ibm.qradar.offense_action – Take action on a QRadar Offense

Note

This plugin is part of the ibm.qradar collection (version 1.0.3).

To install it use: ansible-galaxy collection install ibm.qradar.

To use it in a playbook, specify: ibm.qradar.offense_action.

New in version 1.0.0: of ibm.qradar

Synopsis

  • This module allows to assign, protect, follow up, set status, and assign closing reason to QRadar Offenses

Parameters

Parameter Choices/Defaults Comments
assigned_to
string
Assign to an user, the QRadar username should be provided
closing_reason
string
Assign a predefined closing reason here, by name.
closing_reason_id
integer
Assign a predefined closing reason here, by id.
follow_up
boolean
    Choices:
  • no
  • yes
Set or unset the flag to follow up on a QRadar Offense
id
integer / required
ID of Offense
protected
boolean
    Choices:
  • no
  • yes
Set or unset the flag to protect a QRadar Offense
status
string
    Choices:
  • open
  • OPEN
  • hidden
  • HIDDEN
  • closed
  • CLOSED
One of "open", "hidden" or "closed". (Either all lower case or all caps)

Notes

Note

  • Requires one of name or id be provided

  • Only one of closing_reason or closing_reason_id can be provided

Examples

Authors