Jobs - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Cortex XSIAM
Creation date
Last date published
Administrator Guide

Create a time-triggered job or a job triggered by delta in a feed.

Jobs enable you to run playbooks based on certain events or on a specific time and date. A job runs when it is triggered by one of the following jobs:

  • Time triggered job: Jobs can be time triggered and run at specific times. For example, schedule a time triggered job that runs nightly and removes expired indicators.

  • Job triggered by delta in a feed: Jobs can be triggered according to an event and run when there are changes to a feed. For example, you can define an event triggered job to run a playbook when a specified TIM feed finishes a fetch operation for new indicators. For an example, see Set up a Job to Process Indicators.


When configuring the playbook a job triggers, make sure the playbook closes the investigation before running a new job.

When you create a job, a job run is executed. One job can have multiple job runs. You can view the job run of a specific job or all jobs through the Jobs page. In the Jobs page, you can see how many jobs are running, waiting, in error, etc. You can also take action such as creating a new job, edit, run, disable,etc. When you select the job run, review the details and Work Plan, and take action in the War Room as required.


Administrators can only create jobs and view/edit job runs.