ibm.qradar.offense_info – Obtain information about one or many QRadar Offenses, with filter options

Note

This plugin is part of the ibm.qradar collection (version 1.0.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ibm.qradar.

To use it in a playbook, specify: ibm.qradar.offense_info.

New in version 1.0.0: of ibm.qradar

Synopsis

  • This module allows to obtain information about one or many QRadar Offenses, with filter options

Parameters

Parameter Choices/Defaults Comments
assigned_to
string
Obtain only information of Offenses assigned to a certain user
closing_reason
string
Obtain only information of Offenses that were closed by a specific closing reason
closing_reason_id
integer
Obtain only information of Offenses that were closed by a specific closing reason ID
follow_up
boolean
    Choices:
  • no
  • yes
Obtain only information of Offenses that are marked with the follow up flag
id
integer
Obtain only information of the Offense with provided ID
name
string
Obtain only information of the Offense that matches the provided name
protected
boolean
    Choices:
  • no
  • yes
Obtain only information of Offenses that are protected
status
string
    Choices:
  • open ←
  • OPEN
  • hidden
  • HIDDEN
  • closed
  • CLOSED
Obtain only information of Offenses of a certain status

Notes

Note

  • You may provide many filters and they will all be applied, except for id as that will return only

Examples

- name: Get list of all currently OPEN IBM QRadar Offenses
  ibm.qradar.offense_info:
    status: OPEN
  register: offense_list

- name: display offense information for debug purposes
  debug:
    var: offense_list

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
offenses
list / elements=dictionary
always
Information

 
qradar_offenses
complex
always
IBM QRadar Offenses found based on provided filters

   
name
string
always
Name of the service.

Sample:
arp-ethers.service
   
source
string
always
Init system of the service. One of systemd, sysv, upstart.

Sample:
sysv
   
state
string
always
State of the service. Either running, stopped, or unknown.

Sample:
running
   
status
string
systemd systems or RedHat/SUSE flavored sysvinit/upstart
State of the service. Either enabled, disabled, or unknown.

Sample:
enabled


Authors