Create a time triggered job - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2025-02-09
Category
Administrator Guide
Abstract

Create a time triggered or feed triggered job in Cortex XSIAM to run a playbook.

Time triggered jobs run at predetermined times. You can schedule the job to run at a recurring time or one time at a specific date and time. For an example, see the Create jobs to process indicators example.Create jobs to process indicators example

  1. Select Incident ResponseAutomationJobsNew Job

  2. Select Time triggered.

  3. If you want the job to repeat at regular intervals, select Recurring and select the desired interval.

    You can choose to run the job every X number of days, on specific days of the week, at a specific time and also choose a start date and an expiration date.

    You can configure the recurring job using a cron expression. To do so, after selecting the Recurring checkbox, click Switch to Cron view and enter the expression. For help defining the cron expression, click Show cron examples after switching to cron view.

    Note

    To view a human readable description of a cron schedule for an existing job, click settings-wheel.png and select Job Schedule from the available columns.

  4. If you do not want the job to repeat, Select date and time for the job to run.

  5. In the BASIC INFORMATION, section, add relevant time triggered job parameters from the following:

    Name

    Description

    Name

    Enter a meaningful name for the job.

    Owner

    Assign an owner to the alert.

    Playbook

    Determine which playbook to run when this job is triggered.

    Description

    Enter a meaningful description of the job.

  6. In the QUEUE HANDLING section, select one of the following response options to use if the job is triggered while a previous run of the job is active:

    • Don’t trigger a new job run

    • Cancel the previous job run and trigger a new job run

    • Trigger a new job run and execute concurrently with the previous run

    Important

    We recommend to avoid triggering a job while a previous run of the job is active by configuring the playbook a job triggers to close the investigation before running a new instance of the job.

  7. Select Create new job.