Orca Cloud Security Connector
The Orca Cloud Security Connector bridges Orca's CNAPP platform with Qualys' Enterprise TruRisk Platform by automatically ingesting cloud asset inventory and vulnerability findings through scheduled API calls.
The connector covers a range of workload types including Compute, Container Instances, Container Images, and Serverless environments. Security teams gain unified visibility across multi-cloud environments by consolidating Orca's agentless detection data with Qualys' risk scoring capabilities into a single asset inventory.
This integration removes the need for manual data translation between platforms, allowing SecOps teams to focus on remediating the most critical vulnerabilities rather than managing separate vendor consoles. By delivering enhanced risk context and prioritization through Qualys TruRisk, the connector supports more efficient resource allocation across modern cloud workloads.
Connector Details
Here is a comprehensive overview of what the Orca Cloud Security connector supports.
| Vendor | Orca |
| Product Name | Orca Cloud Security |
| Category | CNAPP |
| Assets Supported | Compute, Container Instances, Container Images, Serverless |
| Findings Supported | Vulnerabilities |
| Supported Version & Type | SaaS (Latest) |
| Integration Type | API Integration (REST / GraphQL) |
| Direction | Unidirectional (Orca to Qualys) |
| Incremental Sync (Delta) | Not Supported |
| Import of Installed Software | Not Supported |
| Import of Source Tags | Not Supported |
Connection Settings
User Roles and Permissions
To retrieve assets and vulnerability findings, the Orca Cloud Security connector uses the Orca Serving-layer APIs.
You must generate an API token with sufficient permissions before configuring the connector.
- You can use the built-in Viewer role provided by Orca.
- Alternatively, you can create a custom role with the minimum permissions required to access: HostAssets and VulnerabilitiesV2.
Reference: Default Roles and Permissions (Orca)
Authentication Details
Provide the following values on the connector configuration screen.
| Name | Key | Type | Description |
|---|---|---|---|
| API Token | api_token |
Encrypted String | API token generated from Orca Cloud Security |
| Domain | domain |
String | Orca API domain based on region (for example: api.orcasecurity.io, app.eu.orcasecurity.io) |
Connector Configuration
Basic Details
- Log in to Qualys ETM.
- Navigate to Connectors > Integration.
- Locate the Orca Cloud Security Connector and click Manage.
- Provide a connector Name and Description.
- Enter the required authentication details.
Schedule
Schedules control when the connector executes and what data is ingested.
- Select the execution frequency.
- Select the supported Asset Types.
- Select Vulnerability findings for ingestion.
Asset Identification Rules
Identification Rules are predefined precedence rules provided by Qualys CSAM. These rules determine how imported findings are associated with assets in ETM.
Identification Rules apply only to compute assets. Other asset classes are not affected.
You can proceed without modifying these rules.
How Does the Connection Work?
On schedule (or on demand), the Orca Cloud Security connector retrieves supported cloud asset classes and vulnerability findings from Orca and imports them into ETM Unified Asset Inventory.
Each execution performs a full data pull.
In the Connector screen, the connector transitions through the following states:
- Registered – Connector is created.
- Scheduled – Connector is queued for execution.
- Processing – Assets and findings are being fetched.
- Processed – Assets are imported; findings may continue processing.
The full ingestion process may take several hours depending on data volume.
Viewing Assets and Findings in ETM
After ingestion completes, you can view Orca data in ETM.
- Assets: Enterprise TruRisk M