Orca Security Alerts connector for Microsoft Sentinel

The Orca Security Alerts connector allows you to easily export Alerts logs to Microsoft Sentinel.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) OrcaAlerts_CL
Data collection rules support Not currently supported
Supported by Orca Security

Query samples

Fetch all service vulnerabilities on running asset

| where alert_type_s == "service_vulnerability" 
| where asset_state_s == "running" 
| sort by TimeGenerated 

Fetch all alerts with "remote_code_execution" label

| where split(alert_labels_s, ",") contains("remote_code_execution") 
| sort by TimeGenerated 

Vendor installation instructions

Follow guidance for integrating Orca Security Alerts logs with Microsoft Sentinel.

Next steps

For more information, go to the related solution in the Azure Marketplace.