Skip to main content


Download With Dependencies

Reco - detects and protects against sensitive data leakage


Reco is a SaaS data security company that provides insights and visibility into data risks with business context for data shared across today’s collaboration SaaS tools.
With a data centric approach, Reco allows IT and Security teams to automatically discover and map their sensitive data to provide visibility, detection and control over data and across users within their expanding SaaS based environments.
Reco is able to significantly save time and resources by automating the mapping, classification, and tagging of unstructured data and then applying analytics across the interactions of users and data from SaaS tools such as Slack, O365, Google Workspace, and GitHub. This helps enterprises quickly mitigate risks such as data exposure, misconfigurations, unauthorized data sharing, and insider risk.

What does this pack do?

The integration pack allows:
• Fetching Reco data risk alerts


  • Supported commands to query Reco platform:
  • update-reco-incident-timeline - Update Reco incident timeline
  • resolve-visibility-event - Resolve Reco visibility event
  • reco-get-risky-users - Get risky users
  • reco-add-risky-user-label - Add risky user
  • reco-get-assets-user-has-access-to - Get assets user has access to (optional to get only sensitive assets)
  • reco-add-leaving-org-user-label - Add leaving org user label in Reco
  • reco-get-sensitive-assets-by-name - Get sensitive assets by name (optional to search by regex)
  • reco-get-sensitive-assets-by-id - Get sensitive assets by file id
  • reco-get-files-shared-with-3rd-parties - Get 3rd parties list with access to files
  • reco-get-3rd-parties-accessible-to-data-list - Get files shared with 3rd parties
  • reco-get-sensitive-assets-with-public-link - Get sensitive assets publicly exposed
  • reco-get-user-context-by-email-address - Get user context by email address

For more information on Reco, please visit




Cortex XSOARCortex XSIAM


CertificationRead more
Supported ByPartner
CreatedFebruary 14, 2023
Last ReleaseNovember 19, 2023
Asset Management
Identity And Access Management
Breach Notification

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.