ibm.qradar.offense_action module – Take action on a QRadar Offense

Note

This module is part of the ibm.qradar collection (version 4.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ibm.qradar.

To use it in a playbook, specify: ibm.qradar.offense_action.

Note

The ibm.qradar collection has been deprecated and will be removed from Ansible 13. See the discussion thread for more information.

New in ibm.qradar 1.0.0

Synopsis
Parameters
Notes

Synopsis

This module allows to assign, protect, follow up, set status, and assign closing reason to QRadar Offenses

Aliases: qradar_offense_action

Parameters

Parameter	Comments
assigned_to string	Assign to an user, the QRadar username should be provided
closing_reason string	Assign a predefined closing reason here, by name.
closing_reason_id integer	Assign a predefined closing reason here, by id.
follow_up boolean	Set or unset the flag to follow up on a QRadar Offense Choices: `false` `true`
id integer / required	ID of Offense
protected boolean	Set or unset the flag to protect a QRadar Offense Choices: `false` `true`
status string	One of “open”, “hidden” or “closed”. (Either all lower case or all caps) Choices: `"open"` `"OPEN"` `"hidden"` `"HIDDEN"` `"closed"` `"CLOSED"`

Notes

Note

Requires one of name or id be provided
Only one of closing_reason or closing_reason_id can be provided

Authors

Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>

Collection links

© 2012–2018 Michael DeHaan
© 2018–2025 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ibm/qradar/offense_action_module.html