Orca Security Plugin Release!

wayne_johnstone · September 28, 2022, 7:31pm

Orca Security

Orca Security provides instant-on security and compliance for AWS, Azure, and GCP － without the gaps in coverage, alert fatigue, and operational costs of agents. Simplify security operations with a single SaaS-based cloud security platform for workload and data protection, cloud security posture management, vulnerability management, and compliance management.

Orca Security prioritizes risk based on the severity of the security issue, its accessibility, and business impact. This helps you focus on the critical alerts that matter most. Orca Security is trusted by global innovators, including Databricks, Lemonade, Gannett, and Robinhood.

Environment: Cloud

Actions:

This new plugin’s actions focus on three areas. Alerts, Assets and Users. Below are some of the most popular plugin’s actions and use cases.

Get Alerts

This Action pulls all new alerts that have been created. Some of the filters are status, severity etc.
Use Case:
As a security administartor, I would like to pull all alerts that have a severity of ‘Hazardous’ that are x days old so I can contain those assets.

Get Asset

This action pulls all the asset information
Use Case:
As a security administrator, if there is an alert that has an asset in it then reach back into Orca to get more asset details.

Update Alert Severity

This action is used to update the severity for the given alert ID
Use Case:
As a security administrator, based on the remediation I have done on an alert, I wish to update the Alerts severity.

Update Alert Status

This action is used to update the status for the given alert ID.
Use Case:
As a security administrator, I wish to update the alert status for a given Alert.

Download Malicious File

This action is used to download the malicious file for the given alert ID.
Use Case:
As a security administrator, when I receive an alert, if there is a malicious file present, I want to download and contain.

Trigger:

Get Alerts

This trigger is a polling trigger where you can specify the interval and pull all new alerts that have been created. Some of the filters are status, severity etc.
Use Case:
As a Security Administrator, I want to retrieve all Alerts which are Hazardous so I can do remediation in an ICON workflow.