This repository has been archived. Refer to the ibm.qradar collection repository instead.
This repo hosts the community.qradar
Ansible Collection.
The collection includes the community plugins to help the automation of IBM QRadar SIEM Platform.
Before using the Community IBM QRadar collection, you need to install it with the ansible-galaxy
CLI:
ansible-galaxy collection install community.qradar
You can also include it in a requirements.yml
file and install it via ansible-galaxy collection install -r requirements.yml
using the format:
collections:
- name: community.qradar
If you want to develop new content for this collection or improve what's already here, the easiest way to work on the collection is to clone it into one of the configured COLLECTIONS_PATHS
, and work on it there.
The tests
directory contains configuration for running sanity and integration tests using ansible-test
.
You can run the collection's test suites with the commands:
ansible-test sanity
ansible-test network-integration --inventory /path/to/inventory
The current process for publishing new versions of the IBM QRadar Community Collection is manual, and requires a user who has access to the community
namespace on Ansible Galaxy to publish the build artifact.
-
Ensure
CHANGELOG.md
contains all the latest changes. -
Update
galaxy.yml
with the newversion
for the collection. -
Create a release in GitHub to tag the commit at the version to build.
-
Run the following commands to build and release the new version on Galaxy:
ansible-galaxy collection build ansible-galaxy collection publish ./community-qradar-$VERSION_HERE.tar.gz
After the version is published, verify it exists on the IBM QRadar Community Collection Galaxy page.
For more information about Ansible's IBM QRadar integration, join the #ansible-security
IRC channel on irc.libera.chat, and browse the resources in the Security Automation Working Group Community wiki page.
GNU General Public License v3.0 or later
See COPYING to see the full text.