ibm.qradar.offense_action – Take action on a QRadar Offense
Note
This plugin is part of the ibm.qradar collection (version 1.0.3).
To install it use: ansible-galaxy collection install ibm.qradar.
To use it in a playbook, specify: ibm.qradar.offense_action.
New in version 1.0.0: of ibm.qradar
Synopsis
- This module allows to assign, protect, follow up, set status, and assign closing reason to QRadar Offenses
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| assigned_to
string
|
Assign to an user, the QRadar username should be provided
|
|
| closing_reason
string
|
Assign a predefined closing reason here, by name.
|
|
| closing_reason_id
integer
|
Assign a predefined closing reason here, by id.
|
|
| follow_up
boolean
|
|
Set or unset the flag to follow up on a QRadar Offense
|
| id
integer / required
|
ID of Offense
|
|
| protected
boolean
|
|
Set or unset the flag to protect a QRadar Offense
|
| status
string
|
|
One of "open", "hidden" or "closed". (Either all lower case or all caps)
|
Notes
Note
- Requires one of
nameoridbe provided - Only one of
closing_reasonorclosing_reason_idcan be provided
Examples
Authors
- Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/ibm/qradar/offense_action_module.html