You must have the "Public Cloud" integrations license pack to use this feature.
You can integrate Orca with Sophos Central so that it sends data to Sophos for analysis.
This is an API integration. You need an API key, also known as an API token, from Orca.
The key steps are as follows:
- Get an API key from Orca.
- Add an integration in Sophos Central.
Get an API key from Orca
To get the API key, do as follows:
Sign in to Orca as an administrator with the same rights that are needed to perform the API's actions.
The API key inherits its user role and permissions from the signed-in admin.
In Orca dashboard, go to Settings.
- Select the Integrations tab.
- Click Generate Key.
- Copy and save the key.
Add an integration
To integrate Orca with Sophos Central, do as follows:
- In Sophos Central, go to Threat Analysis Center and click Integrations.
If you've already set up integrations of this type, you see them here.
In Integrations, click Add.
If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.
In Integration steps, do as follows:
- Enter a name and a description for the integration.
Enter the Base URL.
https://app.eu.orcasecurity.io/for all Orca integrations.
Enter the API token.
We create the integration and it appears in your list.
If your integration shows as Connected, your data should appear in the Sophos Data Lake after validation.