Skip to content

Scan Schedules

A ScanSchedule is a rule for how often and when to run a specific detection service.

How to create

  1. Schedules → New Schedule.
  2. Choose the scan type: HIBP / Pastebin / Code (GitHub+GitLab) / Ransomware.
  3. Give it a name — for convenience, e.g., "GitHub hourly — production domains".
  4. Configure the parameters (below).
  5. Save.

Parameters

Frequency

  • hourly — every hour.
  • every_6h — every 6 hours.
  • daily — once a day.
  • weekly — once a week.
  • monthly — once a month.
  • disabled — paused (saved but doesn't run).

Start at

If you don't want scanning to begin immediately when the schedule is created — pick a future datetime. Useful to:

  • Avoid load spikes while you're browsing the dashboard.
  • Run scans overnight (e.g., 02:00 UTC) — less noisy in your infrastructure logs.

Active

A temporary pause without losing settings. Useful when:

  • Debugging false positives — turn off temporarily, tweak filters, turn back on.
  • Quota limits — e.g., you've blown HIBP monthly cap and want to wait until next month.

Linked report

Optional — every scan will automatically refresh the linked report. Useful for:

  • Regular CISO reports — always fresh.
  • Compliance audits — auditor sees current data.
  • Customer-facing reports (MSSP) — clients get auto-updated reports.

Sample schedules

Small company (10 employees)

Schedule Type Frequency Start Linked report
Daily HIBP HIBP daily 02:00 Weekly CISO report
Hourly Pastebin Pastebin hourly
Hourly Code Code hourly
Ransomware watch Ransomware every_6h Monthly board report

Enterprise (1000+ employees)

Same as above, plus: - Multiple HIBP schedules for different domains (subsidiaries). - Separate hourly schedule for critical DataSources. - Separate weekly schedule for legacy/low-priority items.

How it works under the hood

Schedules are run by Celery Beat — an internal scheduler. At time T:

  1. The scheduler sees this schedule is due.
  2. Enqueues a task.
  3. A worker picks the task up and runs the scan.
  4. Saves findings, refreshes the linked report, sends notifications.

If the worker is overloaded — the task waits in queue; the scheduler doesn't skip cycles.

Troubleshooting

Schedule isn't running? - Check Active state. - Check that the detection service is connected and has a valid API key. - Check the Audit log in Settings — errors show up there.

Duplicate runs? Can happen if two schedules have identical parameters. Check for duplicates.

A scan takes too long? Some scans (Org-based GitHub of a large org) can take hours. For those, every_6h is more appropriate than hourly — otherwise the next cycle starts before the previous finishes.