Create a Time Triggered Job - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2023-10-30
Last date published
2024-03-28
Category
Administrator Guide
Abstract

Create a time triggered or feed triggered job in Cortex XSIAM to run a playbook.

Time triggered jobs run at predetermined times. You can schedule the job to run at a recurring time or one time at a specific date and time. For example, schedule a time triggered job that runs nightly and removes expired indicators.

Note

To view a human readable description of a cron schedule for an existing job, change the table settings by clicking the settings icon and selecting Job Schedule from the available columns.

  1. Select Incident ResponseAutomationJobsNew Job.

  2. Select Time triggered.

  3. If you want the job to repeat at regular intervals, select Recurring and select the desired interval.

    You can choose to run the job every X number of days, on specific days of the week, at a specific time and also choose a start date and an expiration date. You have the option to configure the recurring job using a cron expression. To do so, after selecting the Recurring checkbox, click Switch to Cron view and enter the expression. For assistance in defining the cron expression, click Show cron examples after switching to Cron view.

  4. If you do not want to the job to repeat, Select date and time the job should run.

  5. In the BASIC INFORMATION, section, add the required the following parameters:

    Parameter

    Description

    Name

    Enter a meaningful name for the job.

    Owner

    Assign an owner to the job

    Playbook

    Determine which playbook to run when the job is triggered.

    Description

    Enter a meaningful description for the job.

  6. In the QUEUE HANDLING section, select whether to notify the owner of the job if the job is triggered while a previous run of the job is active.

  7. Select an option to use if the job is triggered while a previous run of the job is active:

    • Don’t trigger a new job run.

    • Cancel the previous job run and trigger a new job run.

    • Trigger a new job run and execute concurrently with the previous run.

  8. Create new job.

    The job is added to the job runs table. Click the job to see details, Work Plan and in the War Room take action as required,