Orca
This Integration is part of the Orca Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Agentless, Workload-Deep, Context-Aware Security and Compliance for AWS, Azure, and GCP. This integration was integrated and tested with Orca
Configure Orca on Cortex XSOAR#
Navigate to Settings > Integrations > Servers & Services.
Search for Orca. Click Add instance to create and configure a new integration instance.
Parameter Description Required apitoken API Token True api_host API Host without schema. Default: api.orcasecurity.ioFalse first_fetch First fetch timestamp ( <number><time unit>, e.g., 12 hours, 7 days)False incidentType Incident type False isFetch Fetch incidents False max_fetch Max fetch False insecure Trust any certificate (not secure) False proxy Use system proxy settings False Click Test to validate the URLs, token, and connection.
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
orca-get-alerts#
Get the alerts on cloud assets
Base Command#
orca-get-alerts
Input#
| Argument Name | Description | Required |
|---|---|---|
| alert_type | Type of alert to get. | Optional |
| asset_unique_id | Get alerts of asset_unique_id. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Orca.Manager.Alerts | String | All alerts |
Command Example#
orca-get-asset#
Get Description of An asset
Base Command#
orca-get-asset
Input#
| Argument Name | Description | Required |
|---|---|---|
| asset_unique_id | Asset unique id. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| Orca.Manager.Asset | String | Asset description |
Command Example#
Base Command#
orca-set-alert-severity
Input#
| Argument Name | Description | Required |
|---|---|---|
| alert_id | Id of the alert. | Required |
| score | New score value. From 0 to 10. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| Orca.Alert | String | Alert description |
Command Example#
!orca-set-alert-severity alert_id=orca1 score=5
orca-get-alert-event-log
Input#
| Argument Name | Description | Required |
|---|---|---|
| alert_id | Id of the alert. | Required |
| limit | Limit of the event logs | Optional |
| start_at_index | Start at index | Optional |
| type | Type of the event logs | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Orca.Manager.EventLog | String | Event log |
Command Example#
!orca-get-alert-event-log alert_id=orca1 limit=10
orca-set-alert-status
Input#
| Argument Name | Description | Required |
|---|---|---|
| alert_id | Id of the alert. | Required |
| status | New alert status | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| Orca.SetAlertStatus | String | Operation result |
Command Example#
!orca-set-alert-status alert_id=orca1 status=open
orca-verify-alert
Input#
| Argument Name | Description | Required |
|---|---|---|
| alert_id | Id of the alert. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| Orca.VerifyAlert | String | Operation result |
Command Example#
!orca-verify-alert alert_id=orca1
orca-download-malicious-file
Input#
| Argument Name | Description | Required |
|---|---|---|
| alert_id | Id of the alert. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| Orca.File | unknown | Malicious File |
Command Example#
!orca-download-malicious-file alert_id=orca1