created incident ticket loop

.ansible-sign/sha256sum.txt

@@ -4,7 +4,7 @@
 cf237c7aff44efbe6e502e645c3e06da03a69d7bdeb43392108ef3348143417e  .gitignore
 ca3f84e14f6aa778003094fd160710543fae3594d76dbc4335d2d0b77245e8ce  AnsibleSSP.code-workspace
 d35fbae2b6580fa02cb6c4aaea0a4f54afcc35f7340a63f668ada65d673e9205  EDAInsightsCVE.yml
-758de5dbef4f493e8d6dcee9dd7b1ef23c5e522189c42e07d235c74a9df51990  EDAInsightsMalware.yml
+81acedf3cfb62c6787ee429a6cb647a70efc44e07f6ac14c09f9c5a0fc27d0e8  EDAInsightsMalware.yml
 74676949e369fda79558d21019a119516d735a906c5e5d19a8cb8fa545f5d88a  EDANodeExporter.yml
 ef33eb5f7454982f5ef0d0a96ba5e19f60c7ce425d92ea3a032cf5e06307c272  EDASELinuxDisabled.yml
 7bbab92e4265fe287ab68f5e1f4faeb363ed4ffc84616556f55ce31b4cdc2361  MANIFEST.in

.ansible-sign/sha256sum.txt.sig

@@ -1,14 +1,14 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmTvVVQACgkQTiIiIXrU
-DNFKlgv/Yzm6xtkepQ4Kx9p7a/Lre5bf96kp31TYxKzHKtd0foI64eumgi0732K5
-f3hxsp7OnAQJHKioBTMRBq7rDTazmEQ5P0RFUjoZSliM2yfvwHGKtF7Uvh/7wBd+
-yfMWHJ32fU2obp5TMMTi4Ca8J2zyLJ4jAQMSQhGYvajsXYx0jqRRJO44alu7ZSPf
-Ff0965spBLEiKUzT/fI3y98bAKk1xczuxmDEDKMJ6vavQa/N22vYYOCUcANof1+Y
-sZl+F7QDM3+x/L8Uu3PXCilXk9uIouvB7I6zrufUm7j0Dhidz+UOLj5F9eiEDeUE
-l4pTRSJFxQModtXk5Or4R3Z9iQw4IAhDA6jvYYX7a2zn5ZOibgh0eeiTjLoa7EOR
-eC6O/QmVETt5Dsw1AFphVdKHw0nzSfuv9MDqRcETll2gO6OmZZO6lkZJzyNe3u8g
-dCVvEn8SEgKPTIVSd+pdpdPE6x5at+V/l9a8MFuR36S7Tyko5K29cYbEMxuhTxgt
-zinHNXCl
-=a5Fm
+iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmTvXe4ACgkQTiIiIXrU
+DNHj7gv/T7sEIcDuq8JaLyFmyZcnKeiF0e0wXlRQZ6Ss/r0otrtCf50+Q52xnqq5
+VEUJF47KVd6TsBQdejHwyjiVCkmKjVagf2Fd87HjJp3NLci2krxph5yA4tshejTA
++n8W05U1ydh8tidGfsaK3TbawG2xCodI1jkpK25aCTdDqmHR6rDZARJXEUX82ysK
+RdAM/jm45Qma3d2cDc3ieMxFVmzCHihvxYNAk1YQRpbEwcvO1xV8leDPe+fdtdWd
+9gchVGE7CFoHua+7Dz0W15NkxiVNOmDUhEjSJ24icAiCtOqlG6uk/pUf0d8uhiKu
+2YIzLf+VFWxVUl1o+cvisdclG8ToULb4NVZKhlyCDrtwrk8gMUMECZDVa9S1ODfW
+hCrYZkCNm18IL0ywK+lwC9+XCqrZ9Y6Fh+7bTTMFbY7klBuol31TiIwLidQON5ED
+wcihjNr3B1UuRSrIhgBw5pLu2dLP8q26WVwfqETJYc4ugFwriVoSRGnEhKw7HSaQ
+kcsn7+HP
+=GcsU
 -----END PGP SIGNATURE-----

EDAInsightsMalware.yml

@@ -3,18 +3,21 @@
   hosts: localhost
   gather_facts: false
 
-  vars:
-    servicenow_ticket: "create"
-    sn_urgency: critical
-    sn_impact: high
-    incident_description: "Alert {{ item.payload.matched_rules }} detected on host {{ item.payload.host_name }}"
-    sn_description: |
-      The following alert triggered on {{ item.payload.host_name }}:
-      "Malware {{ item.payload.matched_rules }} detected at {{ item.payload.matched_at }} in {{ item.payload.host_name }}
-      Red Hat Insights account {{ item.payload.account_id }}"
+  tasks:
 
-  roles:
-    - servicenow_ticket
+    - name: Include SNOW Ticket role
+      ansible.builtin.include_role:
+        name: servicenow_ticket
+      vars:
+        servicenow_ticket: "create"
+        sn_urgency: critical
+        sn_impact: high
+        incident_description: "Alert {{ item.payload.matched_rules }} detected on host {{ item.payload.host_name }}"
+        sn_description: |
+          The following alert triggered on {{ item.payload.host_name }}:
+          "Malware {{ item.payload.matched_rules }} detected at {{ item.payload.matched_at }} in {{ item.payload.host_name }}
+          Red Hat Insights account {{ item.payload.account_id }}"
+      loop: "{{ insights_mal_data }}"
 
 - name: Notify Mattermost Channel of Malware Incident
   hosts: localhost
@@ -23,7 +26,7 @@
   vars:
     alert_title: "Malware Issue"
     alert_issue_value: "Malware Issue detected"
-    alert_details_value: "Malware Issue, incident {{ new_incident.record.number}} created"
+    alert_details_value: "Malware Issue, incident {{ new_incident.results[0].record.number}} created"
 
   roles:
     - shadowman_mattermost