Orca Security Alerts connector for Microsoft Sentinel
The Orca Security Alerts connector allows you to easily export Alerts logs to Microsoft Sentinel.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | OrcaAlerts_CL |
| Data collection rules support | Not currently supported |
| Supported by | Orca Security |
Query samples
Fetch all service vulnerabilities on running asset
OrcaAlerts_CL
| where alert_type_s == "service_vulnerability"
| where asset_state_s == "running"
| sort by TimeGenerated
Fetch all alerts with "remote_code_execution" label
OrcaAlerts_CL
| where split(alert_labels_s, ",") contains("remote_code_execution")
| sort by TimeGenerated
Vendor installation instructions
Follow guidance for integrating Orca Security Alerts logs with Microsoft Sentinel.
Next steps
For more information, go to the related solution in the Azure Marketplace.