Run client interrogation periodically. This is a sample event artifact to schedule a hunt periodically. You can change it to launch other artifacts.
name: Server.Monitoring.ScheduleHunt
description: |
Run client interrogation periodically. This is a sample event
artifact to schedule a hunt periodically. You can change it to
launch other artifacts.
type: SERVER_EVENT
parameters:
- name: ScheduleDayRegex
default: Tuesday
type: regex
- name: ScheduleTimeRegex
default: "01:28:"
type: regex
- name: HuntDescription
default: "Periodic info hunt"
sources:
- query: |
LET schedule = SELECT
UTC.String AS Now,
Weekday.String AS Today
FROM clock(period=60)
WHERE Now =~ ScheduleTimeRegex
AND Today =~ ScheduleDayRegex
AND log(message="Launching at time " + Now)
SELECT hunt(artifacts=["Generic.Client.Info"],
spec=dict(`Generic.Client.Info`=dict()),
description=HuntDescription)
FROM schedule