Orca Security provides instant-on security and compliance for AWS, Azure, and GCP － without the gaps in coverage, alert fatigue, and operational costs of agents. Simplify security operations with a single SaaS-based cloud security platform for workload and data protection, cloud security posture management, vulnerability management, and compliance management.
Orca Security prioritizes risk based on the severity of the security issue, its accessibility, and business impact. This helps you focus on the critical alerts that matter most. Orca Security is trusted by global innovators, including Databricks, Lemonade, Gannett, and Robinhood.
This new plugin’s actions focus on three areas. Alerts, Assets and Users. Below are some of the most popular plugin’s actions and use cases.
This Action pulls all new alerts that have been created. Some of the filters are status, severity etc.
As a security administartor, I would like to pull all alerts that have a severity of ‘Hazardous’ that are x days old so I can contain those assets.
This action pulls all the asset information
As a security administrator, if there is an alert that has an asset in it then reach back into Orca to get more asset details.
This action is used to update the severity for the given alert ID
As a security administrator, based on the remediation I have done on an alert, I wish to update the Alerts severity.
This action is used to update the status for the given alert ID.
As a security administrator, I wish to update the alert status for a given Alert.
This action is used to download the malicious file for the given alert ID.
As a security administrator, when I receive an alert, if there is a malicious file present, I want to download and contain.
This trigger is a polling trigger where you can specify the interval and pull all new alerts that have been created. Some of the filters are status, severity etc.
As a Security Administrator, I want to retrieve all Alerts which are Hazardous so I can do remediation in an ICON workflow.