Dre4m Shell
Server IP : 85.214.239.14  /  Your IP : 18.191.171.26
Web Server : Apache/2.4.62 (Debian)
System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Mon Sep 30 15:36:27 MSK 2024 x86_64
User : www-data ( 33)
PHP Version : 7.4.18
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /proc/3/cwd/lib/python3/dist-packages/ansible_collections/ibm/qradar/plugins/modules/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : /proc/3/cwd/lib/python3/dist-packages/ansible_collections/ibm/qradar/plugins/modules/rule_info.py
#!/usr/bin/python
# -*- coding: utf-8 -*-

# (c) 2019, Adam Miller (admiller@redhat.com)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

from __future__ import absolute_import, division, print_function

__metaclass__ = type

DOCUMENTATION = """
---
module: rule_info
short_description: Obtain information about one or many QRadar Rules, with filter options
description:
  - This module obtains information about one or many QRadar Rules, with filter options
version_added: "1.0.0"
deprecated:
  alternative: qradar_analytics_rules
  why: Newer and updated modules released with more functionality.
  removed_at_date: '2024-09-01'
options:
  id:
    description:
      - Obtain only information of the Rule with provided ID
    required: false
    type: int
  name:
    description:
      - Obtain only information of the Rule that matches the provided name
    required: false
    type: str
  type:
    description:
      - Obtain only information for the Rules of a certain type
    required: false
    choices: [ "EVENT", "FLOW", "COMMON", "USER"]
    type: str
  owner:
    description:
      - Obtain only information of Rules owned by a certain user
    required: false
    type: str
  origin:
    description:
      - Obtain only information of Rules that are of a certain origin
    required: false
    choices: ["SYSTEM", "OVERRIDE", "USER"]
    type: str
notes:
  - You may provide many filters and they will all be applied, except for C(id)
    as that will return only the Rule identified by the unique ID provided.

author: Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>"
"""


# FIXME - provide correct example here
RETURN = """
"""

EXAMPLES = """
- name: Get information about the Rule named "Custom Company DDoS Rule"
  ibm.qradar.rule_info:
    name: "Custom Company DDoS Rule"
  register: custom_ddos_rule_info

- name: debugging output of the custom_ddos_rule_info registered variable
  debug:
    var: custom_ddos_rule_info
"""

from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_text

from ansible.module_utils.six.moves.urllib.parse import quote
from ansible_collections.ibm.qradar.plugins.module_utils.qradar import (
    QRadarRequest,
)


def main():

    argspec = dict(
        id=dict(required=False, type="int"),
        name=dict(required=False, type="str"),
        owner=dict(required=False, type="str"),
        type=dict(
            required=False,
            choices=["EVENT", "FLOW", "COMMON", "USER"],
            type="str",
        ),
        origin=dict(
            required=False, choices=["SYSTEM", "OVERRIDE", "USER"], type="str"
        ),
    )

    module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)

    qradar_request = QRadarRequest(module)

    # if module.params['name']:
    #    # FIXME - QUERY HERE BY NAME NATIVELY VIA REST API (DOESN'T EXIST YET)
    #    found_offense = qradar_request.get('/api/analytics/rules?filter={0}'.format(module.params['name']))

    if module.params["id"]:
        code, rules = qradar_request.get(
            "/api/analytics/rules/{0}".format(module.params["id"])
        )

    else:
        query_strs = []

        if module.params["name"]:
            query_strs.append(
                quote('name="{0}"'.format(to_text(module.params["name"])))
            )

        if module.params["owner"]:
            query_strs.append(
                quote("owner={0}".format(module.params["owner"]))
            )

        if module.params["type"]:
            query_strs.append(quote("type={0}".format(module.params["type"])))

        if module.params["origin"]:
            query_strs.append(
                quote("origin={0}".format(module.params["origin"]))
            )

        if query_strs:
            code, rules = qradar_request.get(
                "/api/analytics/rules?filter={0}".format("&".join(query_strs))
            )
        else:
            code, rules = qradar_request.get("/api/analytics/rules")

        module.exit_json(rules=rules, changed=False)


if __name__ == "__main__":
    main()

Anon7 - 2022
AnonSec Team