Scan Schedules¶
A ScanSchedule is a rule for how often and when to run a specific detection service.
How to create¶
- Schedules → New Schedule.
- Choose the scan type: HIBP / Pastebin / Code (GitHub+GitLab) / Ransomware.
- Give it a name — for convenience, e.g., "GitHub hourly — production domains".
- Configure the parameters (below).
- Save.
Parameters¶
Frequency¶
hourly— every hour.every_6h— every 6 hours.daily— once a day.weekly— once a week.monthly— once a month.disabled— paused (saved but doesn't run).
Start at¶
If you don't want scanning to begin immediately when the schedule is created — pick a future datetime. Useful to:
- Avoid load spikes while you're browsing the dashboard.
- Run scans overnight (e.g.,
02:00 UTC) — less noisy in your infrastructure logs.
Active¶
A temporary pause without losing settings. Useful when:
- Debugging false positives — turn off temporarily, tweak filters, turn back on.
- Quota limits — e.g., you've blown HIBP monthly cap and want to wait until next month.
Linked report¶
Optional — every scan will automatically refresh the linked report. Useful for:
- Regular CISO reports — always fresh.
- Compliance audits — auditor sees current data.
- Customer-facing reports (MSSP) — clients get auto-updated reports.
Sample schedules¶
Small company (10 employees)¶
| Schedule | Type | Frequency | Start | Linked report |
|---|---|---|---|---|
| Daily HIBP | HIBP | daily | 02:00 | Weekly CISO report |
| Hourly Pastebin | Pastebin | hourly | — | — |
| Hourly Code | Code | hourly | — | — |
| Ransomware watch | Ransomware | every_6h | — | Monthly board report |
Enterprise (1000+ employees)¶
Same as above, plus: - Multiple HIBP schedules for different domains (subsidiaries). - Separate hourly schedule for critical DataSources. - Separate weekly schedule for legacy/low-priority items.
How it works under the hood¶
Schedules are run by Celery Beat — an internal scheduler. At time T:
- The scheduler sees this schedule is due.
- Enqueues a task.
- A worker picks the task up and runs the scan.
- Saves findings, refreshes the linked report, sends notifications.
If the worker is overloaded — the task waits in queue; the scheduler doesn't skip cycles.
Troubleshooting¶
Schedule isn't running?
- Check Active state.
- Check that the detection service is connected and has a valid API key.
- Check the Audit log in Settings — errors show up there.
Duplicate runs? Can happen if two schedules have identical parameters. Check for duplicates.
A scan takes too long?
Some scans (Org-based GitHub of a large org) can take hours. For those, every_6h is more appropriate than hourly — otherwise the next cycle starts before the previous finishes.