ibm.qradar.offense_info – Obtain information about one or many QRadar Offenses, with filter options
Note
This plugin is part of the ibm.qradar collection (version 1.0.3).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install ibm.qradar.
To use it in a playbook, specify: ibm.qradar.offense_info.
New in version 1.0.0: of ibm.qradar
Synopsis
- This module allows to obtain information about one or many QRadar Offenses, with filter options
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| assigned_to
string
|
Obtain only information of Offenses assigned to a certain user
|
|
| closing_reason
string
|
Obtain only information of Offenses that were closed by a specific closing reason
|
|
| closing_reason_id
integer
|
Obtain only information of Offenses that were closed by a specific closing reason ID
|
|
| follow_up
boolean
|
|
Obtain only information of Offenses that are marked with the follow up flag
|
| id
integer
|
Obtain only information of the Offense with provided ID
|
|
| name
string
|
Obtain only information of the Offense that matches the provided name
|
|
| protected
boolean
|
|
Obtain only information of Offenses that are protected
|
| status
string
|
|
Obtain only information of Offenses of a certain status
|
Notes
Note
- You may provide many filters and they will all be applied, except for
idas that will return only
Examples
- name: Get list of all currently OPEN IBM QRadar Offenses
ibm.qradar.offense_info:
status: OPEN
register: offense_list
- name: display offense information for debug purposes
debug:
var: offense_list
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | ||
|---|---|---|---|---|
| offenses
list / elements=dictionary
|
always |
Information
|
||
| qradar_offenses
complex
|
always |
IBM QRadar Offenses found based on provided filters
|
||
| name
string
|
always |
Name of the service.
Sample:
arp-ethers.service
|
||
| source
string
|
always |
Init system of the service. One of systemd, sysv, upstart.
Sample:
sysv
|
||
| state
string
|
always |
State of the service. Either running, stopped, or unknown.
Sample:
running
|
||
| status
string
|
systemd systems or RedHat/SUSE flavored sysvinit/upstart |
State of the service. Either enabled, disabled, or unknown.
Sample:
enabled
|
||
Authors
- Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ibm/qradar/offense_info_module.html