- New compliance frameworks and an improved compliance dashboard.
- New compliance frameworks: PCI DSS, Azure CIS v1.2.0, GCP CIS v1.1.0, Docker CIS, and Orca Best Practices
- The dashboard has been improved. For new compliance frameworks, you can now easily view the alerts that caused a control test to fail.
We added the following new 3rd party integrations:
- PagerDuty - Get PagerDuty notifications from Orca alerts
- ServiceNow - Manage Orca alerts and asset inventory in your ServiceNow instance
- Splunk - Export Orca alert data to the Splunk SIEM
- Axonius - Export Orca asset data to Axonius. Axonius is an asset management platform.
- Swagger - Use the Swagger User Interface (UI) to experience the Orca API
- OpsGenie - Get OpsGenie notifications from Orca alerts
- The Jira configuration interface has been improved so that there is greater flexibility and the ability to create multiple templates has also been added.
- Added attack maps for Azure and Google Cloud Platform (GCP)
- Added a new lateral movement map that takes IAM roles
- The attack map icons have been improved
- Attack map improvements were made for clarity
- An application viewer map that displays the Kubernetes architecture for an asset (if applicable) has been added.
- New API calls for Continuous Integration / Continuous Development (CI/CD) and for improved scanning speed
- A new set of API calls enables the user to scan resources and get results quickly. These new API calls can also be used to integrate Orca into your CI/CD pipeline/systems. [See here for documentation on these new API calls]
- Logs: Logs can now be collected from running machines
- Security and audit logs can now be collected from running machines and are searchable in the Orca User Interface (UI). Data can be collected from the following logs:
- Query Language - We added a powerful new query language for Orca. Users now have the ability to query the inventory in Orca using a human-like query language.
- File Integrity Monitoring (FIM) - Orca can now alert on FIM issues. FIM is a critical control in PCI DSS and OS CIS frameworks. (Note: this feature is off by default, however, it can be enabled through the API, and will soon you will be able to enable FIM through the Orca User Interface.)
- Webhost Address - Orca now displays the URL of scanned web servers.
- Weak Password Detection on Tomcat Servers - Added the ability to detect default passwords and weak passwords on Tomcat servers
- .NET Vulnerability Detection on Non-Windows Machines - Orca now scans and alerts on .NET vulnerabilities on non-Windows machines
- User Audit Log - An audit trail for all Orca internal users. It enables an Orca admin to monitor and investigate the activity of users in their Orca account.
- Onboarding: Direct links to integrations from the setup dashboard - When a user is onboarding with Orca while waiting for the first initial scan to finish, the user can now start integrating 3rd party apps immediately with Orca to save time.
- Compliance Framework Access from the Asset Page - You can now access the relevant compliance frameworks from the asset page.
- Time Machine - Go back and view your organizational security posture at any point in the last 12 weeks. This feature is available across the entire Orca platform.
- Advanced Asset Inventory Search - Users can now query the inventory using a query builder that allows the user to create sophisticated queries. Here are two examples. The first query example shows all hosts that have sudo version 1.8.9p5 installed, and the second example shows all hosts that have port 80 open.
- Rename Cloud Account Names - You can now rename cloud account names directly from the User Interface (UI)
- Orca Support Documentation Accessible from UI - You can now access the Orca support documentation and open a support ticket directly from the Orca user interface (UI).
- Vulnerability Fix Details - Links to the vulnerability fix have been added where available.
- Azure Image Scanning Support - Orca now supports the ability to scan Azure machine images.
- Azure Container Registry Support - Orca now supports the ability to scan the Azure container registry.
- AWS PrivateLink Support - Orca now supports using an AWS PrivateLink. AWS PrivateLink enables the use of the Orca API directly from your private AWS Virtual Private CLoud (VPC) without going out to the Internet. [See the Orca documentation here for how to configure the AWS PrivateLink to use it with Orca]
- Dynamic CSV Report Fields - The user can export the viewed data in the CSV format. This new feature allows the user to select the specific fields that show up in the CSV report instead of them being hardcoded. New alert and inventory fields were also added.
Note: The following features are considered public beta. Please note that these features have been tested, but may either have some rough edges or minor bugs, so please be aware of this if you decide to use any features that are marked beta. If you have feedback or discover any bugs when using any beta features please report them to Orca support or file a Zen desk ticket. We also plan to remove the beta designation on these features soon.
- Custom Alerts (beta) - Users can now build customized alerts using the Orca query language to trigger alerts that specifically match their requirements.
- Automation (beta) - Users can now automatically trigger different actions for different alert types. Some examples of different actions that are available are: dismiss, change severity, notify in PagerDuty, notify in Slack, create a Jira ticket, and more.
- Remove the public beta status for the Custom Alerts and Automation features - Customers will be able to create custom alerts and automate the handling of alerts.
- New compliance framework: Apache CIS
- GCP In-account Scanning
- Integrations - Demisto
- AWS Builder Support - Ability to scan images during the build cycle. Customers will be able to block/fail the build if the image has severe issues.