Orca Security Alerts connector for Microsoft Sentinel
The Orca Security Alerts connector allows you to easily export Alerts logs to Microsoft Sentinel.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | OrcaAlerts_CL |
| Data collection rules support | Not currently supported |
| Supported by | Orca Security |
Query samples
Fetch all service vulnerabilities on running asset
OrcaAlerts_CL
| where alert_type_s == "service_vulnerability"
| where asset_state_s == "running"
| sort by TimeGenerated
Fetch all alerts with "remote_code_execution" label
OrcaAlerts_CL
| where split(alert_labels_s, ",") contains("remote_code_execution")
| sort by TimeGenerated
Vendor installation instructions
Follow guidance for integrating Orca Security Alerts logs with Microsoft Sentinel.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for