def main(): argspec = dict(type=dict(choices=["INCREMENTAL", "FULL"], required=False, default="INCREMENTAL")) module = AnsibleModule(argument_spec=argspec, supports_check_mode=False) qradar_request = QRadarRequest( module, not_rest_data_keys=["state", "type_name", "identifier"], ) qradar_return_data = qradar_request.post_by_path( "api/staged_config/deploy_status") if "message" in qradar_return_data and ( to_text("No changes to deploy") in to_text( qradar_return_data["message"])): module.exit_json( msg="No changes to deploy", qradar_return_data=qradar_return_data, changed=False, ) else: module.exit_json( msg="Successfully initiated {0} deployment.".format( module.params["type"]), qradar_return_data=qradar_return_data, changed=True, )
def main(): argspec = dict( # name=dict(required=False, type='str'), # id=dict(required=False, type='str'), id=dict(required=True, type="int"), assigned_to=dict(required=False, type="str"), closing_reason=dict(required=False, type="str"), closing_reason_id=dict(required=False, type="int"), follow_up=dict(required=False, type="bool"), protected=dict(required=False, type="bool"), status=dict( required=False, choices=["open", "OPEN", "hidden", "HIDDEN", "closed", "CLOSED"], type="str", ), ) module = AnsibleModule( argument_spec=argspec, # required_one_of=[ # ('name', 'id',), # ], mutually_exclusive=[("closing_reason", "closing_reason_id")], supports_check_mode=True, ) qradar_request = QRadarRequest( module, not_rest_data_keys=["name", "id", "assigned_to", "closing_reason"], ) # if module.params['name']: # # FIXME - QUERY HERE BY NAME # found_offense = qradar_request.get('/api/siem/offenses?filter={0}'.format(module.params['name'])) found_offense = qradar_request.get("/api/siem/offenses/{0}".format( module.params["id"])) if found_offense: set_offense_values(module, qradar_request) post_strs = [] if module.params["status"] and (to_text(found_offense["status"]) != to_text(module.params["status"])): post_strs.append("status={0}".format( to_text(module.params["status"]))) if module.params["assigned_to"] and (to_text( found_offense["assigned_to"]) != to_text( module.params["assigned_to"])): post_strs.append("assigned_to={0}".format( module.params["assigned_to"])) if module.params["closing_reason_id"] and ( found_offense["closing_reason_id"] != module.params["closing_reason_id"]): post_strs.append("closing_reason_id={0}".format( module.params["closing_reason_id"])) if module.params["follow_up"] and (found_offense["follow_up"] != module.params["follow_up"]): post_strs.append("follow_up={0}".format( module.params["follow_up"])) if module.params["protected"] and (found_offense["protected"] != module.params["protected"]): post_strs.append("protected={0}".format( module.params["protected"])) if post_strs: if module.check_mode: module.exit_json( msg= "A change would have been made but was not because of Check Mode.", changed=True, ) qradar_return_data = qradar_request.post_by_path( "api/siem/offenses/{0}?{1}".format(module.params["id"], "&".join(post_strs))) # FIXME - handle the scenario in which we can search by name and this isn't a required param anymore module.exit_json( msg="Successfully updated Offense ID: {0}".format( module.params["id"]), qradar_return_data=qradar_return_data, changed=True, ) else: module.exit_json(msg="No changes necessary. Nothing to do.", changed=False) else: # FIXME - handle the scenario in which we can search by name and this isn't a required param anymore module.fail_json( msg="Unable to find Offense ID: {0}".format(module.params["id"]))
def main(): argspec = dict( id=dict(required=False, type="int"), name=dict(required=False, type="str"), state=dict(required=True, choices=["enabled", "disabled", "absent"], type="str"), owner=dict(required=False, type="str"), ) module = AnsibleModule( argument_spec=argspec, supports_check_mode=True, required_one_of=[("name", "id")], mutually_exclusive=[("name", "id")], ) qradar_request = QRadarRequest( module, not_rest_data_keys=["id", "name", "state", "owner"], ) # if module.params['name']: # # FIXME - QUERY HERE BY NAME NATIVELY VIA REST API (DOESN'T EXIST YET) # found_offense = qradar_request.get('/api/analytics/rules?filter={0}'.format(module.params['name'])) module.params["rule"] = {} if module.params["id"]: module.params["rule"] = qradar_request.get( "/api/analytics/rules/{0}".format(module.params["id"])) elif module.params["name"]: rules = qradar_request.get("/api/analytics/rules?filter={0}".format( quote('"{0}"'.format(module.params["name"])))) if rules: module.params["rule"] = rules[0] module.params["id"] = rules[0]["id"] if module.params["state"] == "enabled": if module.params["rule"]: if module.params["rule"]["enabled"] is True: # Already enabled if module.params["id"]: module.exit_json( msg="No change needed for rule ID: {0}".format( module.params["id"]), qradar_return_data={}, changed=False, ) if module.params["name"]: