Scheduling Hunts

Scheduling hunts provide you with the ability to search selected assets using forensic jobs to detect suspicious behavior.

To schedule a hunt:

1. Click Investigations from the InsightIDR menu.

2. From the Investigations page, click the Schedule Hunt link.

3. When the New Scheduled Hunt screen appears, enter the name of the Hunt in the Hunt Name field.

4. Enter the asset(s) to include. A list displays after you type in a few characters in the Assets field.

5. Select the frequency you want to schedule the hunt from the Frequency dropdown menu.

6. Enter the time you want to run the Hunt in the Schedule Time field. Use the HH:MM:SS format.
7. Select a job from the Job dropdown menu.

8. Enter the job parameters in the Job Parameters field.
9. Click the Schedule button.

The Scheduled Hunt returns results based on the parameters you selected. The following screen capture displays the results from a Scheduled Hunt.

What's Next?

• Endpoint Monitoring with InsightIDR
• Installing and Setting Up the Endpoint Monitor
• Adding Credentials
• Viewing Assets and Endpoints
• Scheduling Hunts
• Forensics Jobs
• Viewing Lateral Movement
• Understanding New Incidents