Vh6ddlmZmZmZeZdZdZdZddl m Z ddl m Z ddl mZddlmZmZmZd Zed k(rey y ) )absolute_importdivisionprint_functiona --- module: offense_info short_description: Obtain information about one or many QRadar Offenses, with filter options description: - This module allows to obtain information about one or many QRadar Offenses, with filter options version_added: "1.0.0" options: id: description: - Obtain only information of the Offense with provided ID required: false type: int name: description: - Obtain only information of the Offense that matches the provided name required: false type: str status: description: - Obtain only information of Offenses of a certain status required: false choices: [ "open", "OPEN", "hidden", "HIDDEN", "closed", "CLOSED" ] default: "open" type: str assigned_to: description: - Obtain only information of Offenses assigned to a certain user required: false type: str closing_reason: description: - Obtain only information of Offenses that were closed by a specific closing reason required: false type: str closing_reason_id: description: - Obtain only information of Offenses that were closed by a specific closing reason ID required: false type: int follow_up: description: - Obtain only information of Offenses that are marked with the follow up flag required: false type: bool protected: description: - Obtain only information of Offenses that are protected required: false type: bool notes: - You may provide many filters and they will all be applied, except for C(id) as that will return only author: Ansible Security Automation Team (@maxamillion) a offenses: description: Information returned: always type: list elements: dict contains: qradar_offenses: description: IBM QRadar Offenses found based on provided filters returned: always type: complex contains: source: description: Init system of the service. One of C(systemd), C(sysv), C(upstart). returned: always type: str sample: sysv state: description: State of the service. Either C(running), C(stopped), or C(unknown). returned: always type: str sample: running status: description: State of the service. Either C(enabled), C(disabled), or C(unknown). returned: systemd systems or RedHat/SUSE flavored sysvinit/upstart type: str sample: enabled name: description: Name of the service. returned: always type: str sample: arp-ethers.service z - name: Get list of all currently OPEN IBM QRadar Offenses ibm.qradar.offense_info: status: OPEN register: offense_list - name: display offense information for debug purposes debug: var: offense_list )to_text) AnsibleModule)quote) QRadarRequestfind_dict_in_listset_offense_valuescttddtddtddtddtddtdddtdddtdgddd  }t|d gd }t|}t|||jdr1|j dj |jd\}}yg}|jdr?|jtdj t|jd|jdr6|jtdj |jd|jdr6|jtdj |jd|jd6|jtdj |jd|jd6|jtdj |jd|r3|j dj dj|\}}n|j d\}}|jdr!t|d|jd}|r|}ng}|j|dy) NFint)requiredtypestrbool)rrdefault)openOPENhiddenHIDDENclosedCLOSEDr)rchoicesrr)idname assigned_toclosing_reasonclosing_reason_id follow_up protectedstatus)rrT) argument_specmutually_exclusivesupports_check_moderz/api/siem/offenses/{0}r!z status={0}rzassigned_to={0}rzclosing_reason_id={0}rz follow_up={0}r z protected={0}z/api/siem/offenses?filter={0}&z/api/siem/offensesr description)offenseschanged) dictrr r paramsgetformatappendrrjoinr exit_json)argspecmoduleqradar_requestcoder' query_strs named_offenses k/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/ibm/qradar/plugins/modules/offense_info.pymainr7s U + 5u -%e4U7E:FDAFDAL  G CD F #6*N v~. }}T'++ $ + +FMM$,? @ h  == "   l))'&--2I*JKL  == '   '..v}}]/KLM  ==, -   +22 &9:  == % 1   o,,V]];-GHI  == % 1   o,,V]];-GHI  +///66sxx 7KLND(,//0DEND( == - f%M ((E:__main__N) __future__rrrr __metaclass__ DOCUMENTATIONRETURNEXAMPLESansible.module_utils._textransible.module_utils.basicr+ansible.module_utils.six.moves.urllib.parser:ansible_collections.ibm.qradar.plugins.module_utils.qradarr r r r7__name__r8r6rEs\A@ 7 v F /4=V;r zFr8