ibm.qradar.offense_action module – Take action on a QRadar Offense

Note

This module is part of the ibm.qradar collection (version 4.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ibm.qradar.

To use it in a playbook, specify: ibm.qradar.offense_action.

New in ibm.qradar 1.0.0

Synopsis

  • This module allows to assign, protect, follow up, set status, and assign closing reason to QRadar Offenses

Aliases: qradar_offense_action

Parameters

Parameter

Comments

assigned_to

string

Assign to an user, the QRadar username should be provided

closing_reason

string

Assign a predefined closing reason here, by name.

closing_reason_id

integer

Assign a predefined closing reason here, by id.

follow_up

boolean

Set or unset the flag to follow up on a QRadar Offense

Choices:

  • false

  • true

id

integer / required

ID of Offense

protected

boolean

Set or unset the flag to protect a QRadar Offense

Choices:

  • false

  • true

status

string

One of “open”, “hidden” or “closed”. (Either all lower case or all caps)

Choices:

  • "open"

  • "OPEN"

  • "hidden"

  • "HIDDEN"

  • "closed"

  • "CLOSED"

Notes

Note

  • Requires one of name or id be provided

  • Only one of closing_reason or closing_reason_id can be provided

Authors