Orca Security 整合的概覽
警告
此整合目前不受支援。這是因為Orca軟體的變更。
您可以將 Orca Security 與 Sophos Central 整合,讓其將警示傳送至 Sophos 進行分析。
本頁面提供此整合功能的概覽。
Orca Security 產品簡介
Orca Security 是一個雲端原生安全平台,可為公有雲端基礎架構提供全棧式可視性和保護。透過直接利用雲端環境,它可以識別弱點、惡意軟體、錯誤組態和橫向移動風險,確保您的雲端資產保持安全和合規,無需使用代理程式或網路掃描器。
Sophos 文件資訊
資料擷取內容
Sophos 可擷取的範例警示包括:
"alertType": "aws_s3_risky_policy""alertType": "malware""alertType": "Expired ACM certificate""alertType": "The following vulnerabilities were found on Internet facing service: kernel VERSION""alertType": "Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'VALUE' (Automated)""alertType": "The following vulnerabilities were found on service: amazon-ecs-volume-plugin VERSION""alertType": "The following vulnerabilities were found on software: golang.org/x/net-VERSION"
資料篩選
我們按照以下方式篩選訊息:
- 我們僅篩選以確認訊息格式正確。
- 我們不會刪除任何警示項目。
威脅對應範例
如果不為空,我們將從 description 欄位定義警示類型。否則,我們將使用字段type_string。
範例對應項目如下:
{"alertType": "aws_iam_old_role_with_policy", "threatId": "T1098", "threatName": "Account Manipulation"}
{"alertType": "malware", "threatId": "T1587.001", "threatName": "Malware"}
{"alertType": "Unencrypted web endpoint exposing password input field", "threatId": "T1056", "threatName": "Input Capture"}