module.exit_json( msg="Successfully enabled rule named: {0}".format( module.params["name"]), qradar_return_data={}, changed=False, ) else: # Not enabled, enable It module.params["rule"]["enabled"] = True qradar_return_data = qradar_request.post_by_path( "api/analytics/rules/{0}".format( module.params["rule"]["id"]), data=json.dumps(module.params["rule"]), ) if module.params["id"]: module.exit_json( msg="Successfully enabled rule ID: {0}".format( module.params["id"]), qradar_return_data=qradar_return_data, changed=True, ) if module.params["name"]: module.exit_json( msg="Successfully enabled rule named: {0}".format( module.params["name"]), qradar_return_data=qradar_return_data, changed=True, ) else: if module.params["id"]: module.fail_json(msg="Unable to find rule ID: {0}".format( module.params["id"])) if module.params["name"]: module.fail_json(msg='Unable to find rule named: "{0}"'.format( module.params["name"])) elif module.params["state"] == "disabled": if module.params["rule"]: if module.params["rule"]["enabled"] is False: # Already disabled if module.params["id"]: module.exit_json( msg="No change needed for rule ID: {0}".format( module.params["id"]), qradar_return_data={}, changed=False, ) if module.params["name"]: module.exit_json( msg="Successfully enabled rule named: {0}".format( module.params["name"]), qradar_return_data={}, changed=False, ) else: # Not disabled, disable It module.params["rule"]["enabled"] = False qradar_return_data = qradar_request.post_by_path( "api/analytics/rules/{0}".format( module.params["rule"]["id"]), data=json.dumps(module.params["rule"]), ) if module.params["id"]: module.exit_json( msg="Successfully disabled rule ID: {0}".format( module.params["id"]), qradar_return_data=qradar_return_data, changed=True, ) if module.params["name"]: module.exit_json( msg="Successfully disabled rule named: {0}".format( module.params["name"]), qradar_return_data=qradar_return_data, changed=True, ) else: if module.params["id"]: module.fail_json(msg="Unable to find rule ID: {0}".format( module.params["id"])) if module.params["name"]: module.fail_json(msg='Unable to find rule named: "{0}"'.format( module.params["name"])) elif module.params["state"] == "absent": if module.params["rule"]: qradar_return_data = qradar_request.delete( "/api/analytics/rules/{0}".format(module.params["rule"]["id"])) if module.params["id"]: module.exit_json( msg="Successfully deleted rule ID: {0}".format( module.params["id"]), qradar_return_data=qradar_return_data, changed=True, ) if module.params["name"]: module.exit_json( msg="Successfully deleted rule named: {0}".format( module.params["name"]), qradar_return_data=qradar_return_data, changed=True, ) else: module.exit_json(msg="Nothing to do, rule not found.") module.exit_json(rules=rules, changed=False)
def main(): argspec = dict( # state=dict(required=False, choices=["present", "absent"], type='str', default="present"), id=dict(required=True, type="int"), note_text=dict(required=True, type="str"), ) module = AnsibleModule(argument_spec=argspec, supports_check_mode=True) qradar_request = QRadarRequest( module, headers={ "Content-Type": "application/json", "Version": "9.1" }, not_rest_data_keys=["state", "id"], ) # if module.params['name']: # # FIXME - QUERY HERE BY NAME # found_offense = qradar_request.get_by_path('api/siem/offenses?filter={0}'.format(module.params['name'])) # FIXME - once this is sorted, add it to module_utils found_notes = qradar_request.get_by_path( "api/siem/offenses/{0}/notes?filter={1}".format( module.params["id"], quote('note_text="{0}"'.format(module.params["note_text"])), )) # if module.params['state'] == 'present': if found_notes: # The note we want exists either by ID or by text name, verify note = found_notes[0] if note["note_text"] == module.params["note_text"]: module.exit_json(msg="No changes necessary. Nothing to do.", changed=False) else: if module.check_mode: module.exit_json( msg= "A change would have occured but did not because Check Mode", changed=True, ) qradar_return_data = qradar_request.post_by_path( "api/siem/offenses/{0}/notes?note_text={1}".format( module.params["id"], quote("{0}".format(module.params["note_text"]))), data=False, ) module.exit_json( msg="Successfully created Offense Note ID: {0}".format( qradar_return_data["id"]), qradar_return_data=qradar_offense_note, changed=False, ) else: if module.check_mode: module.exit_json( msg= "A change would have occured but did not because Check Mode", changed=True, ) qradar_return_data = qradar_request.post_by_path( "api/siem/offenses/{0}/notes?note_text={1}".format( module.params["id"], quote("{0}".format(module.params["note_text"]))), data=False, ) module.exit_json( msg="Successfully created Offense Note ID: {0}".format( qradar_return_data["id"]), qradar_return_data=qradar_return_data, changed=True, ) module.exit_json(msg="No changes necessary. Nothing to do.", changed=False)