Skip to content

Get recommendations

Use this operation to get the the recommendations provided by Mosaic's Detection and Response services for sensitive user actions performed on your app. You can limit the number of recommendation retrieved and apply filters on time frames, metadata, ecc...to customize your search.

Operation parameters

Note

For the purpose of getting recommendations, the following fields should be set as follows:

  • Credentials to connect with: The Client ID and Client Secret of any application in your tenant. Retrieve the credentials from any application in your tenant (available in the application settings). These credentials are not scoped to a specific app—they grant access to the entire tenant. Once saved, the credentials are stored as a Mosaic account and can be updated at any time.
  • Resource: Detection and Response
  • Operation: Get Many Recommendations
  • Return all: Returns all recommendations provided for the app. You can couple this setting with filters to refine the search.
  • Limit: Sets the max number of recommendations to retrieve. If set, it retrieves the last specified amount of results in time,
  • Filters:
    • Acting Type Names or IDs: The name or ID of the recommendation's action type
    • End Date: The end date for the search
    • Start Date: The start date for the search
    • IP Country: The recommendation's origin IP country
    • Recommendation Type: The recommendation type. Choose Trust, Allow, Challenge and/or Deny
    • Reason Type Names or IDs: The name or ID of the recommendation's reason type
    • Application ID Names or IDs: The application name or ID
    • User ID: The ID of the user that performed the action
    • Device Finger Print: The fingerprint of the device where the action was performed from
    • Device ID: The ID of the device
    • IP: The recommendation's origin IP
    • Campaign ID: The ID of the fraudulent campaign
    • Correlation ID: The ID that relates the action with a session
    • Label: The label indicating the resolution of the recommendation. Choose one or more values from:
      • Action ID Known Malicious
      • Action ID Suspected Malicious
      • Action ID Known Legit
      • Action ID Unknown
      • Correlation ID Known Malicious
      • Correlation ID Suspected Malicious
      • Correlation ID Known Legit
      • Correlation ID Unknown
      • Campaign ID Known Malicious
      • Campaign ID Suspected Malicious
      • Campaign ID Known Legit
      • Campaign ID Unknown
      • User ID Known Malicious
      • User ID Suspected Malicious
      • User ID Known Legit
      • User ID Unknown

Result

As the Transmit node is run, it returns a JSON-formatted list of recommendations specifically filtered by the query.