Scheduling Scans¶
Automate recurring security scans with flexible scheduling options.
Overview¶
Schedule scans to run automatically at specified times or intervals.
Benefits: - Continuous monitoring - Consistent testing - Reduced manual effort - Timely detection - Compliance requirements
Creating a Schedule¶
Basic Schedule¶
Steps: 1. Navigate to Automation Engine → Scheduling 2. Click Create Schedule 3. Configure schedule: - Name: Descriptive name - Runbook/Attack Tree: Select testing strategy - Target: What to scan - Engagement: Associate with engagement - Schedule: When to run - Notifications: Alert preferences 4. Click Create
Schedule Configuration¶
Required Fields: - Name: Descriptive schedule name - Type: Runbook or Attack Tree - Target: URL, domain, IP, or range - Engagement: Associated engagement - Schedule: Frequency and timing
Optional Fields: - Description: Purpose and notes - Tags: Organizational tags - Priority: Execution priority - Timeout: Max execution time - Retry: Retry on failure - Notifications: Who to notify
Schedule Types¶
One-Time Schedule¶
Run once at a specific future time:
Example:
Use Cases: - Pre-planned assessments - Specific event testing - Scheduled maintenance windows
Recurring Schedules¶
Daily¶
Run every day at specified time:
Example:
Use Cases: - Continuous monitoring - Daily health checks - Change detection
Weekly¶
Run on specific days of the week:
Example:
Use Cases: - Regular assessments - Weekly compliance scans - Periodic deep scans
Monthly¶
Run on specific day(s) of the month:
Example:
Use Cases: - Monthly compliance - Quarterly assessments - Periodic audits
Custom Cron Expression¶
Advanced scheduling with cron syntax:
Example:
Cron Format:
* * * * *
│ │ │ │ │
│ │ │ │ └─ Day of week (0-7, 0 and 7 are Sunday)
│ │ │ └─── Month (1-12)
│ │ └───── Day of month (1-31)
│ └─────── Hour (0-23)
└───────── Minute (0-59)
Common Patterns:
# Every hour
0 * * * *
# Every 6 hours
0 */6 * * *
# Weekdays at 2 AM
0 2 * * 1-5
# First day of month
0 0 1 * *
# Every Sunday at midnight
0 0 * * 0
Schedule Management¶
Viewing Schedules¶
Schedule List: 1. Navigate to Automation Engine → Scheduling 2. View all schedules 3. Filter by: - Status (active/paused) - Engagement - Runbook - Next execution
Schedule Details: - Name and description - Schedule pattern - Next execution time - Last execution - Execution history - Success rate
Editing Schedules¶
Modify Schedule: 1. Click schedule in list 2. Click Edit 3. Update fields 4. Click Save
Editable Fields: - Name and description - Schedule pattern - Target - Notifications - Priority - Timeout
Note: Editing doesn't affect running executions
Pausing/Resuming¶
Pause Schedule: 1. Select schedule 2. Click Pause 3. Confirm
Resume Schedule: 1. Select paused schedule 2. Click Resume 3. Next execution calculated
Use Cases: - Temporary maintenance - Target unavailable - Testing changes - Resource constraints
Deleting Schedules¶
Delete Schedule: 1. Select schedule 2. Click Delete 3. Confirm deletion
Warning: Cannot be undone. Historical executions remain.
Execution History¶
Viewing History¶
Per-Schedule History: 1. Click schedule 2. View Execution History tab 3. See all past runs
Information Shown: - Execution time - Duration - Status (success/failed) - Assets found - Vulnerabilities found - Logs
Analyzing Trends¶
Trend Analysis: - Success rate over time - Average duration - Asset growth - Vulnerability trends - Failure patterns
Comparative View: - Compare executions - Identify changes - Track improvements - Spot anomalies
Notifications¶
Notification Configuration¶
Per-Schedule Notifications: 1. Edit schedule 2. Configure Notifications section 3. Select events: - Scan started - Scan completed - Scan failed - Critical vulnerability found - New assets discovered 4. Select recipients 5. Save
Notification Channels: - Email - In-app - Webhook - Slack/Teams (via webhook)
Notification Templates¶
Email Notifications: - Subject: Schedule name and status - Body: Execution summary - Attachments: Reports (optional)
Webhook Payload:
{
"event": "schedule.execution.completed",
"scheduleId": "SCHEDULE_ID",
"executionId": "EXECUTION_ID",
"status": "success",
"assetsFound": 42,
"vulnerabilitiesFound": 5,
"timestamp": "2024-12-04T12:00:00Z"
}
Best Practices¶
Scheduling¶
✅ Off-Peak Times: Schedule during low-traffic periods
✅ Stagger Scans: Don't run all schedules simultaneously
✅ Allow Buffer: Time between consecutive scans
✅ Test First: Run manually before scheduling
✅ Document Purpose: Note why scheduled
Timing¶
✅ Consider Timezones: Use appropriate timezone
✅ Avoid Peak Hours: Don't impact production
✅ Maintenance Windows: Respect maintenance schedules
✅ Business Hours: Consider business impact
✅ Rate Limits: Don't exceed target limits
Monitoring¶
✅ Check Regularly: Review execution history
✅ Investigate Failures: Don't ignore errors
✅ Track Trends: Monitor success rates
✅ Adjust as Needed: Optimize based on results
✅ Clean Up: Remove unused schedules
Examples¶
Example 1: Daily Monitoring¶
Scenario: Monitor production website daily
Name: Production Daily Scan
Type: Daily
Time: 02:00 AM EST
Runbook: Quick Web Scan
Target: https://www.example.com
Engagement: Production Monitoring
Notifications: On failure or critical vulns
Example 2: Weekly Deep Scan¶
Scenario: Comprehensive weekly assessment
Name: Weekly Security Audit
Type: Weekly
Days: Sunday
Time: 01:00 AM EST
Runbook: Comprehensive Security Audit
Target: *.example.com
Engagement: Security Assessment
Notifications: Always
Example 3: Monthly Compliance¶
Scenario: Monthly PCI DSS scan
Name: Monthly PCI Scan
Type: Monthly
Day: 1st of month
Time: 00:00 AM EST
Runbook: PCI DSS Compliance Scan
Target: Payment processing systems
Engagement: Compliance
Notifications: Always, with report
Example 4: Continuous Monitoring¶
Scenario: Monitor every 6 hours
Name: Continuous Monitoring
Type: Custom Cron
Cron: 0 */6 * * *
Runbook: Change Detection
Target: https://api.example.com
Engagement: API Monitoring
Notifications: On changes
Troubleshooting¶
Schedule Not Running¶
Check: - Schedule is active (not paused) - Next execution time is future - Engagement is active - Target is reachable - Permissions sufficient
Executions Failing¶
Investigate: - Check execution logs - Verify target accessibility - Review schedule configuration - Check resource availability - Validate credentials
Missed Executions¶
Causes: - System maintenance - Resource constraints - Queue full - Schedule paused - Engagement inactive
Solution: - Check system status - Review resource limits - Verify schedule active - Check engagement status
Related: Automation Engine | Attack Platform | Monitoring