ibm.qradar.qradar_offense_info – Obtain information about one or many QRadar Offenses, with filter options

From Get docs
Ansible/docs/2.10/collections/ibm/qradar/qradar offense info module


ibm.qradar.qradar_offense_info – Obtain information about one or many QRadar Offenses, with filter options

Note

This plugin is part of the ibm.qradar collection (version 1.0.3).

To install it use: ansible-galaxy collection install ibm.qradar.

To use it in a playbook, specify: ibm.qradar.qradar_offense_info.


New in version 1.0.0: of ibm.qradar


Synopsis

  • This module allows to obtain information about one or many QRadar Offenses, with filter options

Parameters

Parameter Choices/Defaults Comments

assigned_to

string

Obtain only information of Offenses assigned to a certain user

closing_reason

string

Obtain only information of Offenses that were closed by a specific closing reason

closing_reason_id

integer

Obtain only information of Offenses that were closed by a specific closing reason ID

follow_up

boolean

  • no
  • yes

Obtain only information of Offenses that are marked with the follow up flag

id

integer

Obtain only information of the Offense with provided ID

name

string

Obtain only information of the Offense that matches the provided name

protected

boolean

  • no
  • yes

Obtain only information of Offenses that are protected

status

string

  • open

  • OPEN
  • hidden
  • HIDDEN
  • closed
  • CLOSED

Obtain only information of Offenses of a certain status



Notes

Note

  • You may provide many filters and they will all be applied, except for id as that will return only


Examples

- name: Get list of all currently OPEN IBM QRadar Offenses
  ibm.qradar.offense_info:
    status: OPEN
  register: offense_list

- name: display offense information for debug purposes
  debug:
    var: offense_list

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

offenses

list / elements=dictionary

always

Information


qradar_offenses

complex

always

IBM QRadar Offenses found based on provided filters


name

string

always

Name of the service.


Sample:

arp-ethers.service

source

string

always

Init system of the service. One of systemd, sysv, upstart.


Sample:

sysv

state

string

always

State of the service. Either running, stopped, or unknown.


Sample:

running

status

string

systemd systems or RedHat/SUSE flavored sysvinit/upstart

State of the service. Either enabled, disabled, or unknown.


Sample:

enabled




Authors

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/ibm/qradar/qradar_offense_info_module.html