Back to binalyze.com

Schedule Hunt/Triage Tasks

This page provides a guide of how users can schedule Hunt/Triage tasks via the AIR API.

AIR Hunt/Triage Scheduled Task via API Script by using crontab

  • Download the script and grant permission to run.

    wget https://cdn.binalyze.com/air-deploy/scripts/air-triage-task-via-api.sh chmod +x air-triage-task-via-api.sh

  • Download the script and grant permission to run (URL is an example).

    wget https://<tenantname>.cisco-<region>.binalyze.io /air-deploy/scripts/air-triage-task-via-api.sh chmod +x air-triage-task-via-api.sh

  • Move the script file to a directory, such as the /opt directory, as shown below.

    mv air-triage-task-via-api.sh /opt/air-triage-task-via-api.sh

  • Update the console address and API Token value in the script. You must add the desired hunt/triage rule id values to the "triageRuleIds" field.

For example, there are two default rules below; you can change them.

"fireeye-red-team-tools-countermeasures", "fireeye-sunburst-countermeasures"

  • Add it as a cronjob by running the command below.

    crontab -e

  • After running the above command, add the following lines in the editor.

# At 00:00 on Sunday 0 0 * * 0 /opt/air-triage-task.sh

PreviousHunt/TriageNextHunt/Triage Rule Templates

Last updated

Was this helpful?