Overview


About

Orca is a Cloud security scanning vendor that analyzes and monitors the security level of cloud security and compliance for AWS, Azure, Google Cloud, and Kubernetes. When integrated into the Vulcan Platform, you get to view and remediate vulnerabilities on Assets type Hosts, Images, and Cloud resources directly through your one-stop-shop vulnerabilities remediation platform.


Configure the Orca connector

  1. First, you need to grant the Vulcan Platform access to your Orca instance by issuing a Client Secret API key on Orca.
    Note: Make sure your user has Admin permission.

  2. Log in to your Vulcan Cyber dashboard and go to Connectors.

  3. Click on Add a Connector.

  4. Click on the Orca icon.

  5. Set up the connector as follows:

  6. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Orca instance, then click Create (or Save Changes).

  7. Allow some time for the sync to complete. You can review the sync status under Log.

  8. To confirm that the sync is complete, navigate to the Connectors tab to check the sync status. Once the Orca icon shows Connected, the connection is complete.


From Orca to the Vulcan Platform - Fields Mapping

Connector Fields Mapping - Hosts

Orca field

Vulcan field

Value Example

Name under Asset Details

Asset Name

Asset name value Example

Asset details:

  • Cloud account name

  • Cloud account ID

  • Distro

  • Asset roles

  • Region

  • Asset ID

  • Asset Type

  • Security groups

  • Public IP

  • Private IP

  • VPC

Asset Details

Asset details value example

State

Asset state (Available as a column when exporting assets reports)

"Running"

VM > Hosts

Public IP

Distro

Tags, Labels

CVE Name

Fetch CVSS3 score and CVSS v2

Description

Vulnerability details:

  • Orca score

  • CVSS3 score

  • CVSS2 score

  • CVSS2 Severity

  • CVE name

  • Affected packages

  • Fix available

  • Publish date

  • CVSS3 Vector

  • CVSS2 Vector

  • Labels

  • KB

  • Related fix

  • Exploits

Vulnerability details

Vulnerability status: Open / Closed / Not resolved / Verified

Vulnerability status

Vulnerability status value example

Orca best practice > Recommended mitigation

Fix description

Fix description value example

Connector Fields Mapping - Values Example

Asset Name value example:

Asset Details value example:

Vulnerability status value example

Fix description value example

Connector Fields Mapping - Images

Orca field

Vulcan field

Value Example

Asset Name

Asset Name

Image name value Example

Image details Metadata:

  • Cloud account Name

  • Cloud account ID

  • Asset roles

  • Asset type

  • Private IP

  • Public IP

  • VPC

  • Security groups

  • DNS/Route53doman

  • Asset ID

  • Region

  • Image ID

  • Create time

  • Uptime

  • Availability zones

Asset details - Container

Image details value example

  • Cloud account Name

  • Cloud account ID

  • Asset roles

  • Asset type

  • Asset ID

  • Region

  • last scan time

Asset details - VM Image

VM Image details value example

Container, VM Image, Container Image

Asset Type

-

Repository

Distro

OS

Tags, Labels

Asset tags

CVE name

Vulnerability title

CVSS v3 Score CVSS v2

Vulnerability score

Description

Vulnerability description

  • Orca score

  • CVSS3 score

  • CVSS2 score

  • CVSS2 Severity

  • CVE name

  • Affected packages

  • Fix available

  • Publish date

  • CVSS3 Vector

  • CVSS2 Vector

  • Labels

  • KB

  • Related fix

  • Exploits

Vulnerability details

Open / Closed

not resolved / Verified

Vulnerability status

Image name-value example

Image details value example

VM Image details value example


Locating Orca vulnerabilities in the Vulcan Platform

As Orca discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:

  1. Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.

  2. Locate Orca on the vulnerability source/Connector list and click to filter results.

  3. Click on any vulnerability to view further information.


Locating Orca assets (Hosts, Images, Cloud Resources) in the Vulcan Platform

To locate all retrieved Hosts, Images, and Cloud Resources assets from Orca:

  1. Open the Vulcan Cyber dashboard and navigate to Assets.

  2. Click one of the relevant tabs: Cloud Resources, Hosts, Images

  3. Click on the Search or filter websites input box and select Connector from the drop-down selection.

  4. Locate the Orca option to view all synced assets.


Automating actions on vulnerabilities detected by Orca

Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Orca connector.

Here is an example of creating email automation (other automation types are also available):

  1. Open the Vulcan Cyber dashboard and navigate to the Automation section. Once there, click the Create new Playbook button.

  2. First, give your automation playbook an indicative name.

  3. Select Orca for the source of vulnerabilities, and continue to set the vulnerability condition as Risk is Critical / High (for example), leaving the rest as defaults, or simply set the conditions as it suits your needs.

  4. Continue to the Remediation actions and select the take-action channel. In this example, we selected "Assign via email".

  5. Choose how the separation of tickets is handled. In this example, we selected the "up to 200 vulnerabilities are aggregated into a single email" option. Then add the recipient emails to be notified.

  6. Leave all other steps as default (or modify if needed) and click on Save and Run.

Did this answer your question?