W3cubDocs

/Ansible

ibm.qradar.offense_action – Take action on a QRadar Offense

Note

This plugin is part of the ibm.qradar collection (version 1.0.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ibm.qradar.

To use it in a playbook, specify: ibm.qradar.offense_action.

New in version 1.0.0: of ibm.qradar

Synopsis
Parameters
Notes
Examples

Synopsis

This module allows to assign, protect, follow up, set status, and assign closing reason to QRadar Offenses

Parameters

Parameter	Choices/Defaults	Comments
assigned_to string		Assign to an user, the QRadar username should be provided
closing_reason string		Assign a predefined closing reason here, by name.
closing_reason_id integer		Assign a predefined closing reason here, by id.
follow_up boolean	Choices: no yes	Set or unset the flag to follow up on a QRadar Offense
id integer / required		ID of Offense
protected boolean	Choices: no yes	Set or unset the flag to protect a QRadar Offense
status string	Choices: open OPEN hidden HIDDEN closed CLOSED	One of "open", "hidden" or "closed". (Either all lower case or all caps)

Notes

Note

Requires one of name or id be provided
Only one of closing_reason or closing_reason_id can be provided

Examples

Authors

Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ibm/qradar/offense_action_module.html