Skip to content
Find out how we support MDR.

Orca Security


You must have the "Public Cloud" integrations license pack to use this feature.

You can integrate Orca with Sophos Central so that it sends data to Sophos for analysis.

This is an API integration. You need an API key, also known as an API token, from Orca.

The key steps are as follows:

  • Get an API key and base URL from Orca.
  • Add an integration in Sophos Central.

Get an API key and base URL

To get the API key and base URL, do as follows:

  1. Sign in to Orca as an administrator with the same rights that are needed to perform the API's actions.

    The API key inherits its user role and permissions from the signed-in admin.

  2. In the Orca dashboard, go to Settings > Modules.

  3. Select the Integrations tab.
  4. Click Generate Key.
  5. Copy and save the key.
  6. In the Swagger tile, click View.
  7. Make a note of the Base URL at the top of the page. For example:

Add an integration

To integrate Orca with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center and click Integrations.
  2. Click Orca.

    If you've already set up integrations of this type, you see them here.

  3. In Integrations, click Add.


    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, do as follows:

    1. Enter a name and a description for the integration.
    2. Enter the Base URL you looked up earlier.

      Prefix the URL with https://. For example:

    3. Enter the API token.

  5. Click Save

We create the integration and it appears in your list.

If your integration shows as Connected, your data should appear in the Sophos Data Lake after validation.

More information