Orca Security
API integration

list_all_orcasecurity_alerts

Retrieve alerts from Orca Security. The response provides detailed information about the retrieved alerts, including their attributes and related data.

get_single_orcasecurity_alert_by_id

Retrieves details of a specific alert identified by its id from Orca Security. The response contains information related to the alert, including remediation details, compliance status, asset details, and more.

orcasecurity_alerts_event_logs

Use this endpoint to retrieve the event log for a specific alert by providing the alert_id. The response includes a list of events related to that alert, along with metadata for each event.

orcasecurity_alerts_state

Use this endpoint to retrieve the current state of a specific alert identified by its alert_id. The response includes detailed information such as the alert's severity, rule source, timestamps for creation and last update, verification status, risk level, Orca score, current status, and more.

list_all_orcasecurity_alerts_scheme

Retrieves a list of alerts and their details from Orca Security. The response includes an array of "alerts" with attributes such as type, rule information, compliance status, asset details, severity, cloud provider information, connectivity details, vulnerabilities, etc.

list_all_orcasecurity_alerts_vulns

Fetches a list of vulnerability alerts from Orca Security. Each alert includes details like CVE findings, severity, affected assets, fix availability, and related cloud account and organization data.

list_all_orcasecurity_alerts_remediation_actions

Use the endpoint to get remediation action and template IDs relevant to a specific alert type, such as "vulnerability". This helps identify which remediation steps can be applied to alerts of that type, enabling automated or guided response actions.

list_all_orcasecurity_alerts_vulns_malware

Use the endpoint to retrieve alerts from Orca Security for specified types such as vulnerability, malware, or both. The response includes detailed alert information, such as CVE details, severity levels, fix availability, affected packages, CVSS scores, exploit data, and more.

list_all_orcasecurity_assets

Use the endpoint to retrieve a list of assets from the Orca Security platform. The response includes asset details such as name, type, scan status, associated cloud account, model, state, and Orca tags.

orcasecurity_assets_scheme

Use the endpoint to retrieve the schema definition of assets from the Orca Security platform. The response includes metadata about asset structure, such as asset type, category, cloud provider, organization, connectivity, access, tags, risk level, configuration, and state.

create_a_orcasecurity_session

Use this endpoint to create a new user session by providing a valid security_token. This initiates authentication and returns session details upon success.

delete_a_orcasecurity_session_by_id

Use this endpoint to terminate the current user session, effectively logging the user out and revoking the session token.

list_all_orcasecurity_cloud_accounts

Use the endpoint to retrieve a list of connected cloud accounts from the Orca Security platform, including detailed metadata and aggregated statistics. The response includes information such as cloud provider type (e.g., AWS, GCP), account status, onboarding status, scan limitations, tags, remediation configurations, and DSPM (Data Security Posture Management) setup.

get_single_orcasecurity_cloud_account_by_id

Use this endpoint to retrieve detailed information about a specific cloud account in Orca Security by its unique ID. The response includes metadata such as cloud provider, account status, permissions, scan configuration, tags, and other relevant account-level settings.

list_all_orcasecurity_accounts_remediation

Use this endpoint to retrieve remediation configuration details for a specific cloud account, including the template and remediation_action values. These values are needed when configuring or triggering automated remediation workflows in Orca Security.

list_all_orcasecurity_cloudtrail_discovery

Use this endpoint to discover AWS CloudTrail configurations across connected AWS accounts in Orca Security. It helps identify available CloudTrail trails and assess their readiness for onboarding and security monitoring.

list_all_orcasecurity_gcp_accounts

Use this endpoint to retrieve a list of GCP accounts available for mass onboarding in Orca Security. It provides information needed to initiate and manage the onboarding of multiple Google Cloud projects or accounts.

get_single_orcasecurity_alert_jira_info_by_id

Use this endpoint to retrieve Jira integration details for a specific alert in Orca Security. It returns information such as the linked Jira ticket, status, and any synchronization details between Orca and Jira for the given alert ID.

