Orca
Visualize Orca Security assets, findings, roles, users, and user groups, map Orca users to employees, and monitor changes through queries and alerts.
- Installation guide
- Orca data model
Installation
To initiate this integration in JupiterOne, you will first need to create an API token within Orca to use in JupiterOne.
Configuration in Orca
To create an API token:
- Log into the Orca dashboard and navigate to Settings > Modules > Integrations.
- Scroll to the
SIEM/SOARsection. - Find the JupiterOne tile and press
CONFIGURE - Enter a
NameandDescription(optional) - Select the
Internal Viewerrole. If a lesser role is provided, the integration will attempt to run as many steps as it is able to. - Select the desired unit
Scope. To ingest all data from all units, selectAll Cloud Accounts - Press
CREATE TOKENand copy the token value that appears for use in JupiterOne. The token value will not be available after closing this screen.
Legacy API Keys will continue to be supported until Orca removes support for them. For more information about API Tokens, see Orca's documentation.
Configuration in JupiterOne
To install the Orca integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Orca. Click New Instance to begin configuring your integration.
Creating a configuration requires the following:
The Account Name used to identify the Orca account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled.Description to assist in identifying the integration instance, if desired.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.Your Orca Security Account Email (the email address used within Orca to generate the API credentials).
Lastly, the Orca API Key, corresponding Token, and Orca API Base URL from your Orca account.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | orca_account | Account |
| Alert | orca_finding_alert | Finding |
| Asset | orca_asset | Resource |
| Finding | orca_finding | Finding |
| Role | orca_role | AccessRole |
| User | orca_user | User |
| UserGroup | orca_group | UserGroup |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
orca_account | HAS | orca_asset |
orca_account | HAS | orca_finding |
orca_account | HAS | orca_finding_alert |
orca_account | HAS | orca_group |
orca_account | HAS | orca_user |
orca_asset | HAS | orca_finding |
orca_finding | IS | cve |
orca_group | HAS | orca_user |
orca_user | ASSIGNED | orca_role |