ibm.qradar.qradar_offense_info – Obtain information about one or many QRadar Offenses, with filter options
ibm.qradar.qradar_offense_info – Obtain information about one or many QRadar Offenses, with filter options
Note
This plugin is part of the ibm.qradar collection (version 1.0.3).
To install it use: ansible-galaxy collection install ibm.qradar
.
To use it in a playbook, specify: ibm.qradar.qradar_offense_info
.
New in version 1.0.0: of ibm.qradar
Synopsis
- This module allows to obtain information about one or many QRadar Offenses, with filter options
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
assigned_to string |
Obtain only information of Offenses assigned to a certain user | |
closing_reason string |
Obtain only information of Offenses that were closed by a specific closing reason | |
closing_reason_id integer |
Obtain only information of Offenses that were closed by a specific closing reason ID | |
follow_up boolean |
|
Obtain only information of Offenses that are marked with the follow up flag |
id integer |
Obtain only information of the Offense with provided ID | |
name string |
Obtain only information of the Offense that matches the provided name | |
protected boolean |
|
Obtain only information of Offenses that are protected |
status string |
|
Obtain only information of Offenses of a certain status |
Notes
Note
- You may provide many filters and they will all be applied, except for
id
as that will return only
Examples
- name: Get list of all currently OPEN IBM QRadar Offenses
ibm.qradar.offense_info:
status: OPEN
register: offense_list
- name: display offense information for debug purposes
debug:
var: offense_list
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | ||
---|---|---|---|---|
offenses list / elements=dictionary |
always |
Information
| ||
qradar_offenses complex |
always |
IBM QRadar Offenses found based on provided filters
| ||
name string |
always |
Name of the service.
Sample: arp-ethers.service | ||
source string |
always |
Init system of the service. One of
Sample: sysv | ||
state string |
always |
State of the service. Either
Sample: running | ||
status string |
systemd systems or RedHat/SUSE flavored sysvinit/upstart |
State of the service. Either
Sample: enabled |
Authors
- Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/ibm/qradar/qradar_offense_info_module.html