ibm.qradar.offense_action – Take action on a QRadar Offense
Note
This plugin is part of the ibm.qradar collection (version 1.0.3).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ibm.qradar
.
To use it in a playbook, specify: ibm.qradar.offense_action
.
New in version 1.0.0: of ibm.qradar
Synopsis
This module allows to assign, protect, follow up, set status, and assign closing reason to QRadar Offenses
Parameters
Parameter |
Comments |
---|---|
Assign to an user, the QRadar username should be provided |
|
Assign a predefined closing reason here, by name. |
|
Assign a predefined closing reason here, by id. |
|
Set or unset the flag to follow up on a QRadar Offense Choices:
|
|
ID of Offense |
|
Set or unset the flag to protect a QRadar Offense Choices:
|
|
One of “open”, “hidden” or “closed”. (Either all lower case or all caps) Choices:
|
Notes
Note
Requires one of
name
orid
be providedOnly one of
closing_reason
orclosing_reason_id
can be provided
Examples
Authors
Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>