How to Create an Event-Based Job

Jobs allow you to define automations in Resoto and can be triggered by the events emitted by the collect_and_cleanup workflow.

Prerequisites

This guide assumes that you have already installed Resoto.

Directions

1. Define the action you would like to automate. For example, let's say we want to create a PagerDuty alert if a publicly accessible database is detected:

   > search is(database) and db_publicly_accessible==true | pagerduty summary="Databases found that are publicly accessible" dedup_key="dbs_publicly_accessible"
   tip

   See Search How-To Guides for guidance on how to write search queries.

2. Determine the event trigger for the job. In this case, since we want to send an alert as soon as a publicly accessible database is detected, we'll use the post_collect event to trigger the job.

3. Now that we've defined the action and decided on the trigger, create the job using the job add command (replace the value of the --id parameter with a unique job identifier):

   > job add --id alert_public_dbs --wait-for-event post_collect 'search is(database) and db_publicly_accessible==true | pagerduty summary="Databases found that are public to the internet" dedup_key="dbs_publicly_accessible"'

Related How-To Guides

• How to Create a Scheduled Event-Based Job
• How to Create a Scheduled Job

Further Reading

• Automation
• Cloud Data Sync
• Command-Line Interface
• Events
• Workflows