Orca Cloud Visibility Platform

  • Updated on May 14, 2025
  • Published on Mar 24, 2022
  • 7 minute(s) read
Prev Next

Orca Cloud Visibility Platform delivers visibility to cloud security posture, including prioritized alerts on vulnerabilities, compromises, misconfigurations, and more.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices, Users, Vulnerabilities, Software, Roles, Groups, SaaS Applications, Tickets, Compute Services, Application Services, Networks, Load Balancers, Databases, Containers, Object Storage, Network Services, File Systems, Accounts/Tenants, Serverless Functions, Disks, Compute Images, Secrets, Certificates, Network/Firewall Rules, Alerts/Incidents

Parameters

  1. Orca Domain (required) - The hostname of the Orca Cloud Visibility Platform server. Make sure you enter the correct hostname for your region. For example, in the US the domain should be app.us.orcasecurity.io.
  2. API Key (optional) - The API Key generated in the Orca Cloud Visibility Platform.
Note:

The API Key was deprecated in Orca. An API Key is supported only if it was previously generated.

  1. API Token (optional) - The API Key generated in the Orca Cloud Visibility Platform for Axonius usage.
Note:
  • You must supply either the API Key or API Token.
  • It is highly recommended to use the API Token.
  1. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
  2. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

ORca

Advanced Settings

Note:

Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.

  1. Asset type exclude list (optional) - Specify a comma-separated list of asset types to exclude from the fetch.

  2. Asset type include list (optional) - Specify a comma-separated list of asset types to include in the fetch.

  3. Fetch only selected asset categories - From the drop-down select one or more categories to fetch. Only these categories will be fetched. If none are selected, then all categories are fetched.

  4. Fetch only selected asset sub-categories - From the drop-down select one or more sub-categories to fetch. Only these sub-categories will be fetched. If none are selected, then all sub-categories are fetched.

  5. Custom asset fetch rules - Toggle on to be able to enter Orca types to fetch data as the specified asset type, instead of as devices:

    • Orca types to fetch as Group assets - Enter Orca types to fetch as Group assets and not as devices.
    • Orca types to fetch as File System assets - Enter Orca types to fetch as File System assets and not as devices.
    • Orca types to fetch as User assets - Enter Orca types to fetch as User assets and not as devices.
    • Orca types to fetch as Object Storage assets - Enter Orca types to fetch as Object Storage assets and not as devices.
    • Orca types to fetch as Secret assets - Enter Orca types to fetch as Secret assets and not as devices.
    • Orca types to fetch as Network Devices assets - Enter Orca types to fetch as Network Devices assets and not as devices.
    • Orca types to fetch as Container assets - Enter Orca types to fetch as Container assets and not as devices.
    • Orca types to fetch as Network assets - Enter Orca types to fetch as Network assets and not as devices.
    • Orca types to fetch as Certificate assets - Enter Orca types to fetch as Certificate assets and not as devices.
    • Orca types to fetch as Application Service assets - Enter Orca types to fetch as Application Service assets and not as devices.
    • Orca types to fetch as Disk assets - Enter Orca types to fetch as Disk assets and not as devices.
    • Orca types to fetch as Database assets - Enter Orca types to fetch as Database assets and not as devices.
    • Orca types to fetch as Compute Image assets - Enter Orca types to fetch as Compute Image assets and not as devices.
    • Orca types to fetch as Security Role assets - Enter Orca types to fetch as Security Role assets and not as devices.
    • Orca types to fetch as Firewall assets - Enter Orca types to fetch as Firewall assets and not as devices.
    • Orca types to fetch as Network Service assets - Enter Orca types to fetch as Network Service assets and not as devices.
    • Orca types to fetch as Load Balancer assets - Enter Orca types to fetch as Load Balancer assets and not as devices.
    • Orca types to fetch as Ticket assets - Enter Orca types to fetch as Ticket assets and not as devices.
    • Orca types to fetch as Account assets - Enter Orca types to fetch as Account assets and not as devices.
    • Orca types to fetch as Compute Service assets - Enter Orca types to fetch as Compute Service assets and not as devices.
    • Orca categories to fetch as Serverless Function assets - Enter Orca categories to fetch as Serverless Function assets and not as devices.
    • Do not keep asset data from custom fetch rules on device - Select this option to avoid keeping asset data from custom fetch rules on the device.

