Orca Cloud Visibility Platform
  • 30 May 2024
  • 7 Minutes to read
  • Dark
    Light
  • PDF

Orca Cloud Visibility Platform

  • Dark
    Light
  • PDF

Article summary

Orca Cloud Visibility Platform delivers visibility to cloud security posture, including prioritized alerts on vulnerabilities, compromises, misconfigurations, and more.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Vulnerabilities
  • Software
  • Roles
  • Groups
  • SaaS Applications
  • Compute Services
  • Application Services
  • Networks
  • Load Balancers
  • Databases
  • Containers
  • Object Storage
  • Network Services
  • File Systems
  • Accounts
  • Serverless Functions
  • Disks
  • Compute Images
  • Secrets
  • Firewall Rules
  • Alerts/Incidents

Parameters

  1. Orca Domain (required) - The hostname of the Orca Cloud Visibility Platform server.
  2. API Key (optional) - The API Key generated in the Orca Cloud Visibility Platform.
Note:

The API Key was deprecated in Orca. An API Key is supported only if it was previously generated.

  1. API Token (optional) - The API Key generated in the Orca Cloud Visibility Platform for Axonius usage.
Note:
  • You must supply either the API Key or API Token.
  • It is highly recommended to use the API Token.
  1. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
  2. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

ORca

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Asset type exclude list (optional) - Specify a comma-separated list of asset types.

    • If supplied, all connections for this adapter won't fetch devices whose asset type is any of the comma-separated list of asset types that have been defined in this field.
    • If not supplied, all connections for this adapter will fetch devices with any asset type.
  2. Asset type include list (optional) - Specify a comma-separated list of asset types.

    • If supplied, all connections for this adapter will only fetch devices whose asset type is any of the comma-separated list of asset types defined in this field.
    • If not supplied, all connections for this adapter will fetch devices with any asset type.
  3. Fetch only selected asset categories - From the drop-down select one or more categories to fetch. Only these categories will be fetched. If none are selected, then all categories are fetched.

  4. Fetch only selected asset sub-categories - From the drop-down select one or more sub-categories to fetch. Only these sub-categories will be fetched. If none are selected, then all sub-categories are fetched.

  5. Custom asset fetch rules - Toggle on to be able to enter Orca types to fetch data as the specified asset type, instead of as devices:

    • Orca types to fetch as Container assets - Enter Orca types to fetch as Container assets and not as devices.
    • Orca types to fetch as Network assets - Enter Orca types to fetch as Network assets and not as devices.
    • Orca types to fetch as Load Balancer assets - Enter Orca types to fetch as Load Balancer assets and not as devices.
    • Orca types to fetch as Database assets - Enter Orca types to fetch as Database assets and not as devices.
    • Orca types to fetch as Group assets - Enter Orca types to fetch as Group assets and not as devices.
    • Orca types to fetch as Compute Image assets - Enter Orca types to fetch as Compute Image assets and not as devices.
    • Orca types to fetch as Security Role assets - Enter Orca types to fetch as Security Role assets and not as devices.
    • Orca types to fetch as Network Service assets - Enter Orca types to fetch as Network Service assets and not as devices.
    • Orca types to fetch as File System assets - Enter Orca types to fetch as File System assets and not as devices.
    • Orca types to fetch as Account assets - Enter Orca types to fetch as Account assets and not as devices.
    • Orca types to fetch as Secret assets - Enter Orca types to fetch as Secret assets and not as devices.
    • Orca types to fetch as Object Storage assets - Enter Orca types to fetch as Object Storage assets and not as devices.
    • Orca types to fetch as Network Devices assets - Enter Orca types to fetch as Network Devices assets and not as devices.
    • Orca types to fetch as Compute Service assets - Enter Orca types to fetch as Compute Service assets and not as devices.
    • Orca types to fetch as Application Service assets - Enter Orca types to fetch as Application Service assets and not as devices.
  6. Alerts Fetch Mode - From the drop-down select Simple Alerts Fetch (default) or Advanced Alerts Fetch.

    1. Simple Alerts Fetch - Select or clear Show all status alerts (default: true), Show informational alerts (default: true), and/or Show resolved alerts (default: negative).
    2. Advanced Alerts Fetch:
      • Fetch only selected alert categories - From the drop-down select one or more alert categories to fetch. Only these categories will be fetched. If none are selected, then all alert categories are fetched.
      • Fetch only alerts that are linked to assets of the selected categories - From the drop-down select one or more alerts that are related to specific inventory items to fetch.
      • Fetch only selected alert severities - From the drop-down select one or more alert severities to fetch. Only these severities will be fetched. If none are selected, then all alert severities are fetched.
      • Fetch only selected alert status - From the drop-down select one or more alert statuses. Only these statuses will be fetched. If none are selected, then all alert statuses are fetched.
      • Fetch only alerts with Orca Score greater than or equal to (optional) - Select whether to fetch alerts with an Orca Score greater than or equal to a specified number.
      • Fetch only alerts with Max CVSS score greater than or equal to (optional) - Select whether to fetch alerts with a Max CVSS score greater than or equal to a specified number.
  7. Fetch alerts starting from the last X hours - Enter the number of hours back from which to begin to fetch alerts. Alerts will be fetched from that number of hours back, or greater.

  8. Fetch logs starting from the last x hours - Enter the number of hours back from which to begin to fetch logs. Logs will be fetched from that number of hours back, or greater.

  9. Fetch Container Tags (required, default: true) - Select whether to fetch container tags to the GUI.

  10. Orca tags to parse as fields - Enter a list of Orca tag keys to parse as separated fields. Adding items one at a time will create a comma-separated list.

  11. Parse all Orca tags as fields - Select this option to parse all Orca tags as fields.

  12. Fetch extra endpoints. If nothing is selected, only assets are fetched (required, default: Containers, Logs, Alerts, Compliance, Inventory) - Filter endpoint values to fetch by the specified endpoints. If no values are specified, only assets are fetched.

  13. Fetch inventory only for these types of assets. If empty, inventory will not be fetched (optional, default: vm, ec2spot) - Filter asset results to fetch by the specified inventory values. If empty, inventory won't be fetched.

  14. Fetch assets with current states. If nothing is selected, all asset states are fetched (optional) - Enter which current states to fetch assets. If nothing is selected, all asset states are fetched.

  15. Ignore devices that have not been seen by the source in the last X days (optional, default: 10) - Select whether to ignore devices not seen by the source in the last specified number of days.

  16. Use Asset Name as Hostname and Hostname as Asset Name (15 chars) for Azure Select this option to switch between the asset name value and the hostname value if the hostname has 15 characters and the cloud provider is Azure.

  17. List of asset tags to fetch - Enter a space separated list of the asset tags to fetch in the following format: < TAG NAME> = <TAG VALUE>. Both TAG_NAME and TAG_VALUE are case sensitive.

  18. Use CVSS Max Score as Risk Totals source - Select this option so that the source for the vulnerability risk level will be from CVSS Max Score.

  19. Include Cloud Providers assets - Enter which additional cloud provider IDs to fetch assets from.

Note:

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.



Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.