                                                                                            InactiveAskPreventDetect | Action for protections with medium confidence level. | 
                            
                                                            | deactivate_protections_by_extended_attributes 
                    list
                                                                 |  | Deactivate protections by these extended attributes. | 
                                                        
                                                |  | category 
                    string
                                                                 |  | IPS tag category name. | 
                            
                                                |  | name 
                    string
                                                                 |  | IPS tag name. | 
                                            
                                                            | details_level 
                    string
                                                                 | Choices:
                                                                                                                                                            uidstandardfull | The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. | 
                            
                                                            | ignore_errors 
                    boolean
                                                                 |  | Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. | 
                            
                                                            | ignore_warnings 
                    boolean
                                                                 |  | Apply changes ignoring warnings. | 
                            
                                                            | indicator_overrides 
                    list
                                                                 |  | Indicators whose action will be overridden in this profile. | 
                                                        
                                                |  | action 
                    string
                                                                 | Choices:
                                                                                                                                                            InactiveAskPreventDetect | The indicator's action in this profile. | 
                            
                                                |  | indicator 
                    string
                                                                 |  | The indicator whose action is to be overridden. | 
                                            
                                                            | ips 
                    boolean
                                                                 |  | Is IPS blade activated. | 
                            
                                                            | ips_settings 
                    dictionary
                                                                 |  | IPS blade settings. | 
                                                        
                                                |  | exclude_protection_with_performance_impact 
                    boolean
                                                                 |  | Whether to exclude protections depending on their level of performance impact. | 
                            
                                                |  | exclude_protection_with_performance_impact_mode 
                    string
                                                                 | Choices:
                                                                                                                                                            very lowlow or lowermedium or lowerhigh or lower | Exclude protections with this level of performance impact. | 
                            
                                                |  | exclude_protection_with_severity 
                    boolean
                                                                 |  | Whether to exclude protections depending on their level of severity. | 
                            
                                                |  | exclude_protection_with_severity_mode 
                    string
                                                                 | Choices:
                                                                                                                                                            low or abovemedium or abovehigh or abovecritical | Exclude protections with this level of severity. | 
                            
                                                |  | newly_updated_protections 
                    string
                                                                 | Choices:
                                                                                                                                                            activeinactivestaging | Activation of newly updated protections. | 
                                            
                                                            | malicious_mail_policy_settings 
                    dictionary
                                                                 |  | Malicious Mail Policy for MTA Gateways. | 
                                                        
                                                |  | add_customized_text_to_email_body 
                    boolean
                                                                 |  | Add customized text to the malicious email body. | 
                            
                                                |  | add_email_subject_prefix 
                    boolean
                                                                 |  | Add a prefix to the malicious email subject. | 
                            
                                                |  | add_x_header_to_email 
                    boolean
                                                                 |  | Add an X-Header to the malicious email. | 
                            
                                                |  | email_action 
                    string
                                                                 |  | Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and links, add x-header, etc...). | 
                            
                                                |  | email_body_customized_text 
                    string
                                                                 |  | Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict. | 
                            
                                                |  | email_subject_prefix_text 
                    string
                                                                 |  | Prefix for the malicious email subject. | 
                            
                                                |  | failed_to_scan_attachments_text 
                    string
                                                                 |  | Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file. | 
                            
                                                |  | malicious_attachments_text 
                    string
                                                                 |  | Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - MD5 of the malicious file. | 
                            
                                                |  | malicious_links_text 
                    string
                                                                 |  | Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link. | 
                            
                                                |  | remove_attachments_and_links 
                    boolean
                                                                 |  | Remove attachments and links from the malicious email. | 
                            
                                                |  | send_copy 
                    boolean
                                                                 |  | Send a copy of the malicious email to the recipient list. | 
                            
                                                |  | send_copy_list 
                    list
                                                                 |  | Recipient list to send a copy of the malicious email. | 
                                            
                                                            | name 
                    string
                                             / required                     |  | Object name. | 
                            
                                                            | overrides 
                    list
                                                                 |  | Overrides per profile for this protection. | 
                                                        
                                                |  | action 
                    string
                                                                 | Choices:
                                                                                                                                                            Threat Cloud: InactiveDetectPrevent <br> Core: DropInactiveAccept | Protection action. | 
                            
                                                |  | capture_packets 
                    boolean
                                                                 |  | Capture packets. | 
                            
                                                |  | protection 
                    string
                                                                 |  | IPS protection identified by name or UID. | 
                            
                                                |  | track 
                    string
                                                                 | Choices:
                                                                                                                                                            nonelogalertmailsnmp trapuser alertuser alert 1user alert 2 | Tracking method for protection. | 
                                            
                                                            | state 
                    string
                                                                 | Choices:
                                                                                                                                                            present ←absent | State of the access rule (present or absent). Defaults to present. | 
                            
                                                            | tags 
                    list
                                                                 |  | Collection of tag identifiers. | 
                            
                                                            | threat_emulation 
                    boolean
                                                                 |  | Is Threat Emulation blade activated. | 
                            
                                                            | use_extended_attributes 
                    boolean
                                                                 |  | Whether to activate/deactivate IPS protections according to the extended attributes. | 
                            
                                                            | use_indicators 
                    boolean
                                                                 |  | Indicates whether the profile should make use of indicators. | 
                            
                                                            | version 
                    string
                                                                 |  | Version of checkpoint. If not given one, the latest version taken. | 
                            
                                                            | wait_for_task 
                    boolean
                                                                 |  | Wait for the task to end. Such as publish task. |