Orca Connector User Guide

Summary: How to set up and use the Orca connector in Ivanti Neurons for RBVM.

This article describes an integration currently in Beta. If you have an interest in joining the program, please contact support.

Overview

Ivanti Neurons for RBVM and ASPM provides an API-based connector that integrates with Orca. This integration enables customers to bring to gain visibility into their overall cloud security and achieve a simplified and efficient way to manage vulnerabilities. Users can configure the connector to pull scan data from Orca on a periodic basis as well.

Orca assets can appear as either hosts or applications. Refer to the data mapping section below for details.

Connector Configuration

Prerequisites

Requires an active subscription to Ivanti Neurons for RBVM/ASPM.
Requires an active subscription to Orca.
The region for your Orca instance

Connections

The following API calls are performed during a connector run to pull security vulnerabilities from Orca into Ivanti Neurons for RBVM. The connector initially calls /api/sonar/queryto find asset types and set up an export of assets and vulnerabilities.

Platform Setup

When logged into the platform, navigate to the Automate > Integrations page.

Using the search bar in the upper-right corner of the Integrations page, type Orca to find the connector cards. Locate the one you need and click CONFIGURATION. (Note: Regardless of which card you select, you will have the opportunity to configure the connector for both hosts and applications.)

Complete the following required fields. These fields include:

Connector Name: Connector name for the Ivanti Neurons platform.
Region: Dropdown used to select you region and the URL associated with it
Secret Key: Orca user credentials
Network: Network name in Ivanti Neurons. Ingested assets and findings will be associated with this network.

Once the fields have been filled out, click Test Credentials to ensure the connector can connect to the Orca instance.

Additional connector configurations, such as Schedule and Optional Configurations, can be set up next.

Optional Configurations

Which data types should be ingested? In this section, you can choose whether or not to ingest certain types of assets.

Once the connector configuration is complete, click the Save button.

When the connector is set up, a new entry for it appears at the top of the Integrations page. This connector runs once the initial setup is complete. Check the connector’s status by clicking the History button.

Editing a Connector Configuration

Connector configurations can be updated at any time after creation. Go to the Automate > Integrations page and select the specific connector you want to update.

Utilizing the Connector

The data from a Orca scan file can be ingested as either host findings or application findings (depending on the asset type). Hosts and host findings have the scanner name ORCAHOST. Applications and application findings have the scanner name ORCAAPP. Scanner Name can be used as a filter any page showing assets or findings.

Assets

Asset data can appear on either the Hosts page or the Applications page. In either case, the Scanner Specific Information section of the detail pane shows the asset properties reported by Orca.

Example: In the Application Summary pane under the Scanner Specific Information section, the scanner is listed as ORCAAPP.

Findings

Depending on the source’s asset type, findings can appear either on the Host Findings or Application Findings. Filter or do a Group By on Scanner Name to locate them.

Severity Mapping

Orca reports severity on the same 0.0-10.0 scale used by Ivanti Neurons with no modification.