ibm.qradar.offense_info – Obtain information about one or many QRadar Offenses, with filter options
Note
This plugin is part of the ibm.qradar collection (version 1.0.3).
To install it use: ansible-galaxy collection install ibm.qradar.
To use it in a playbook, specify: ibm.qradar.offense_info.
New in version 1.0.0: of ibm.qradar
Synopsis
- This module allows to obtain information about one or many QRadar Offenses, with filter options
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| assigned_to
string
|
Obtain only information of Offenses assigned to a certain user
|
|
| closing_reason
string
|
Obtain only information of Offenses that were closed by a specific closing reason
|
|
| closing_reason_id
integer
|
Obtain only information of Offenses that were closed by a specific closing reason ID
|
|
| follow_up
boolean
|
|
Obtain only information of Offenses that are marked with the follow up flag
|
| id
integer
|
Obtain only information of the Offense with provided ID
|
|
| name
string
|
Obtain only information of the Offense that matches the provided name
|
|
| protected
boolean
|
|
Obtain only information of Offenses that are protected
|
| status
string
|
|
Obtain only information of Offenses of a certain status
|
Notes
Note
- You may provide many filters and they will all be applied, except for
idas that will return only
Examples
- name: Get list of all currently OPEN IBM QRadar Offenses
ibm.qradar.offense_info:
status: OPEN
register: offense_list
- name: display offense information for debug purposes
debug:
var: offense_list
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | ||
|---|---|---|---|---|
| offenses
list / elements=dictionary
|
always |
Information
|
||
| qradar_offenses
complex
|
always |
IBM QRadar Offenses found based on provided filters
|
||
| name
string
|
always |
Name of the service.
Sample:
arp-ethers.service
|
||
| source
string
|
always |
Init system of the service. One of systemd, sysv, upstart.
Sample:
sysv
|
||
| state
string
|
always |
State of the service. Either running, stopped, or unknown.
Sample:
running
|
||
| status
string
|
systemd systems or RedHat/SUSE flavored sysvinit/upstart |
State of the service. Either enabled, disabled, or unknown.
Sample:
enabled
|
||
Authors
- Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/ibm/qradar/offense_info_module.html