ibm.qradar.offense_info module – Obtain information about one or many QRadar Offenses, with filter options

Note

This module is part of the ibm.qradar collection (version 2.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ibm.qradar.

To use it in a playbook, specify: ibm.qradar.offense_info.

New in version 1.0.0: of ibm.qradar

Synopsis

  • This module allows to obtain information about one or many QRadar Offenses, with filter options

Parameters

Parameter

Comments

assigned_to

string

Obtain only information of Offenses assigned to a certain user

closing_reason

string

Obtain only information of Offenses that were closed by a specific closing reason

closing_reason_id

integer

Obtain only information of Offenses that were closed by a specific closing reason ID

follow_up

boolean

Obtain only information of Offenses that are marked with the follow up flag

Choices:

  • no

  • yes

id

integer

Obtain only information of the Offense with provided ID

name

string

Obtain only information of the Offense that matches the provided name

protected

boolean

Obtain only information of Offenses that are protected

Choices:

  • no

  • yes

status

string

Obtain only information of Offenses of a certain status

Choices:

  • open ← (default)

  • OPEN

  • hidden

  • HIDDEN

  • closed

  • CLOSED

Notes

Note

  • You may provide many filters and they will all be applied, except for id as that will return only

Examples

- name: Get list of all currently OPEN IBM QRadar Offenses
  ibm.qradar.offense_info:
    status: OPEN
  register: offense_list

- name: display offense information for debug purposes
  debug:
    var: offense_list

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

offenses

list / elements=dictionary

Information

Returned: always

qradar_offenses

complex

IBM QRadar Offenses found based on provided filters

Returned: always

name

string

Name of the service.

Returned: always

Sample: “arp-ethers.service”

source

string

Init system of the service. One of systemd, sysv, upstart.

Returned: always

Sample: “sysv”

state

string

State of the service. Either running, stopped, or unknown.

Returned: always

Sample: “running”

status

string

State of the service. Either enabled, disabled, or unknown.

Returned: systemd systems or RedHat/SUSE flavored sysvinit/upstart

Sample: “enabled”

Authors