Orca Security 整合的概覽

API 公用雲

您可以將 Orca Security 與 Sophos Central 整合，讓其將警示傳送至 Sophos 進行分析。

本頁面提供此整合功能的概覽。

Orca Security 產品簡介

Orca Security 是一個雲端原生安全平台，可為公有雲端基礎架構提供全棧式可視性和保護。透過直接利用雲端環境，它可以識別弱點、惡意軟體、錯誤組態和橫向移動風險，確保您的雲端資產保持安全和合規，無需使用代理程式或網路掃描器。

Sophos 文件資訊

整合 Orca Security

資料擷取內容

Sophos 可擷取的範例警示包括：

"alertType": "aws_s3_risky_policy"
"alertType": "malware"
"alertType": "Expired ACM certificate"
"alertType": "The following vulnerabilities were found on Internet facing service: kernel VERSION"
"alertType": "Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'VALUE' (Automated)"
"alertType": "The following vulnerabilities were found on service: amazon-ecs-volume-plugin VERSION"
"alertType": "The following vulnerabilities were found on software: golang.org/x/net-VERSION"

資料篩選

我們按以下方式篩選警示：

我們僅進行格式驗證，確認回傳的資料符合預期格式。
我們不會刪除任何警示項目。

威脅對應範例

如果不是空的，我們從字段 description 定義警報類型。否則，我們會使用欄位type_string。

範例對應項目如下：

{"alertType": "aws_iam_old_role_with_policy", "threatId": "T1098", "threatName": "Account Manipulation"}
{"alertType": "malware", "threatId": "T1587.001",  "threatName": "Malware"}
{"alertType": "Unencrypted web endpoint exposing password input field", "threatId": "T1056", "threatName": "Input Capture"}