Orca Security is a security platform that identifies and remediates cloud security threats.
Use Orca to Trigger Torq Workflows
To ingest Orca events in Torq, you must create an Orca trigger integration and use the generated webhook URL (Torq endpoint) to configure a Webhook integration in Orca.
Configure an Orca Trigger Integration in Torq
Go to Build > Integrations > Triggers > Orca and click Add.
Give the integration a unique and meaningful name and click Add.
Configure a Torq Integration in Orca
Sign in to your Orca account.
Click the Settings icon and then Integrations.
In the SIEM/SOAR section, locate the Torq integration and click Configure.
Click Create new trigger, configure the trigger, and click Save.
Create an Automation in Orca
The automation defines which alerts will be sent to Torq.
Sign in to your Orca account.
Click the Settings icon and then Alerts & Automations.
In the upper-right corner, click Create New > Create automation.
Enter a meaningful name and description for the automation.
In the Define Filter section, enter a query. The query is a combination of rules.
In the Define Actions section, locate the SIEM/SOAR category and select the Send to Torq trigger checkbox. Select the Troq trigger you created earlier.
Click Create Automation.
Create your Orca API Token
Sign in to your Orca account.
Click the Settings icon and then Integrations.
Locate the Torq integration and click Connect. The integration is under the category SIEM/SOAR.
Copy the API token to enter it when creating the Orca integration in Torq.
Create an Orca Steps Integration in Torq
Go to Build > Integrations > Steps > Orca Security and click Add.
Give the integration a unique and meaningful name.
Enter the API key that you generated in your Orca tenant.
Click Add.
Use Orca Steps in a Workflow
All Orca steps require passing an access token as an input parameter. To generate an access token, you need to execute the step Create a user session
.
In this basic example, we create a workflow that creates a user session and gets a list of assets on the associated Orca account.
Remediate an Orca alert using Torq
After you create a Torq integration and trigger it, you can remediate an alert directly from the Orca platform. You select the Torq integration, which determines which Torq workflow the alert data is sent to.
Go to the alert you want to remediate using Torq.
Click Integrations > Remediate with Torq > {integration instance}.