  6. Alerts Fetch Mode - From the drop-down select Simple Alerts Fetch (default) or Advanced Alerts Fetch.

    1. Simple Alerts Fetch - Select or clear Show all status alerts (default: true), Show informational alerts (default: true), and/or Show resolved alerts (default: negative).
    2. Advanced Alerts Fetch:
      • Fetch only selected alert categories - From the drop-down select one or more alert categories to fetch. Only these categories will be fetched. If none are selected, then all alert categories are fetched.
      • Fetch only alerts that are linked to assets of the selected categories - From the drop-down select one or more alerts that are related to specific inventory items to fetch.
      • Fetch only selected alert severities - From the drop-down select one or more alert severities to fetch. Only these severities will be fetched. If none are selected, then all alert severities are fetched.
      • Fetch only selected alert status - From the drop-down select one or more alert statuses. Only these statuses will be fetched. If none are selected, then all alert statuses are fetched.
      • Fetch only alerts with Orca Score greater than or equal to (optional) - Select whether to fetch alerts with an Orca Score greater than or equal to a specified number.
      • Fetch only alerts with Max CVSS score greater than or equal to (optional) - Select whether to fetch alerts with a Max CVSS score greater than or equal to a specified number.

  7. Inventory settings - Toggle on Enable inventory advanced settings to configure the following settings:

    • Fetch using Sonar Query - Select this option to fetch software and packages by a Sonar Query instead of the query/inventory endpoint. Note that this is relevant only if your Orca API warns about this endpoint being deprecated.

  8. Fetch alerts starting from the last X hours - Enter the number of hours back from which to begin to fetch alerts. Alerts will be fetched from that number of hours back, or greater.

  9. Fetch logs starting from the last x hours - Enter the number of hours back from which to begin to fetch logs. Logs will be fetched from that number of hours back, or greater.

  10. Fetch Container Tags (required, default: true) - Select whether to fetch container tags to the GUI.

  11. Orca tags to parse as fields - Enter a list of Orca tag keys to parse as separated fields. Adding items one at a time will create a comma-separated list.

  12. Parse all Orca tags as fields - Select this option to parse all Orca tags as fields.

  13. Fetch extra endpoints. If nothing is selected, only assets are fetched (required, default: Containers, Logs, Alerts, Compliance, Inventory) - Filter endpoint values to fetch by the specified endpoints. If no values are specified, only assets are fetched.

  14. Fetch inventory only for these types of assets. If empty, inventory will not be fetched (optional, default: vm, ec2spot) - Filter asset results to fetch by the specified inventory values. If empty, inventory won't be fetched.

  15. Fetch assets with current states. If nothing is selected, all asset states are fetched (optional) - Enter which current states to fetch assets. If nothing is selected, all asset states are fetched.

  16. Ignore devices that have not been seen by the source in the last X days (optional, default: 10) - Select whether to ignore devices not seen by the source in the last specified number of days.

  17. Use Asset Name as Hostname and Hostname as Asset Name (15 chars) for Azure Select this option to switch between the asset name value and the hostname value if the hostname has 15 characters and the cloud provider is Azure.

  18. List of asset tags to fetch - Enter a space separated list of the asset tags to fetch in the following format: < TAG NAME> = <TAG VALUE>. Both TAG_NAME and TAG_VALUE are case sensitive.

  19. Use CVSS Max Score as Risk Totals source - Select this option so that the source for the vulnerability risk level will be from CVSS Max Score.

  20. Include Cloud Providers assets - Enter which additional cloud provider IDs to fetch assets from.

  21. Fetch inventories in background - Select this option to fetch inventories in the background.

Note:

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.


Related articles