Skip to content
Find out how we support MDR.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=Orca

Orca Security

API

You must have the "Public Cloud" integrations license pack to use this feature.

You can integrate Orca with Sophos Central so that it sends data to Sophos for analysis.

This is an API integration. You need an API key, also known as an API token, from Orca.

The key steps are as follows:

  • Get an API key from Orca.
  • Add an integration in Sophos Central.

Get an API key from Orca

To get the API key, do as follows:

  1. Sign in to Orca as an administrator with the same rights that are needed to perform the API's actions.

    The API key inherits its user role and permissions from the signed-in admin.

  2. In Orca dashboard, go to Settings.

  3. Select the Integrations tab.
  4. Click Generate Key.
  5. Copy and save the key.

Add an integration

To integrate Orca with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center and click Integrations.

  2. Click Orca.

    If you've already set up integrations of this type, you see them here.

  3. In Integrations, click Add.

    Note

    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, do as follows:

    1. Enter a name and a description for the integration.

    2. Enter the Base URL.

      This is https://app.eu.orcasecurity.io/ for all Orca integrations.

    3. Enter the API token.

  5. Click Save

We create the integration and it appears in your list.

If your integration shows as Connected, your data should appear in the Sophos Data Lake after validation.

More information