We’re happy to share that the Orca Platform now integrates with Panther, a leading security monitoring platform for the cloud. Security teams can use this integration to ingest Orca intelligence, centralize and correlate security telemetry across a wide set of data sources in Panther, and focus action on the most important and urgent issues. 

Unified security telemetry across your entire security and infrastructure tech stack

The security technology landscape continues to diversify, effectively fragmenting where actionable data originates and lives. Extensibility through integrations remains a value driver for growing cloud-native companies as they expand their tech stack. Because Panther ingests data across many domains like EDR solutions, network sensors, and cloud infrastructure logs, Panther helps SOC teams investigate cloud security findings faster, with all of the data centralized.

Correlate data across different infrastructure and security tools

When an Orca alert gets sent to Panther, Orca sends all of the relevant context it has already gathered in its Unified Data Model, like the findings, MITRE ATT&CK techniques, and risk exposure. This also includes information about the related asset, like the asset ID and account ID, which customers can then use to pivot their investigation in Panther to identify any related signals or events.

An animated GIF of the Orca Platform displaying an alert
Alert in the Orca Platform

For example, an Orca alert about an S3 bucket not having MFA-Delete enabled gets sent to Panther. In Panther, customers can use the account ID from the Orca alert to check AWS CloudTrail logs to determine if any S3 buckets in the account were deleted.

A screenshot of the Panther platform visualizing events logged for an AWS Account ID found in an Orca alert
Panther visualization of events logged for an AWS Account ID found in an Orca alert

Doing this surfaces an event showing an S3 bucket was deleted. When the Rule ID AWS.S3.BucketDeleted is added as a filter, we discover that the bucket was in fact deleted. 

A screenshot of the Panther platform providing evidence of a deleted S3 bucket that did not have MFA-delete enabled
Evidence of a deleted S3 bucket that didn’t have MFA-delete enabled.

A deleted bucket on its own is not newsworthy, but it would be wise to prevent this from happening in the future, whether buckets are deleted accidentally or maliciously. In Panther, customers can set up correlation rules to be notified when a combination of Orca alerts and other events occur in the same time frame to escalate the urgency of a security issue.

A screenshot of the Panther correlation rule created with the Orca Passthrough rule
Panther correlation rule created with the Orca Passthrough rule.

Take a look at the full video walkthrough of Orca alerts in Panther from Ju Cho, Solutions Engineer at Panther.

About the Orca Cloud Security Platform

Orca offers a unified and comprehensive cloud security platform that identifies, prioritizes, and remediates security risks and compliance issues across AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Kubernetes. The Orca Cloud Security Platform leverages Orca’s patented SideScanning™ technology to provide complete coverage and comprehensive risk detection. 

Learn More

Interested in discovering the benefits of the Orca Platform and how it can be integrated with tools like Panther? Schedule a personalized 1:1 demo, and we’ll show how you can use Orca to identify, prioritize, and remediate risks in your cloud environment. If you already use both Orca and Panther, follow the steps in the documentation to set up the integration.