You must have the Public Cloud integrations license pack to use this feature.
You can integrate Orca with Sophos Central so that it sends data to Sophos for analysis.
This is an API integration. You need an API key, also known as an API token, from Orca.
The key steps are as follows:
- Get an API key and base URL from Orca.
- Configure an integration in Sophos Central.
Get an API key and base URL
To get the API key and base URL, do as follows:
Sign in to Orca as an administrator with the same rights that are needed to perform the API's actions.
The API key inherits its user role and permissions from the signed-in admin.
In the Orca dashboard, go to Settings > Modules.
- Select the Integrations tab.
- Click Generate Key.
- Copy and save the key.
- In the Swagger tile, click View.
- Make a note of the Base URL at the top of the page. For example:
Configure an integration
To integrate Orca with Sophos Central, do as follows:
- In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
The Orca page opens. You can configure integrations here and see a list of any you've already configured.
In Data Ingest (Security Alerts), click Add Configuration.
If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.
In Integration steps, do as follows:
- Enter a name and a description for the integration.
Enter the Base URL you looked up earlier.
Prefix the URL with
https://. For example:
Enter the API token.
We create the integration and it appears in your list. If the status icon shows Healthy, your data should appear in the Sophos Data Lake after validation.