* [Blog](https://www2.paloaltonetworks.com/blog) * [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/) * [Product Features](https://www2.paloaltonetworks.com/blog/security-operations/category/product-features/) * How Cortex XSOAR "Jobs" E... # How Cortex XSOAR "Jobs" Enable Proactive Security Operations [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Ffeature-focus-how-cortex-xsoar-jobs-enable-proactive-security-operations%2F) [](https://twitter.com/share?text=How+Cortex+XSOAR+%E2%80%9CJobs%E2%80%9D+Enable+Proactive+Security+Operations&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Ffeature-focus-how-cortex-xsoar-jobs-enable-proactive-security-operations%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Ffeature-focus-how-cortex-xsoar-jobs-enable-proactive-security-operations%2F&title=How+Cortex+XSOAR+%E2%80%9CJobs%E2%80%9D+Enable+Proactive+Security+Operations&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/feature-focus-how-cortex-xsoar-jobs-enable-proactive-security-operations/&ts=markdown) \[\](mailto:?subject=How Cortex XSOAR “Jobs” Enable Proactive Security Operations) Link copied By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh") Mar 13, 2018 5 minutes [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown) [Incident Response](https://www.paloaltonetworks.com/blog/tag/incident-response/?ts=markdown) [Jobs](https://www.paloaltonetworks.com/blog/tag/jobs/?ts=markdown) [SOAR](https://www.paloaltonetworks.com/blog/tag/soar/?lang=ja&ts=markdown) ## **Why Jobs?** When we created Cortex XSOAR (formerly known as Demisto), a main objective was to [optimize incident response in the SOC](https://www.paloaltonetworks.com/cortex/soar). We created a platform that can respond to incidents in split seconds based on playbooks that require little if any human intervention. Now that we have many customers around the world, we always ask -- how can we make your SOC even more efficient? One answer that we heard everywhere is that the SOC does not only respond to incidents, it also performs many operational tasks; SOCs make sure that detection systems are running and up-to-date, add URLs to the proxy white list, go through checklists when certain employees leave the organization, and so on. We analyzed many of these tasks and realized that, in most cases, our Cortex XSOAR server was already connected to the systems in question and all that was missing were relevant playbooks and a few other features that will allow customers to easily manage their SOC. We released this function about a year ago and it witnessed quick and encouraging adoption. We also realized that Jobs can help in proactively finding attacks before the detection systems discover them. ## **Desperately Seeking Attacks** Let's talk about the over-reliance on reactive investigative measures in SOCs today. Even well-functioning SOCs continue to have problems with proactively running checks that identify incipient attacks before they manifest themselves and generate an incident. In most cases, attacks will leave breadcrumbs and give out warning signals before they actually become 'attacks'; these signals can be picked up if SOCs proactively search for them instead of responding to incidents. Most SOCs do not proactively look for attacks simply because their staff are busy responding to incidents that have already been discovered. This is unlikely to change -- SOCs must prioritize, and we have not seen a single SOC where analysts are idle and can afford the luxury of searching for unknown attacks in their networks. Enter Jobs -- a Cortex XSOAR feature that runs playbooks and helps SOCs automate proactive security operations. In this blog, we'll go over the Jobs feature in Cortex XSOAR, which enables proactive security operations by facilitating both scheduled and on-demand playbook runs that orchestrate across the entire security product stack. ## **How Cortex XSOAR Jobs Work** Jobs in Cortex XSOAR are playbooks that you can either schedule to run at pre-determined times and frequencies or have easy access to for on-demand execution. ###### **++Jobs Screen:++** Jobs can be accessed by clicking the 'Jobs' button on the left toolbar. The default view of the Jobs page is given below: ![Cortex XSOAR Jobs Screen](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/07/Cortex-XSOAR-Jobs.png) Fig 1: The Jobs home screen shows a dashboard of all Jobs and a tabular view with Jobs details The top half of the screen shows a dashboard view of all the Jobs created by your SOC in Cortex XSOAR. You can see which Jobs are currently running, waiting for analyst input, disabled, or experiencing errors. If you have a large number of Jobs stored on the platform, you can write search queries or click on the sub-section of categories that you want to be shown. The bottom half of the screen shows a tabular view of the Jobs along with salient details such as Job Status (Idle, Enabled, Disabled), Run Status (Aborted, Running, Waiting, Error), the timeline of the Job's most recent run, when the next run is scheduled, and any additional details as notes. ###### **++Summary View:++** If you want to see details of a single Job, click on the 'Summary View' button. This is how the Summary View looks like: ![Cortex XSOAR Jobs Summary View](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/07/Cortex-XSOAR-Jobs-Summary-View.png) Fig 2: The Summary View shows the detailed run history of each Job In this view, you can study the run history of a particular Job. In the screenshot above, the 'Enrichment IOC' Job has been selected, and you can see details of each instance it was run, such as incident creation and closure times. ###### **++Creating a new Job:++** To create a new Job, click in the 'New Job' button on the top right of the page. ![Cortex XSOAR Create New Job Button](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/07/Cortex-XSOAR-New-Job.png) Fig 3: Click the 'New Job' button to create a new Job This will throw up the 'New Job' window, which looks like this: ![Cortex XSOAR New Job WIndow](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/07/Cortex-XSOAR-New-Job-Window.png) Fig 4: The New Job window Here, you can fill in the Job's name, assign owners as needed, choose the specific playbook that will run for this Job, enter timeline details if it's a scheduled Job, and add any other tags, labels, or details as relevant. Once done, just click the 'Create new job' button on the bottom right. ## **Cortex XSOAR Jobs Use Cases** Jobs can be used for any workflows that need to be implemented at regular intervals by the SOC. They are also useful for having playbooks at the ready and launching them proactively instead of triggering them when an incident occurs. A few use cases for Cortex XSOAR Jobs are: * Running scheduled VPN checks. * Threat hunting exercises using uploaded STIX files of IOCs. * Checks for expired SSL certificates. * Scans for vulnerable applications. * Policy compliance checks. * Checks on security system health. * Onboarding and removing privileged users. By using Cortex XSOAR's playbooks both as response mechanisms to incidents and as proactive Jobs, SOCs can cater to holistic security operations without being forced into a reaction-only mindset. To see Cortex XSOAR in action, you can download our [Free Community Edition](https://start.paloaltonetworks.com/sign-up-for-community-edition). *** ** * ** *** ## Related Blogs ### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Machine Learning: The Ideal Ally for Security Analysts](https://www2.paloaltonetworks.com/blog/security-operations/machine-learning-the-ideal-ally-for-security-analysts/) ### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Need For Speed: How Security ChatOps Helps SOCs Reduce MTTR](https://www2.paloaltonetworks.com/blog/security-operations/need-for-speed-how-security-chatops-helps-socs-reduce-mttr/) ### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Frequently Asked Questions About Security ChatOps](https://www2.paloaltonetworks.com/blog/security-operations/frequently-asked-questions-about-security-chatops/) ### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Using Artificial Intelligence to Enhance Cybersecurity Training](https://www2.paloaltonetworks.com/blog/security-operations/using-artificial-intelligence-to-enhance-cybersecurity-training/) ### [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Ten Security Orchestration Myths and Clarifications](https://www2.paloaltonetworks.com/blog/security-operations/ten-security-orchestration-myths-and-clarifications/) ### [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Automation: The Best Way to Fix a Breach](https://www2.paloaltonetworks.com/blog/security-operations/automation-the-best-way-to-fix-a-breach/) ### Subscribe to Security Operations Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language