ibm.qradar.offense_action – Take action on a QRadar Offense
Note
This plugin is part of the ibm.qradar collection (version 1.0.3).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install ibm.qradar.
To use it in a playbook, specify: ibm.qradar.offense_action.
New in version 1.0.0: of ibm.qradar
Synopsis
- This module allows to assign, protect, follow up, set status, and assign closing reason to QRadar Offenses
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| assigned_to
string
|
Assign to an user, the QRadar username should be provided
|
|
| closing_reason
string
|
Assign a predefined closing reason here, by name.
|
|
| closing_reason_id
integer
|
Assign a predefined closing reason here, by id.
|
|
| follow_up
boolean
|
|
Set or unset the flag to follow up on a QRadar Offense
|
| id
integer / required
|
ID of Offense
|
|
| protected
boolean
|
|
Set or unset the flag to protect a QRadar Offense
|
| status
string
|
|
One of "open", "hidden" or "closed". (Either all lower case or all caps)
|
Notes
Note
- Requires one of
nameoridbe provided - Only one of
closing_reasonorclosing_reason_idcan be provided
Examples
Authors
- Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ibm/qradar/offense_action_module.html