Skip to main content
All CollectionsIntegrate Everything
Orca Security
Orca Security

Integrate Orca Security with Torq to automate workflows that remediate cloud threats using webhook triggers and APIs.

Updated over a week ago

Orca Security is a security platform that identifies and remediates cloud security threats.

Use Orca to Trigger Torq Workflows

To ingest Orca events in Torq, you must create an Orca trigger integration and use the generated webhook URL (Torq endpoint) to configure a Webhook integration in Orca.

Configure an Orca Trigger Integration in Torq

  1. Go to Build > Integrations > Triggers > Orca and click Add.

  2. Give the integration a unique and meaningful name and click Add.

Configure a Torq Integration in Orca

  1. Sign in to your Orca account.

  2. Click the Settings icon and then Integrations.

  3. In the SIEM/SOAR section, locate the Torq integration and click Configure.

    Configure a Torq integration in Orca.

  4. Click Create new trigger, configure the trigger, and click Save.

    1. Name: a meaningful name for the trigger, such as, Torq Events.

    2. Trigger URL: the Torq endpoint you created earlier.

    3. Custom headers: (optional) headers that provide an added layer of security for sending data via the webhook.

      image.png

Create an Automation in Orca

The automation defines which alerts will be sent to Torq.

  1. Sign in to your Orca account.

  2. Click the Settings icon and then Alerts & Automations.

  3. In the upper-right corner, click Create New > Create automation.

  4. Enter a meaningful name and description for the automation.

  5. In the Define Filter section, enter a query. The query is a combination of rules.

  6. In the Define Actions section, locate the SIEM/SOAR category and select the Send to Torq trigger checkbox. Select the Troq trigger you created earlier.

  7. Click Create Automation.

Create your Orca API Token

  1. Sign in to your Orca account.

  2. Click the Settings icon and then Integrations.

  3. Locate the Torq integration and click Connect. The integration is under the category SIEM/SOAR.

    Create an API key to use for the Orca integration in Torq.

  4. Copy the API token to enter it when creating the Orca integration in Torq.

Create an Orca Steps Integration in Torq

  1. Go to Build > Integrations > Steps > Orca Security and click Add.

  2. Give the integration a unique and meaningful name.

  3. Enter the API key that you generated in your Orca tenant.

  4. Click Add.

Use Orca Steps in a Workflow

All Orca steps require passing an access token as an input parameter. To generate an access token, you need to execute the step Create a user session.

In this basic example, we create a workflow that creates a user session and gets a list of assets on the associated Orca account.

Orca step Get a list of assets in a Torq workflow.

Remediate an Orca alert using Torq

After you create a Torq integration and trigger it, you can remediate an alert directly from the Orca platform. You select the Torq integration, which determines which Torq workflow the alert data is sent to.

  1. Go to the alert you want to remediate using Torq.

  2. Click Integrations > Remediate with Torq > {integration instance}.

Remediate an alert in Orca using Torq.

Templates

Related Articles
Amazon Security Hub
Elastic Security
Handle AWS Security Group with Open SSH Access on Orca Alert - Workflow Template
Enable Encryption on AWS S3 Bucket on Alert from Orca - Workflow Template
Handle AWS S3 Bucket Should Enforce HTTPS Alert from Orca - Workflow Template
Did this answer your question?