ibm.qradar.offense_action – Take action on a QRadar Offense

Note

This plugin is part of the ibm.qradar collection (version 1.0.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ibm.qradar.

To use it in a playbook, specify: ibm.qradar.offense_action.

New in version 1.0.0: of ibm.qradar

Synopsis

  • This module allows to assign, protect, follow up, set status, and assign closing reason to QRadar Offenses

Parameters

Parameter Choices/Defaults Comments
assigned_to
string
Assign to an user, the QRadar username should be provided
closing_reason
string
Assign a predefined closing reason here, by name.
closing_reason_id
integer
Assign a predefined closing reason here, by id.
follow_up
boolean
    Choices:
  • no
  • yes
Set or unset the flag to follow up on a QRadar Offense
id
integer / required
ID of Offense
protected
boolean
    Choices:
  • no
  • yes
Set or unset the flag to protect a QRadar Offense
status
string
    Choices:
  • open
  • OPEN
  • hidden
  • HIDDEN
  • closed
  • CLOSED
One of "open", "hidden" or "closed". (Either all lower case or all caps)

Notes

Note

  • Requires one of name or id be provided

  • Only one of closing_reason or closing_reason_id can be provided

Examples


Authors