Cognni

The Cognni connector offers a quick and simple integration with Demisto in order to provide ongoing insights into how your important information is used. With Cognni, you can autonomously detect information-specific incidents based on contextual factors, and automatically compile insights to investigate how incidents occur. This intelligence provides the details you need to remediate incidents, fast enough to make a difference.

This integration was integrated and tested with version 1.0 of Cognni

Configure Cognni on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Cognni.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    urlServer URLTrue
    isFetchFetch incidentsFalse
    incidentTypeIncident typeFalse
    max_fetchMaximum number of events per fetchFalse
    apikeyAPI KeyTrue
    min_severityMinimum severity of alerts to fetchTrue
    first_fetchFirst fetch timeFalse
    insecureTrust any certificate (not secure)False
    proxyUse system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

cognni-get-event


Fetches a single event by ID.

Base Command

cognni-get-event

Input

Argument NameDescriptionRequired
event_idThe ID of the event to fetch.Required

Context Output

PathTypeDescription
Cognni.Event.idStringEvent ID.
Cognni.Event.dateDateThe date when the event occurred.
Cognni.Event.descriptionStringDescription of the event.
Cognni.Event.severityNumberSeverity of the event.
Cognni.Event.sourceApplicationStringThe ID of the application which initiated the event.

Command Example

!cognni-get-event event_id="9ba7fb56-8ace-4b3d-a1e9-08c466668e57"

Context Example

{
"Cognni": {
"event": {
"id": "9ba7fb56-8ace-4b3d-a1e9-08c466668e57",
"description": "N/A",
"sourceApplication": "Exchange",
"date": "2020-11-25T00:46:14.000Z"
}
}
}

Human Readable Output

Cognni event 9ba7fb56-8ace-4b3d-a1e9-08c466668e57

datedescriptionidsourceApplication
2020-11-25T00:46:14.000ZN/A9ba7fb56-8ace-4b3d-a1e9-08c466668e57Exchange

cognni-get-insight


Fetches a single insight by ID.

Base Command

cognni-get-insight

Input

Argument NameDescriptionRequired
insight_idThe ID of the insight to fetch.Required

Context Output

PathTypeDescription
Cognni.insight.idStringInsight ID.
Cognni.insight.nameStringName of the insight.
Cognni.insight.descriptionStringDescription of the insight.
Cognni.insight.severityNumberSeverity of the insight.

Command Example

!cognni-get-insight insight_id="74a53ab3-3e75-4444-9e7c-0be1e1bc26a9"

Context Example

{
"Cognni": {
"insights": {
"id": "c24405d5-49f5-48b8-b15c-1a1aba540979",
"name": "Medium sensitivity content, Shared to private email address",
"description": null,
"severity": 2
}
}
}

Human Readable Output

Cognni 1 insight

descriptionidnameseverity
c24405d5-49f5-48b8-b15c-1a1aba540979Medium sensitivity content, Shared to private email address2

cognni-fetch-insights


Fetches insights according to severity.

Base Command

cognni-fetch-insights

Input

Argument NameDescriptionRequired
min_severityMinimum severity of insights to fetch. Default is 2.Required

Context Output

PathTypeDescription
Cognni.insights.idStringList of insight IDs.
Cognni.insights.nameStringList of insight names.
Cognni.insights.descriptionStringList of insight descriptions.
Cognni.insights.severityNumberList of insight severities.

Command Example

!cognni-fetch-insights min_severity=2

Context Example

{
"Cognni": {
"insights": [
{
"description": null,
"id": "4539ff6d-c58b-4a2a-a509-f121edbe97d7",
"name": "High sensitive Anonymous share",
"severity": 3
},
{
"description": null,
"id": "0875799c-6077-4f5f-b276-0e7baa2b89ab",
"name": "High sensitive content Shared inside the organization Anomaly",
"severity": 2
},
{
"description": null,
"id": "169b10e0-0970-430b-9709-61ccc312fdd0",
"name": "High Sensitive content Shared Outside the organization Anomaly",
"severity": 3
},
{
"description": null,
"id": "4cf8297f-b311-4cfa-9e8e-935606907e5f",
"name": "High Sensitive content Shared to private email address",
"severity": 3
},
{
"description": null,
"id": "537aa700-0eed-4998-b253-f809e1eacc00",
"name": "High sensitive content Shared to private email Address Anomaly",
"severity": 3
},
{
"description": null,
"id": "df061da3-13c1-4a59-8501-4d26bacd5b83",
"name": "Low Sensitive content Anonymous Share",
"severity": 2
},
{
"description": null,
"id": "c7723427-b075-4259-8fbc-19dab3861b92",
"name": "Low sensitive content Shared to private email address Anomaly",
"severity": 2
},
{
"description": null,
"id": "846c753b-1feb-4d21-ae43-ec81b9725636",
"name": "Medium sensitivity content, Anonymous share",
"severity": 3
},
{
"description": null,
"id": "f964659c-9cc3-4833-b535-0402cd953376",
"name": "Medium sensitivity content Shared outside the organization Anomaly",
"severity": 2
},
{
"description": null,
"id": "c24405d5-49f5-48b8-b15c-1a1aba540979",
"name": "Medium sensitivity content, Shared to private email address",
"severity": 2
},
{
"description": null,
"id": "c925372e-c2d5-4b61-b37e-399263ad58f9",
"name": "Medium sensitivity content Shared to private email Address Anomaly",
"severity": 3
}
]
}
}

Human Readable Output

Cognni 11 insights

descriptionidnameseverity
4539ff6d-c58b-4a2a-a509-f121edbe97d7High sensitive Anonymous share3
0875799c-6077-4f5f-b276-0e7baa2b89abHigh sensitive content Shared inside the organization Anomaly2
169b10e0-0970-430b-9709-61ccc312fdd0High Sensitive content Shared Outside the organization Anomaly3
4cf8297f-b311-4cfa-9e8e-935606907e5fHigh Sensitive content Shared to private email address3
537aa700-0eed-4998-b253-f809e1eacc00High sensitive content Shared to private email Address Anomaly3
df061da3-13c1-4a59-8501-4d26bacd5b83Low Sensitive content Anonymous Share2
c7723427-b075-4259-8fbc-19dab3861b92Low sensitive content Shared to private email address Anomaly2
846c753b-1feb-4d21-ae43-ec81b9725636Medium sensitivity content, Anonymous share3
f964659c-9cc3-4833-b535-0402cd953376Medium sensitivity content Shared outside the organization Anomaly2
c24405d5-49f5-48b8-b15c-1a1aba540979Medium sensitivity content, Shared to private email address2
c925372e-c2d5-4b61-b37e-399263ad58f9Medium sensitivity content Shared to private email Address Anomaly3