Job Scheduler
Overview
The Job Scheduler component includes functionality for working with search jobs. A search job is a query that is executed on a specified schedule, and the results obtained are processed by various active actions. An active action is a specific processing of the results of a search query, such as creating an incident, sending an email notification, and other actions.
In the main section of the component, there is a list of all jobs:
Example of a scheduled search job:
Tasks can be created manually by the user or provided as part of some module as accompanying content.
A colored indicator shows the task status:
- Inactive tasks: 🔴
Red - Active tasks: 🟢
Green
Various active actions are possible based on the results of executing a scheduled job, such as sending results via email, creating incidents, aggregating results into an index, and more.
The complete list of possible actions includes:
- Sending Email
- Index Aggregation
- Event Indexing
- Incident Creation
- Database Write
- Event Logging
- MITRE ATTACK Technique Mapping
- MITRE ATTACK Risk Score Assignment
- Launching Another Search
- Running a Script
- Webhook
For more details on creating and configuring scheduled jobs, refer to the article Job Scheduler.