Skip to content
XDR Forensics Knowledge Base

Schedule Hunt/Triage Tasks

XDR Forensics Hunt/Triage Scheduled Task via API Script by using crontab

Section titled “XDR Forensics Hunt/Triage Scheduled Task via API Script by using crontab”

  • Move the script file to a directory, such as the /opt directory, as shown below.

    mv air-triage-task-via-api.sh /opt/air-triage-task-via-api.sh

  • Update the console address and API Token value in the script. You must add the desired hunt/triage rule id values to the “triageRuleIds” field.

For example, there are two default rules below; you can change them.

“fireeye-red-team-tools-countermeasures”, “fireeye-sunburst-countermeasures”

  • Add it as a cronjob by running the command below.

    crontab -e

  • After running the above command, add the following lines in the editor.

# At 00:00 on Sunday 0 0 * * 0 /opt/air-triage-task.sh