Forge Home


Define network security policies in Puppet code to be used by Intelliment Security Policy Automation


5,700 latest version

3.1 quality score

Version information

  • 0.1.2 (latest)
  • 0.1.1
  • 0.1.0 (deleted)
released Nov 30th 2017
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 6.0.0
  • , , , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'intelliment-itlm', '0.1.2'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add intelliment-itlm
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install intelliment-itlm --version 0.1.2

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



intelliment/itlm — version 0.1.2 Nov 30th 2017

Puppet itlm module

Proof of Concept of Puppet integration with Intelliment Security Policy Automation. This integration allows to define network visibility requirements as code using Puppet, near the definition for each application component.

Who can use this integration?

DevOps that:

  • Do an advanced configuration management with Puppet
  • Use of applications component profiles and roles
  • Want to automate all aspects of IT management


  • Define network visibility requirements with each component of your applications
  • Provision - decomission automatically with each application or component change
  • No need for manual operation to get network visibility
  • Graphical visualization of network visibility changes


This module should be used with Intelliment Security Policy Automation to define security policies using Puppet code.

Each Puppet node can define two kind of resources:

  • The needs to access other systems (itlm-consumes), defined by destination and service
  • The services that exposes (itlm-provides), defined by source and ports

Endpoints (source and destination) can be:

  • Any Intelliment object by name
  • Any IP address
  • Any Puppet class, in this case, the nodes that implement this class will be selected

This module does two operations:

  • Stores needs for each node on PuppetDB that will be consumed by Intelliment Security to generate the actual network-wide security policies
  • Generates IPtables policies on linux nodes based on the itlm-requires

How it works

Intelliment Security checks the Puppet nodes reports on PuppetDB to detect changes on visibility requirements. Requirements can be checked against:

  • Intelliment validators: to detect issues with the model.
  • Pre-approvals: pre-defined approve/reject based on standard or custom criteria for permissions and compliance.

Deployment can be done directly from Intelliment or delegate to another platform.


Following you can see a short video with a demo showing how to define network visibilities using roles and profiles in Puppet and deploying them in a heterogeneous network infrastructure.

Intelliment and Puppet integration

If you want more info, please contact us at