ibm.qradar.offense_info – Obtain information about one or many QRadar Offenses, with filter options
Note
This plugin is part of the ibm.qradar collection (version 1.0.3).
To install it use: ansible-galaxy collection install ibm.qradar
.
To use it in a playbook, specify: ibm.qradar.offense_info
.
New in version 1.0.0: of ibm.qradar
Synopsis
- This module allows to obtain information about one or many QRadar Offenses, with filter options
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
assigned_to string | Obtain only information of Offenses assigned to a certain user | |
closing_reason string | Obtain only information of Offenses that were closed by a specific closing reason | |
closing_reason_id integer | Obtain only information of Offenses that were closed by a specific closing reason ID | |
follow_up boolean |
| Obtain only information of Offenses that are marked with the follow up flag |
id integer | Obtain only information of the Offense with provided ID | |
name string | Obtain only information of the Offense that matches the provided name | |
protected boolean |
| Obtain only information of Offenses that are protected |
status string |
| Obtain only information of Offenses of a certain status |
Notes
Note
- You may provide many filters and they will all be applied, except for
id
as that will return only
Examples
- name: Get list of all currently OPEN IBM QRadar Offenses ibm.qradar.offense_info: status: OPEN register: offense_list - name: display offense information for debug purposes debug: var: offense_list
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | ||
---|---|---|---|---|
offenses list / elements=dictionary | always | Information | ||
qradar_offenses complex | always | IBM QRadar Offenses found based on provided filters | ||
name string | always | Name of the service. Sample: arp-ethers.service | ||
source string | always | Init system of the service. One of systemd , sysv , upstart .Sample: sysv | ||
state string | always | State of the service. Either running , stopped , or unknown .Sample: running | ||
status string | systemd systems or RedHat/SUSE flavored sysvinit/upstart | State of the service. Either enabled , disabled , or unknown .Sample: enabled |
Authors
- Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/ibm/qradar/offense_info_module.html