Back to Resources
Integration Notes

Revelstoke + Orca Security

July 26, 2023

How It Works

Revelstoke ingests alerts if suspicious activity is detected from a cloud environment. A new alert in Orca will trigger the creation of an alert in Revelstoke. Revelstoke allows management of the Orca alert processing workflow.

Requirements

To authorize the Orca Security integration, an admin role is necessary. If you don’t have admin privileges, you can request an admin or account owner in your organization to configure the integration for you. After the integration has been configured by an admin, you will receive the following details:

  1. Base URL of API Platform
  2. API Token

Support

If you need any help getting the <integration> up and running, please do not hesitate to reach out to us via email at [email protected]

Integration Walkthrough

In Orca Security

Revelstoke integrates with Orca Security. To connect, you must generate an API Key.

  1. Navigate to Settings > Users & Permissions > API and click Create API Token.
    1. The Create API Token window appears.
  2. Enter or select the following criteria:
    1. Enter the token name
    2. Enter a description
    3. Mark or clear Never Expire:Never expire is marked by default. The expiration date can be configured by clearing the checkbox.
    4. Mark or clear Public:You can define public tokens that are not linked to a specific user. The token is scoped according to the user that created them but can still be used if the user is removed from the organization.
    5. Select a role. See Default Roles and Permissions.
    6. Select the accounts that you want users to have access to
  3. Click Create Token.
    1. The Integration API Token Appears.
  4. Copy the token and click Continue

In Revelstoke

  1. In your Revelstoke account, navigate to the integrations page.
  1. Select Add Integration Instance.
  2. Select the Orca Security integration
  1. Enter the following required fields:
    • Name
    • Base URL of API Platform
    • API Token
    • Default Alerts Limit
    • Select Execute on a Schedule Checkbox
    • Select Enabled Checkbox

  1. Click Save

To Disable Orca Security from Revelstoke

  1. Navigate to the Integrations page.
  2. Under the Orca Security section click the Pencil icon.
  3. Uncheck The Enabled Checkbox
  4. Uncheck Execute On A Schedule and then Save to stop creating alerts.

To Remove Orca Security from Revelstoke

  1. In your Revelstoke account, navigate to the Integrations page.
  2. Select the Trash icon.
  3. Select Yes, delete to remove Orca Security Integration from Revelstoke.
Back to Resources

+1.408.459.4454

Revelstoke radically simplifies security orchestration, automation and response (SOAR), so security teams can work faster, smarter and more effectively. With a low-code, drag-and-drop interface, dozens of built-in integrations, incredible visibility into performance metrics, and robust reporting capabilities, Revelstoke empowers analysts to stop threats fast, and gives security leaders a clear picture on the business impact of security operations.

Contact Us

©2023 Revelstoke All Rights Reserved

©2023 Revelstoke All Rights Reserved

Site Map | Website, Email and Communications Privacy Policy | Service Privacy Policy