Login
    Contents x
    Orca Cloud Visibility Platform
    • 11 Mar 2024
    • 5 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Orca Cloud Visibility Platform

    • Updated on 11 Mar 2024
    • 5 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Orca Cloud Visibility Platform delivers visibility to cloud security posture, including prioritized alerts on vulnerabilities, compromises, misconfigurations, and more.

    Types of Assets Fetched

    This adapter fetches the following types of assets:

    • Devices

    Parameters

    1. Orca Domain (required) - The hostname of the Orca Cloud Visibility Platform server.
    2. API Key (optional) - The API Key generated in the Orca Cloud Visibility Platform.
    Note:

    The API Key was deprecated in Orca. An API Key is supported only if it was previously generated.

    1. API Token (optional) - The API Key generated in the Orca Cloud Visibility Platform for Axonius usage.
    Note:
    • You must supply either the API Key or API Token.
    • It is highly recommended to use the API Token.
    1. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
    2. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

    To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    ORca

    Advanced Settings

    Note:

    Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

    1. Asset type exclude list (optional) - Specify a comma-separated list of asset types.

      • If supplied, all connections for this adapter won't fetch devices whose asset type is any of the comma-separated list of asset types that have been defined in this field.
      • If not supplied, all connections for this adapter will fetch devices with any asset type.

    2. Asset type include list (optional) - Specify a comma-separated list of asset types.

      • If supplied, all connections for this adapter will only fetch devices whose asset type is any of the comma-separated list of asset types defined in this field.
      • If not supplied, all connections for this adapter will fetch devices with any asset type.

    3. Fetch only selected asset categories - From the drop-down select one or more categories to fetch. Only these categories will be fetched. If none are selected, then all categories are fetched.

    4. Fetch only selected asset sub-categories - From the drop-down select one or more sub-categories to fetch. Only these sub-categories will be fetched. If none are selected, then all sub-categories are fetched.

    5. Custom asset fetch rules - Toggle on to be able to enter Orca types to fetch data as the specified asset type, instead of as devices:

      • Orca types to fetch as Application Service assets - Enter Orca types to fetch as Application Service assets and not as devices.
      • Orca types to fetch as Object Storage assets - Enter Orca types to fetch as Object Storage assets and not as devices.
      • Orca types to fetch as Network Service assets - Enter Orca types to fetch as Network Service assets and not as devices.
      • Orca types to fetch as Group assets - Enter Orca types to fetch as Group assets and not as devices.
      • Orca types to fetch as Network assets - Enter Orca types to fetch as Network assets and not as devices.
      • Orca types to fetch as Account assets - Enter Orca types to fetch as Account assets and not as devices.
      • Orca types to fetch as Compute Service assets - Enter Orca types to fetch as Compute Service assets and not as devices.

    6. Alerts Fetch Mode - From the drop-down select Simple Alerts Fetch (default) or Advanced Alerts Fetch.

      1. Simple Alerts Fetch - Select or clear Show all status alerts (default: true), Show informational alerts (default: true), and/or Show resolved alerts (default: negative).
      2. Advanced Alerts Fetch:
        • Fetch only selected alert categories - From the drop-down select one or more alert categories to fetch. Only these categories will be fetched. If none are selected, then all alert categories are fetched.
        • Fetch only alerts that are linked to assets of the selected categories - From the drop-down select one or more alerts that are related to specific inventory items to fetch.
        • Fetch only selected alert severities - From the drop-down select one or more alert severities to fetch. Only these severities will be fetched. If none are selected, then all alert severities are fetched.
        • Fetch only selected alert statuses - From the drop-down select one or more alert statuses. Only these statuses will be fetched. If none are selected, then all alert statuses are fetched.
        • Fetch only alerts with Orca Score greater than or equal to (optional) - Select whether to fetch alerts with an Orca Score greater than or equal to a specified number.
        • Fetch only alerts with Max CVSS score greater than or equal to (optional) - Select whether to fetch alerts with a Max CVSS score greater than or equal to a specified number.

    7. Fetch alerts starting from the last X hours - Enter the number of hours back from which to begin to fetch alerts. Alerts will be fetched from that number of hours back, or greater.

    8. Fetch logs starting from the last x hours - Enter the number of hours back from which to begin to fetch logs. Logs will be fetched from that number of hours back, or greater.

    9. Fetch Container Tags (required, default: true) - Select whether to fetch container tags to the GUI.

    10. Orca tags to parse as fields - Enter a list of Orca tag keys to parse as separated fields. Adding items one at a time will create a comma-separated list.

    11. Parse all Orca tags as fields - Select this option to parse all Orca tags as fields.

    12. Fetch extra endpoints. If nothing is selected, only assets are fetched (required, default: Containers, Logs, Alerts, Compliance, Inventory) - Filter endpoint values to fetch by the specified endpoints. If no values are specified, only assets are fetched.

    13. Fetch inventory only for these types of assets. If empty, inventory will not be fetched (optional, default: vm, ec2spot) - Filter asset results to fetch by the specified inventory values. If empty, inventory won't be fetched.

    14. Fetch assets with current states. If nothing is selected, all asset states are fetched (optional) - Enter which current states to fetch assets. If nothing is selected, all asset states are fetched.

    15. Ignore devices that have not been seen by the source in the last X days (optional, default: 10) - Select whether to ignore devices not seen by the source in the last specified number of days.

    16. Use Asset Name as Hostname and Hostname as Asset Name (15 chars) for Azure Select this option to switch between the asset name value and the hostname value if the hostname has 15 characters and the cloud provider is Azure.

    17. List of asset tags to fetch - Enter a space separated list of the asset tags to fetch in the following format: < TAG NAME> = <TAG VALUE>. Both TAG_NAME and TAG_VALUE are case sensitive.

    18. Use CVSS Max Score as Risk Totals source - Select this option so that the source for the vulnerability risk level will be from CVSS Max Score.

    Note:

    For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.


    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout