Orca
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Agentless, Workload-Deep, Context-Aware Security and Compliance for AWS, Azure, and GCP. This integration was integrated and tested with Orca
#
Configure Orca on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Orca.
Click Add instance to create and configure a new integration instance.
Parameter Description Required apikey API Key True first_fetch First fetch timestamp ( <number>
<time unit>
, e.g., 12 hours, 7 days)False incidentType Incident type False isFetch Fetch incidents False max_fetch Max fetch False insecure Trust any certificate (not secure) False proxy Use system proxy settings False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
orca-get-alertsGet the alerts on cloud assets
#
Base Commandorca-get-alerts
#
InputArgument Name | Description | Required |
---|---|---|
alert_type | Type of alert to get. | Optional |
asset_unique_id | Get alerts of asset_unique_id. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Orca.Manager.Alerts | String | All alerts |
#
Command Example
#
orca-get-assetGet Description of An asset
#
Base Commandorca-get-asset
#
InputArgument Name | Description | Required |
---|---|---|
asset_unique_id | Asset unique id. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Orca.Manager.Asset | String | Asset description |
#
Command Example