About

Orca is a Cloud security scanning vendor that analyzes and monitors the security level of cloud security and compliance for AWS, Azure, Google Cloud, and Kubernetes. When integrated into the Vulcan Platform, you get to view and remediate vulnerabilities on Assets type Hosts, Images, and Cloud resources directly through your one-stop-shop vulnerabilities remediation platform.

Configure the Orca connector

First, you need to grant the Vulcan Platform access to your Orca instance by issuing a Client Secret API Token on Orca.
Note: Make sure your user has Admin permission.
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Orca icon.
Set up the connector as follows:
- Insert your ORCA API URL according to your region. It should be one of the following options:
- Insert the Client Secret token you retrieved in the 1st step above.
- If you want to pull the Orca Alerts (Informational, Hazardous, Imminent Compromise, and Compromised), check the Import Orca Alerts box and define the severity level for each alert (0-10 lowest to highest). By default, the severity levels are already set by Vulcan.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Orca instance, then click Create (or Save Changes).
Allow some time for the sync to complete. You can review the sync status under Log.
To confirm that the sync is complete, navigate to the Connectors tab to check the sync status. Once the Orca icon shows Connected, the connection is complete.

From Orca to the Vulcan Platform - Fields Mapping

Connector Fields Mapping - Hosts

Orca field	Vulcan field	Value Example
Name under Asset Details	Asset Name	Asset name value Example
Asset details: Cloud account name Cloud account ID Distro Asset roles Region Asset ID Asset Type Security groups Public IP Private IP VPC	Asset Details	Asset details value example
State	Asset state (Available as a column when exporting assets reports)	"Running"
VM > Hosts
Public IP
Distro
Tags, Labels
CVE Name
Fetch CVSS3 score and CVSS v2
Description
Vulnerability details: Orca score CVSS3 score CVSS2 score CVSS2 Severity CVE name Affected packages Fix available Publish date CVSS3 Vector CVSS2 Vector Labels KB Related fix Exploits	Vulnerability details
Vulnerability status: Open / Closed / Not resolved / Verified	Vulnerability status	Vulnerability status value example
Orca best practice > Recommended mitigation	Fix description	Fix description value example

Connector Fields Mapping - Values Example

Asset Name value example:

Asset Details value example:

Vulnerability status value example

Fix description value example

Connector Fields Mapping - Images

Orca field	Vulcan field	Value Example
Asset Name	Asset Name	Image name value Example
Image details Metadata: Cloud account Name Cloud account ID Asset roles Asset type Private IP Public IP VPC Security groups DNS/Route53doman Asset ID Region Image ID Create time Uptime Availability zones	Asset details - Container	Image details value example
Cloud account Name Cloud account ID Asset roles Asset type Asset ID Region last scan time	Asset details - VM Image	VM Image details value example
Container, VM Image, Container Image	Asset Type
-	Repository
Distro	OS
Tags, Labels	Asset tags
CVE name	Vulnerability title
CVSS v3 Score CVSS v2	Vulnerability score
Description	Vulnerability description
Orca score CVSS3 score CVSS2 score CVSS2 Severity CVE name Affected packages Fix available Publish date CVSS3 Vector CVSS2 Vector Labels KB Related fix Exploits	Vulnerability details
Open / Closed not resolved / Verified	Vulnerability status

Image name-value example

Image details value example

VM Image details value example

Locating Orca vulnerabilities in the Vulcan Platform

As Orca discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:

Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.
Locate Orca on the vulnerability source/Connector list and click to filter results.
Click on any vulnerability to view further information.

Locating Orca assets (Hosts, Images, Cloud Resources) in the Vulcan Platform

To locate all retrieved Hosts, Images, and Cloud Resources assets from Orca:

Open the Vulcan Cyber dashboard and navigate to Assets.
Click one of the relevant tabs: Cloud Resources, Hosts, Images
Click on the Search or filter websites input box and select Connector from the drop-down selection.
Locate the Orca option to view all synced assets.

Automating actions on vulnerabilities detected by Orca

Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Orca connector.

Here is an example of creating email automation (other automation types are also available):

Open the Vulcan Cyber dashboard and navigate to the Automation section. Once there, click the Create new Playbook button.
First, give your automation playbook an indicative name.
Select Orca for the source of vulnerabilities, and continue to set the vulnerability condition as Risk is Critical / High (for example), leaving the rest as defaults, or simply set the conditions as it suits your needs.
Continue to the Remediation actions and select the take-action channel. In this example, we selected "Assign via email".
Choose how the separation of tickets is handled. In this example, we selected the "up to 200 vulnerabilities are aggregated into a single email" option. Then add the recipient emails to be notified.
Leave all other steps as default (or modify if needed) and click on Save and Run.

PrismaCloud Compute (CWPP) Connector

Aqua CWPP Connector

Rapid7 Insight AppSec Connector

Wiz Connector

Lacework Connector