| Live Search | ||
|---|---|---|
|
Scheduled searches allow you to create a search that occurs on a defined schedule.
Steps for Creating a Scheduled Search
USE CASE: You would like to run a weekly search for specific file-based IOC's related to malware or ransomware.
1.Select "New Schedule" from the upper right corner
2. Select how often you would like the schedule to repeat. Daily (once a day), Weekly (once a week), or Monthly (once a month)
3. Select a start date/time and end date/time by clicking on the appropriate icons (or manually enter the information)
4. Once an end date is selected, click on the "Display schedule times" to verify your scheduled search.
5. Enter a name for the schedule name and select a the job for to hold the scheduled search to run in.
6. Select "Create Schedule" to define your search criteria.
7. You will automatically be directed to the Search Criteria page. Enter all information to define your search including endpoints and other criteria. When finished, select "Search". You will see a verification of your search name, select the arrow to create your scheduled search.
Next - Interrogate Searching