This repository has been archived. Refer to the ibm.qradar collection repository instead.
This repo hosts the community.qradar Ansible Collection.
The collection includes the community plugins to help the automation of IBM QRadar SIEM Platform.
Before using the Community IBM QRadar collection, you need to install it with the ansible-galaxy CLI:
ansible-galaxy collection install community.qradar
You can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml using the format:
collections:
- name: community.qradarIf you want to develop new content for this collection or improve what's already here, the easiest way to work on the collection is to clone it into one of the configured COLLECTIONS_PATHS, and work on it there.
The tests directory contains configuration for running sanity and integration tests using ansible-test.
You can run the collection's test suites with the commands:
ansible-test sanity
ansible-test network-integration --inventory /path/to/inventory
The current process for publishing new versions of the IBM QRadar Community Collection is manual, and requires a user who has access to the community namespace on Ansible Galaxy to publish the build artifact.
-
Ensure
CHANGELOG.mdcontains all the latest changes. -
Update
galaxy.ymlwith the newversionfor the collection. -
Create a release in GitHub to tag the commit at the version to build.
-
Run the following commands to build and release the new version on Galaxy:
ansible-galaxy collection build ansible-galaxy collection publish ./community-qradar-$VERSION_HERE.tar.gz
After the version is published, verify it exists on the IBM QRadar Community Collection Galaxy page.
For more information about Ansible's IBM QRadar integration, join the #ansible-security IRC channel on irc.libera.chat, and browse the resources in the Security Automation Working Group Community wiki page.
GNU General Public License v3.0 or later
See COPYING to see the full text.