Jobs - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-03-28
End_of_Life
EoL
Category
Administrator Guide
Abstract

Jobs run playbooks and are either time-triggered (run at specific times) or event triggered (run when there are changes to a feed).

Jobs enable you to run playbooks based on certain events or at a specific time and date. You can define the following jobs:

  • Time triggered job: Jobs can be time triggered and run at specific times. For example, you can schedule a time triggered job that runs nightly and removes expired indicators.

  • Job triggered by delta in feed: Jobs can be triggered according to an event and run when there are changes to a feed. For example, you can define an event triggered job to run a playbook when a specified TIM feed finishes a fetch operation for new indicators.

Important

When configuring the playbook a job triggers, make sure the playbook closes the investigation before running a new job.

Learn how to set up a playbook to take indicators from a TIM feeds by reviewing setting up a job to process indicators. You can also Add Indicators to SIEM Using a Time Triggered Job.

In the Jobs page, you can see how many jobs are running, waiting, in error, etc. You can also take action such as creating a new job, editing, running, disabling, etc. When you create a job, it is added to the job table and an incident is usually created. If you select the job, you can see the Work Plan and the War Room for the incident.