The Job Scheduler page provides a list of all jobs that are defined in your USM Anywhere environment. Many jobs are predefined (out-of-the-box) items for log collection and asset scans, and some of these require enablement to run according to the defined schedule. You can also define your own custom jobs to schedule automatic log collection, asset scans, and asset group scans. There are a number of apps in USM Anywhere that support the creation of scheduled jobs for user behavior monitoring. From the Job Scheduler Page you can review the list of scheduled user behavior monitoring scan jobs. See Managing Jobs in the Scheduler for more information.
The Job Scheduler Page
The Job Scheduler page includes navigation and filtering elements to help you locate the jobs you want to review. When you go to Settings > Scheduler, the page displays all jobs by default. You can select one of the job types in the left navigation to display only the jobs of that type:
- Log Collection: Select this display option to review the list of scheduled log collection jobs. See Log Collection from Your Data Sources for more information.
- Asset Scans: Select this option to review the list of scheduled asset scan jobs. This option displays both asset scan, authenticated asset scan, and asset discovery jobs. See Scheduling Asset Scans from Assets, Scheduling Authenticated Asset Scans from Assets, and Scheduling Asset Scans from the Job Scheduler Page for more information.
- Asset Group Scans: Select this option to review the list of scheduled asset group scan jobs. This option displays both asset group scan and authenticated asset group scan jobs. See Scheduling Asset Group Scans from Asset Groups, Scheduling Authenticated Asset Group Scans from Asset Groups, and Scheduling Asset Groups Scans from the Job Scheduler Page for more information.
- User Scans: Select this option to review the list of scheduled user behavior monitoring scan jobs. See Managing User Discovery Jobs in the Scheduler.
To change the sort order of the displayed list, click the column label for the field that you want to use to sort the list. Use the filters in the upper side of the list to change the displayed list so that it includes only the jobs you want to see.
- Filter by: Enter a search string for the name of the app or the job name to display only matching jobs.
- Sensor: If you have more than one deployed USM Anywhere Sensor, select a SensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. to display only the jobs that are configured for it. You also have the option All Sensors to display all sensors you have in your environment.
Job Type: Set this option to display only the jobs of the selected type. The available items are based on the jobs currently displayed on the page:
- All Types
- Asset Discovery
- User Scan
- Task Status: Set this option to display only jobs for the selected status, Enabled or Disabled. You also have the option All Tasks.
- Clear All Filters : Click this button to remove filtering options and display all items for the category selected in the left navigation.
When you locate a scheduled job in the list, you can select it to expand the details for the job and review its history.
When most logs in your AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform. or AzureMicrosoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. account are enabled, USM Anywhere automatically discovers them and they can start generating eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall., based on CloudTrailAWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you., S3, ELBElastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances in the cloud. Access, Azure Security Event logs, and others. But, because these out-of-box log collection and asset scan jobs deploy disabled initially, you must decide which jobs you want to activate and enable them.
You can disable or enable a predefined or custom job in the Job Scheduler page.
To enable scheduled jobs
- Go to Settings > Scheduler to open the Job Scheduler page.
- Locate the jobs with which you want to enable to collect events or asset information, and click the icon.
This turns the icon green. To disable an already-enabled job, toggle the icon to its original status.
USM Anywhere includes defined jobs to perform many of the standard log collection and scanning actions that you will need to monitor your networks. These jobs are predefined to run using a recurrence according to industry best practices. However, if you need to define a scheduled job to perform log collection, asset scans, or asset group scans, you can add a new job directly on the Job Scheduler page.
To create a new job
- Go to Settings > Scheduler to open the Job Scheduler page.
- In the upper right of the page, click New Job.
- If you have selected Log Collection in the left navigation panel, this button is labeled Create Log Collection Job. This limits the options in the dialog to those that define a log collection job.
- If you have selected Asset Scans or Asset Group Scans in the left navigation panel, this button is labeled Create Scan Job. This limits the options in the dialog to those that define an asset scan, asset group scan, or asset discovery job.
- If you have selected User Scans in the left navigation panel, this button doesn't display because this option is used to review the list of scheduled user behavior monitoring scan jobs.
Enter the name and description for the job.
The description is optional, but it is a best practice to provide this information so that others can easily understand what it does.
- Active Directory Scanner
- Amazon Web Services
- Asset Scanner
- Authenticated Asset Scanner
- Forensics and Response App
In the Schedule section, specify when USM Anywhere runs the job:
- Select the increment as Minute, Hour, Day, Week, Month, or Year.
Set the interval options for the increment.
The selected increment determines the available options. For example, on a weekly increment you can select the days of the week to run the job.
Or on a monthly increment, you can specify a date or a day of the week that occurs within the month.
Set the Start time.
This is the time that the job starts at the specified interval. It uses the time zone configured for your USM Anywhere instance (default is Coordinated Universal Time [UTC]).
You cannot change or delete the parameters of the out-of-the-box jobs in USM Anywhere. You can only enable or disable the predefined jobs. However, you can make changes to the scheduled jobs that you have defined, such as changing the schedule parameters to run the job more or less frequently. If a custom job is no longer needed, you can delete it.
To make changes to a custom job
- Locate the job in the Job Scheduler list.
- In the row for the job, click the icon.
- In the Edit Job dialog, change the parameters for the job as needed.
- Click Save.
See Add a New Custom Job for more information about these options.
To delete a custom job