You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

ibm.qradar.rule_info module – Obtain information about one or many QRadar Rules, with filter options

Note

This module is part of the ibm.qradar collection (version 1.0.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ibm.qradar.

To use it in a playbook, specify: ibm.qradar.rule_info.

New in version 1.0.0: of ibm.qradar

Synopsis

• This module obtains information about one or many QRadar Rules, with filter options

Parameters

Parameter	Comments
id integer	Obtain only information of the Rule with provided ID
name string	Obtain only information of the Rule that matches the provided name
origin string	Obtain only information of Rules that are of a certain origin Choices: SYSTEM OVERRIDE USER
owner string	Obtain only information of Rules owned by a certain user
type string	Obtain only information for the Rules of a certain type Choices: EVENT FLOW COMMON USER

Notes

Note

• You may provide many filters and they will all be applied, except for id as that will return only the Rule identified by the unique ID provided.

Examples

- name: Get information about the Rule named "Custom Company DDoS Rule"
  ibm.qradar.rule_info:
    name: "Custom Company DDoS Rule"
  register: custom_ddos_rule_info

- name: debugging output of the custom_ddos_rule_info registered variable
  debug:
    var: custom_ddos_rule_info

Authors

• Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>”

Collection links

Issue Tracker Repository (Sources)