Orca is a Cloud security scanning vendor that analyzes and monitors the security level of cloud security and compliance for AWS, Azure, Google Cloud, and Kubernetes. When integrated into the Vulcan Platform, you get to view and remediate vulnerabilities on Assets type Hosts, Images, and Cloud resources directly through your one-stop-shop vulnerabilities remediation platform.
Configure the Orca connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Orca icon.
Set up the connector as follows:
Insert your ORCA API URL according to your region. It should be one of the following options:
Insert the Client Secret token you retrieved in the 1st step above.
If you want to pull the Orca Alerts (Informational, Hazardous, Imminent Compromise, and Compromised), check the Import Orca Alerts box and define the severity level for each alert (0-10 lowest to highest). By default, the severity levels are already set by Vulcan.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Orca instance, then click Create (or Save Changes).
Allow some time for the sync to complete. You can review the sync status under Log.
To confirm that the sync is complete, navigate to the Connectors tab to check the sync status. Once the Orca icon shows Connected, the connection is complete.
From Orca to the Vulcan Platform - Fields Mapping
Connector Fields Mapping - Hosts
Name under Asset Details
Asset state (Available as a column when exporting assets reports)
VM > Hosts
Fetch CVSS3 score and CVSS v2
Vulnerability status: Open / Closed / Not resolved / Verified
Orca best practice > Recommended mitigation
Connector Fields Mapping - Values Example
Asset Name value example:
Asset Details value example:
Vulnerability status value example
Fix description value example
Connector Fields Mapping - Images
Image details Metadata:
Asset details - Container
Asset details - VM Image
Container, VM Image, Container Image
CVSS v3 Score CVSS v2
Open / Closed
not resolved / Verified
Image name-value example
Image details value example
VM Image details value example
Locating Orca vulnerabilities in the Vulcan Platform
As Orca discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:
Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.
Locate Orca on the vulnerability source/Connector list and click to filter results.
Click on any vulnerability to view further information.
Locating Orca assets (Hosts, Images, Cloud Resources) in the Vulcan Platform
To locate all retrieved Hosts, Images, and Cloud Resources assets from Orca:
Open the Vulcan Cyber dashboard and navigate to Assets.
Click one of the relevant tabs: Cloud Resources, Hosts, Images
Click on the Search or filter websites input box and select Connector from the drop-down selection.
Locate the Orca option to view all synced assets.
Automating actions on vulnerabilities detected by Orca
Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Orca connector.
Here is an example of creating email automation (other automation types are also available):
Open the Vulcan Cyber dashboard and navigate to the Automation section. Once there, click the Create new Playbook button.
First, give your automation playbook an indicative name.
Select Orca for the source of vulnerabilities, and continue to set the vulnerability condition as Risk is Critical / High (for example), leaving the rest as defaults, or simply set the conditions as it suits your needs.
Continue to the Remediation actions and select the take-action channel. In this example, we selected "Assign via email".
Choose how the separation of tickets is handled. In this example, we selected the "up to 200 vulnerabilities are aggregated into a single email" option. Then add the recipient emails to be notified.
Leave all other steps as default (or modify if needed) and click on Save and Run.