ibm.qradar.offense_action – Take action on a QRadar Offense
Note
This plugin is part of the ibm.qradar collection (version 1.0.3).
To install it use: ansible-galaxy collection install ibm.qradar.
To use it in a playbook, specify: ibm.qradar.offense_action.
New in version 1.0.0: of ibm.qradar
Synopsis
- This module allows to assign, protect, follow up, set status, and assign closing reason to QRadar Offenses
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| assigned_to string | Assign to an user, the QRadar username should be provided | |
| closing_reason string | Assign a predefined closing reason here, by name. | |
| closing_reason_id integer | Assign a predefined closing reason here, by id. | |
| follow_up boolean |
| Set or unset the flag to follow up on a QRadar Offense |
| id integer / required | ID of Offense | |
| protected boolean |
| Set or unset the flag to protect a QRadar Offense |
| status string |
| One of "open", "hidden" or "closed". (Either all lower case or all caps) |
Notes
Note
- Requires one of
nameoridbe provided - Only one of
closing_reasonorclosing_reason_idcan be provided
Examples
Authors
- Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/ibm/qradar/offense_action_module.html