Skip to main content

Reco

This Integration is part of the Reco Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Reco is a Saas data security solution that protects your data from accidental leaks and malicious attacks.

Configure Reco on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Reco.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Server URL (e.g. https://host.reco.ai/api/v1)True
    JWT app tokenTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Incident typeFalse
    Fetch incidentsFalse
    Max fetchFalse
    SourceIncidents SaaS SourceFalse
    BeforeCreated At time before which incidents will be fetchedFalse
    AfterCreated At time after which incidents will be fetchedFalse
    Risk levelRisk level of the incidents to fetchFalse
    First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

reco-update-incident-timeline#


Add a comment to an incident in Reco

Base Command#

reco-update-incident-timeline

Input#

Argument NameDescriptionRequired
commentComment to add to the incident.Required
incident_idIncident ID to add the comment to.Required

Context Output#

There is no context output for this command.

reco-resolve-visibility-event#


Resolve an event in Reco Finding. Reco Findings contains aggregations of events. This command resolves the event in the Reco Finding.

Base Command#

reco-resolve-visibility-event

Input#

Argument NameDescriptionRequired
entity_identity id of the file to resolve.Required
label_namelabel name to resolve (e.g. "Accessible to All Org Users", "Accessible by General Public").Required

Context Output#

There is no context output for this command.

reco-get-risky-users#


Get Risky Users from Reco

Base Command#

reco-get-risky-users

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
Reco.RiskyUsersunknownRisky Users

reco-add-risky-user-label#


Tag a user as risky in Reco

Base Command#

reco-add-risky-user-label

Input#

Argument NameDescriptionRequired
email_addressEmail address of the user to add to the risky users list in Reco.Required

Context Output#

There is no context output for this command.

reco-get-assets-user-has-access-to#


Get assets user has access to (optional to get only sensitive assets)

Base Command#

reco-get-assets-user-has-access-to

Input#

Argument NameDescriptionRequired
asset_ownerEmail address of the user who owns all the assetsRequired
only_sensitiveGet only sensitive filesOptional

Context Output#

There is no context output for this command.