Why is it important for Threat Hunting?
Data from Orca is collected by Hunters and ingested to our database, then populated in the Hunters portal and correlated to other related detected threats from Orca, AWS, Azure, GCP and also different sources.
Supported data types
- Orca Alerts: All the alerts Orca detects in your cloud environment, such as Infected assets, Misconfigurations, Vulnerabilities, Weak or leaked credentials, Insecurely stored keys or secrets
Sending data to Hunters
Configure a Webhook in Orca
Hunters will provide a URL and a custom header in order to configure a Webhook in Orca.
For more information regarding the required steps on the Orca side using Hunters' provided details, please read this page.
Configure a new Automation in Orca
After creating a Webhook, please create an Automation that will send all Orca alerts to Hunters' Webhook. It is recommended to define the Automation to catch all Alerts, using all possible values of Risk Level attribute (see here).
For more information regarding the required steps on the Orca side, please read this page.