Configure a job to trigger a playbook when a specified
feed completes a fetch operation in Cortex XSOAR.
You can define a job to trigger a playbook
when the specified feed or feeds finish a fetch operation that included
a modification to the feed. The modification can be a new indicator,
a modified indicator, or a removed indicator.
For example,
let’s say you want to update your firewall every time a URL is added
to, modified, or removed from the Office 365 feed. You can configure
a job that triggers that playbook to run whenever a modification
is made to that feed.
You can customize the new job form by
editing the Indicator Feed incident type.
If you want to trigger a job after a feed completes
a fetch operation, and the feed does not change frequently, you
can select the
Reset last seen
option in
the feed integration instance. The next time the feed fetches indicators,
it will process them as new indicators in the system.
Go to the
Jobs
section.
Click the
New Job
button.
Configure the job parameters.
Parameter
Description
Job type
Select the
Feed triggered
option.
Trigger
Define the trigger for the playbook.
All
feeds
: the playbook will run when a modification is made to
any feed.
Specific feeds
: select the feed instances that will
trigger the playbook to run when a modification is made to the specified
feed instances.
Name
A meaningful name for the job.
Playbook
The playbook that will run when the conditions
for the job are met.
Tags
Add tags to apply to the job, which you can
use as a search parameter in the system.
