Jobs run playbooks and are either time-triggered (run at specific times) or event triggered (run when there are changes to a feed).
Jobs enable you to run playbooks based on certain events or at a specific time and date. You can define the following jobs:
Time triggered job: Jobs can be time triggered and run at specific times. For example, you can schedule a time triggered job that runs nightly and removes expired indicators.
Job triggered by delta in feed: Jobs can be triggered according to an event and run when there are changes to a feed. For example, you can define an event triggered job to run a playbook when a specified TIM feed finishes a fetch operation for new indicators.
Important
When configuring the playbook a job triggers, make sure the playbook closes the investigation before running a new job.
Learn how to set up a playbook to take indicators from a TIM feeds by reviewing setting up a job to process indicators. You can also Add Indicators to SIEM Using a Time Triggered Job.
In the
page, you can see how many jobs are running, waiting, in error, etc. You can also take action such as creating a new job, editing, running, disabling, etc. When you create a job, it is added to the job table and an incident is usually created. If you select the job, you can see the Work Plan and the War Room for the incident.