Scheduler 1.4.0
- 30 Mar 2022
- 1 Minute to read
- DarkLight
- PDF
Scheduler 1.4.0
- Updated on 30 Mar 2022
- 1 Minute to read
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback!
tags: Python | Automation | Scheduler | Azure Blob | Auto Execution | Timeout | Schedule
Description
Scheduler automation enables CDC users to have a planned execution of queries and tasks for better incident response.
Scheduler automation is created to be a generic scheduler. It takes inputs as CSV, with fields such as Blob address, query, frequency, etc. - and then queries are scheduled. Once the query results are successfully returned, they are stored back in the Blob storage, which is provided by the requester during input.
This pack uses Azure Blob and ST2 functionalities to achieve scheduling functionalities.
CyberProof uses custom messages to update the status of the query scheduler and executions. No adaptive cards are used to display the data, since the data is returned on the Blob storage.
| Integration Type: | Automation |
| Information read: | Details from SIEM based on the queries provided by the end user. |
| API Supported: | N/A |
| Input: | Blob address, query, frequency |
| Output: | Detailed information as a response to a query executed which is stored in Blob storage. |
CDC Command Lines
- schedule_log_analytics_queries_cli
The CLI of the CDC, of schedule_log_analytics_queries in the CDC. While running the CLI, enter Channel ID (in CDC version < 2.2) message thread.
| Option | Type | Description | Required |
|---|---|---|---|
| channel_id | string | Read the channel ID. | False |
| file_name | string | file_name | True |
Workflows
scheduler_query_and_upload_blob
Query log analytics and upload the result to Blob.scheduler_workflow
Schedules workflow.schedule_log_analytics_queries
Post parse-input-file-content in the CDC, by the ID of the incident/message/channel.
Rules
No rules
Sensors
No sensors
Triggers
No triggers
Known Issues
No known issues
Was this article helpful?