get_single_orcasecurity_scan_by_id

Use this endpoint to retrieve the current status of a specific scan in Orca Security by providing its unique scan ID. The response includes information about the scan’s progress, completion state, and any issues encountered during execution.

create_a_orcasecurity_scan

Use this endpoint to create and launch a new security scan for a specific asset in Orca Security.

create_a_orcasecurity_vendor_scan_asset

Use this endpoint to create and launch a scan for a specific asset using its cloud provider ID, asset type, and provider asset ID (such as an AMI or VM ID).

list_all_orcasecurity_cve_scheme

Use this endpoint to retrieve the full schema definition of CVE (Common Vulnerabilities and Exposures) objects in Orca Security. The response outlines all fields available in CVE data, including asset details, severity scores, affected packages, exploit links, and fix status—helpful for understanding, parsing, or validating CVE-related API responses.

list_all_orcasecurity_sonar_schema

Use this endpoint to retrieve the field structure and metadata schema for Sonar findings in Orca Security.

list_all_orcasecurity_sonar_schema_models

Use this endpoint to retrieve the schema definition for a specific Sonar model in Orca Security. By specifying the model name (e.g., AzureSqlDbServer) as a query parameter, you can view the fields and structure used for that particular model's findings.

list_all_orcasecurity_query_sonar

Use this endpoint to run custom Sonar queries against cloud resources and identify configurations, such as unrestricted access or misconfigurations.

list_all_orcasecurity_query_schema

Use this endpoint to retrieve the field structure and metadata schema for various data types in Orca Security, including assets, alerts, inventory, logs, and CVEs. It returns a JSON object with version, status, and data fields describing the schema of each data type.

list_all_orcasecurity_query_catalog

Use this endpoint to retrieve the list of predefined queries available in the Orca Security Query Catalog, along with their associated metadata.

list_all_orcasecurity_query_inventory

Use this endpoint to retrieve filtered inventory data from Orca Security using a DSL-based query. You can apply complex filters using the dsl_filter parameter and optionally request a downloadable result with the get_download_link method.

list_all_orcasecurity_query_alerts

Use this endpoint to retrieve alert data from Orca Security using custom DSL-based filtering. It allows querying specific alert types, severities, statuses, and other attributes to support advanced use cases, such as integrations, dashboards, or automated analysis.

orcasecurity_query_alerts_show_info_true

Use this endpoint to retrieve all alerts, including informational alerts, from the Orca Security API. You can apply a DSL filter to refine the results. The response includes alert details such as asset type, remediation info, compliance status, tags, and more.

list_all_orcasecurity_query_logs

Use this endpoint to retrieve log data from the Orca Security platform. It returns a list of log entries, including status, grouping details, total item counts, and a list of log data objects.

list_all_orcasecurity_query_cves

Use this endpoint to retrieve a list of CVEs (Common Vulnerabilities and Exposures) from the Orca Security platform.

list_all_orcasecurity_query_assets

Use this endpoint to retrieve a list of all assets in your Orca Security environment.

list_all_orcasecurity_attack_paths_crown_jewels

Use this endpoint to retrieve a list of Crown Jewel assets identified by Orca Security.

list_all_orcasecurity_chain_attack_paths

Use this endpoint to retrieve the attack path snapshot for a specific chain.

list_all_orcasecurity_user_audit_logs

Use this endpoint to retrieve audit logs related to user activity within Orca Security.

orcasecurity_user_audit_logs_actions

Use this endpoint to retrieve a list of possible user actions recorded in the audit logs.

list_all_orcasecurity_auth_tokens

Use this endpoint to retrieve a list of active authentication tokens associated with your Orca Security account.

create_a_orcasecurity_external_service_action

Use this endpoint to initiate a remediation action via an external service in Orca Security. The request must include the service name, remediation template ID, specific remediation action, and a list of alert IDs to which the remediation will be applied.

list_all_orcasecurity_users

Use this endpoint to list all the users available in Orca Security.