Orca

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Agentless, Workload-Deep, Context-Aware Security and Compliance for AWS, Azure, and GCP. This integration was integrated and tested with Orca

Configure Orca on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Orca.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    apikeyAPI KeyTrue
    first_fetchFirst fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)False
    incidentTypeIncident typeFalse
    isFetchFetch incidentsFalse
    max_fetchMax fetchFalse
    insecureTrust any certificate (not secure)False
    proxyUse system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

orca-get-alerts#


Get the alerts on cloud assets

Base Command#

orca-get-alerts

Input#

Argument NameDescriptionRequired
alert_typeType of alert to get.Optional
asset_unique_idGet alerts of asset_unique_id.Optional

Context Output#

PathTypeDescription
Orca.Manager.AlertsStringAll alerts

Command Example#

orca-get-asset#


Get Description of An asset

Base Command#

orca-get-asset

Input#

Argument NameDescriptionRequired
asset_unique_idAsset unique id.Required

Context Output#

PathTypeDescription
Orca.Manager.AssetStringAsset description

Command Example#