Reco
Reco Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
Reco is a Saas data security solution that protects your data from accidental leaks and malicious attacks.
#
Configure Reco on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Reco.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Server URL (e.g. https://host.reco.ai/api/v1) True JWT app token True Trust any certificate (not secure) False Use system proxy settings False Incident type False Fetch incidents False Max fetch False Source Incidents SaaS Source False Before Created At time before which incidents will be fetched False After Created At time after which incidents will be fetched False Risk level Risk level of the incidents to fetch False First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days) False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
reco-update-incident-timelineAdd a comment to an incident in Reco
#
Base Commandreco-update-incident-timeline
#
InputArgument Name | Description | Required |
---|---|---|
comment | Comment to add to the incident. | Required |
incident_id | Incident ID to add the comment to. | Required |
#
Context OutputThere is no context output for this command.
#
reco-resolve-visibility-eventResolve an event in Reco Finding. Reco Findings contains aggregations of events. This command resolves the event in the Reco Finding.
#
Base Commandreco-resolve-visibility-event
#
InputArgument Name | Description | Required |
---|---|---|
entity_id | entity id of the file to resolve. | Required |
label_name | label name to resolve (e.g. "Accessible to All Org Users", "Accessible by General Public"). | Required |
#
Context OutputThere is no context output for this command.
#
reco-get-risky-usersGet Risky Users from Reco
#
Base Commandreco-get-risky-users
#
InputArgument Name | Description | Required |
---|
#
Context OutputPath | Type | Description |
---|---|---|
Reco.RiskyUsers | unknown | Risky Users |
#
reco-add-risky-user-labelTag a user as risky in Reco
#
Base Commandreco-add-risky-user-label
#
InputArgument Name | Description | Required |
---|---|---|
email_address | Email address of the user to add to the risky users list in Reco. | Required |
#
Context OutputThere is no context output for this command.
#
reco-get-assets-user-has-access-toGet assets user has access to (optional to get only sensitive assets)
#
Base Commandreco-get-assets-user-has-access-to
#
InputArgument Name | Description | Required |
---|---|---|
asset_owner | Email address of the user who owns all the assets | Required |
only_sensitive | Get only sensitive files | Optional |
#
Context OutputThere is no context output for this command.