Cognni

The Cognni connector offers a quick and simple integration with Demisto in order to provide ongoing insights into how your important information is used. With Cognni, you can autonomously detect information-specific incidents based on contextual factors, and automatically compile insights to investigate how incidents occur. This intelligence provides the details you need to remediate incidents, fast enough to make a difference.

This integration was integrated and tested with version 1.0 of Cognni

Configure Cognni on Cortex XSOAR

1. Navigate to Settings > Integrations > Servers & Services.

2. Search for Cognni.

3. Click Add instance to create and configure a new integration instance.

   Parameter	Description	Required
   url	Server URL	True
   isFetch	Fetch incidents	False
   incidentType	Incident type	False
   max_fetch	Maximum number of events per fetch	False
   apikey	API Key	True
   min_severity	Minimum severity of alerts to fetch	True
   first_fetch	First fetch time	False
   insecure	Trust any certificate (not secure)	False
   proxy	Use system proxy settings	False

4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

cognni-get-event

---

Fetches a single event by ID.

Base Command

cognni-get-event

Input

Argument Name	Description	Required
event_id	The ID of the event to fetch.	Required

Context Output

Path	Type	Description
Cognni.Event.id	String	Event ID.
Cognni.Event.date	Date	The date when the event occurred.
Cognni.Event.description	String	Description of the event.
Cognni.Event.severity	Number	Severity of the event.
Cognni.Event.sourceApplication	String	The ID of the application which initiated the event.

Command Example

!cognni-get-event event_id="9ba7fb56-8ace-4b3d-a1e9-08c466668e57"

Context Example

{

"Cognni": {

"event": {

"id": "9ba7fb56-8ace-4b3d-a1e9-08c466668e57",

"description": "N/A",

"sourceApplication": "Exchange",

"date": "2020-11-25T00:46:14.000Z"

}

}

}

Human Readable Output

Cognni event 9ba7fb56-8ace-4b3d-a1e9-08c466668e57

date	description	id	sourceApplication
2020-11-25T00:46:14.000Z	N/A	9ba7fb56-8ace-4b3d-a1e9-08c466668e57	Exchange

cognni-get-insight

---

Fetches a single insight by ID.

Base Command

cognni-get-insight

Input

Argument Name	Description	Required
insight_id	The ID of the insight to fetch.	Required

Context Output

Path	Type	Description
Cognni.insight.id	String	Insight ID.
Cognni.insight.name	String	Name of the insight.
Cognni.insight.description	String	Description of the insight.
Cognni.insight.severity	Number	Severity of the insight.

Command Example

!cognni-get-insight insight_id="74a53ab3-3e75-4444-9e7c-0be1e1bc26a9"

Context Example

{

"Cognni": {

"insights": {

"id": "c24405d5-49f5-48b8-b15c-1a1aba540979",

"name": "Medium sensitivity content, Shared to private email address",

"description": null,

"severity": 2

}

}

}

Human Readable Output

Cognni 1 insight

description	id	name	severity
	c24405d5-49f5-48b8-b15c-1a1aba540979	Medium sensitivity content, Shared to private email address	2

cognni-fetch-insights

---

Fetches insights according to severity.

Base Command

cognni-fetch-insights

Input

Argument Name	Description	Required
min_severity	Minimum severity of insights to fetch. Default is 2.	Required

Context Output

Path	Type	Description
Cognni.insights.id	String	List of insight IDs.
Cognni.insights.name	String	List of insight names.
Cognni.insights.description	String	List of insight descriptions.
Cognni.insights.severity	Number	List of insight severities.

Command Example

!cognni-fetch-insights min_severity=2

Context Example

{

"Cognni": {

"insights": [

{

"description": null,

"id": "4539ff6d-c58b-4a2a-a509-f121edbe97d7",

"name": "High sensitive Anonymous share",

"severity": 3

},

{

"description": null,

"id": "0875799c-6077-4f5f-b276-0e7baa2b89ab",

"name": "High sensitive content Shared inside the organization Anomaly",

"severity": 2

},

{

"description": null,

"id": "169b10e0-0970-430b-9709-61ccc312fdd0",

"name": "High Sensitive content Shared Outside the organization Anomaly",

"severity": 3

},

{

"description": null,

"id": "4cf8297f-b311-4cfa-9e8e-935606907e5f",

"name": "High Sensitive content Shared to private email address",

"severity": 3

},

{

"description": null,

"id": "537aa700-0eed-4998-b253-f809e1eacc00",

"name": "High sensitive content Shared to private email Address Anomaly",

"severity": 3

},

{

"description": null,

"id": "df061da3-13c1-4a59-8501-4d26bacd5b83",

"name": "Low Sensitive content Anonymous Share",

"severity": 2

},

{

"description": null,

"id": "c7723427-b075-4259-8fbc-19dab3861b92",

"name": "Low sensitive content Shared to private email address Anomaly",

"severity": 2

},

{

"description": null,

"id": "846c753b-1feb-4d21-ae43-ec81b9725636",

"name": "Medium sensitivity content, Anonymous share",

"severity": 3

},

{

"description": null,

"id": "f964659c-9cc3-4833-b535-0402cd953376",

"name": "Medium sensitivity content Shared outside the organization Anomaly",

"severity": 2

},

{

"description": null,

"id": "c24405d5-49f5-48b8-b15c-1a1aba540979",

"name": "Medium sensitivity content, Shared to private email address",

"severity": 2

},

{

"description": null,

"id": "c925372e-c2d5-4b61-b37e-399263ad58f9",

"name": "Medium sensitivity content Shared to private email Address Anomaly",

"severity": 3

}

]

}

}

Human Readable Output

Cognni 11 insights

description	id	name	severity
	4539ff6d-c58b-4a2a-a509-f121edbe97d7	High sensitive Anonymous share	3
	0875799c-6077-4f5f-b276-0e7baa2b89ab	High sensitive content Shared inside the organization Anomaly	2
	169b10e0-0970-430b-9709-61ccc312fdd0	High Sensitive content Shared Outside the organization Anomaly	3
	4cf8297f-b311-4cfa-9e8e-935606907e5f	High Sensitive content Shared to private email address	3
	537aa700-0eed-4998-b253-f809e1eacc00	High sensitive content Shared to private email Address Anomaly	3
	df061da3-13c1-4a59-8501-4d26bacd5b83	Low Sensitive content Anonymous Share	2
	c7723427-b075-4259-8fbc-19dab3861b92	Low sensitive content Shared to private email address Anomaly	2
	846c753b-1feb-4d21-ae43-ec81b9725636	Medium sensitivity content, Anonymous share	3
	f964659c-9cc3-4833-b535-0402cd953376	Medium sensitivity content Shared outside the organization Anomaly	2
	c24405d5-49f5-48b8-b15c-1a1aba540979	Medium sensitivity content, Shared to private email address	2
	c925372e-c2d5-4b61-b37e-399263ad58f9	Medium sensitivity content Shared to private email Address Anomaly	3