---
title: "Orca Security"
slug: "orca"
updated: 2026-02-17T05:03:32Z
published: 2026-02-17T05:03:32Z
canonical: "help.nucleussec.com/orca"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Orca Security

## Overview

Nucleus enables you to ingest your Orca vulnerability, compliance and system misconfiguration data directly into your Nucleus console using an automated connector. The connector uses the APIs provided by Orca Security to seamlessly sync data into your Nucleus project for use in analysis, triage, automation, and reporting.

The Orca Security connector supports importing vulnerabilities and alerts for:

- All active and running Virtual Machines
- All scanned container images including those that are active in a containerised environment as well as point in time scans.
- Cloud misconfiguration findings on cloud resources, as well as vulnerabilities on Serverless functions.

AvailabilityThe Orca Security connector is currently in open beta. Please contact support to have the connector enabled for your Nucleus organization. If you would like access to Cloud Resources, please also request for this explicitly.

## Connector Setup

### Connector Setup Checklist

Follow the steps in this checklist to successfully set up this connector:

1. **API Access**  
Create a service account API token in Orca.
2. **Connector Configuration**  
Create and configure the connector in your Nucleus project.
3. **Vulnerability & Alert Data Ingestion**  
Create one or more vulnerability scan ingest rules to ingest vulnerabilities, compliance findings and system misconfigurations from Orca.

### 1. API Access

1. Open Orca and go to **Settings -> Users & Permissions -> API.**
2. Under the **API Tokens** tab, click **Add API Token**. You will see the following popup:![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image-1704929529000.png)
3. In the **Add API Token**popup, enter the following information:

| Field | Description |
| --- | --- |
| Name | Enter a unique API token name, such as Nucleus Security Connector. |
| Description | (Optional) Enter a description for your connector. |
| Expiration | Leave **Never Expire** unchecked. |
| Service Token | Leave this box **unchecked**. |
| Role | For quick onboarding, select the **Administrator**role. See FAQ for a role with fewer permissions. |
| Scope access to specific resources | Leave this unchecked, or optionally scope this account to access only specific accounts or business units within your Orca subscription. |

1. Click **Add****.**You will be presented with an Integration API token like so:![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image-1704930621379.png)
2. Copy the token for use later, and click **Continue**.

You can find out more about managing API tokens in Orca's documentation [here](https://docs.orcasecurity.io/docs/managing-api-tokens).

### 2. Connector Configuration

1. Open Nucleus and go to**Integration Hub****> Connector Setup**
2. Under the **Scanners** section, click the **Orca******icon. You will see the following popup:![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image-1704928916125.png)
3. In the **Setup Orca Connector**popup, enter the following information:

| Field | Description |
| --- | --- |
| Name | (Optional) enter a name for your connector. If left blank, this will default to Orca. |
| Description | (Optional) Enter a description for your connector. |
| Instance URL | Enter the URL to your Orca instance. |
| API Token | Enter the token you created in API Access. |

1. Click **Verify Credentials****.**
2. Click **Save**.

### 3. Vulnerability & Alert Data Ingestion

1. Go to **Integration Hub****> Import via Connector**.
2. Select the Orca connector you just created.
3. Select the method of import: All Virtual Machines, All Container Images or All Cloud Resources.![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image-1719454309439.png)
4. Select a schedule to import scans into the project.
5. Click **Save & Finish**.

## Frequently Asked Questions

### Does the connector require all permissions in the Administrator role?

The connector can function with a fewer set of permissions than in the Administrator role. If you don't want to configure the Administrator role for production, please clone the **Viewer** role, edit it and include the **Platform Organization Read** permission.

For customers using the serving layer API's and do not wish to grant Administrator roles. Proceed with the following to create a new service account:

1. Navigate to Roles
  1. Locate the Viewer Role and Duplicate it
2. Edit the new role and Add the following 2 permissions
  1. Platform -> Schedule Reports -> Export
  2. Organization -> Read

### How are alerts mapped to finding types in Nucleus?

Nucleus ingests all CVE's from Orca as vulnerabilities in Nucleus, and ingests alerts as either compliance findings, or both vulnerabilities and compliance findings. Alerts ingested as both types of findings won't be duplicated as separate findings, but instead show up on both views, as they fit both the criteria of being a vulnerability as well as a compliance finding.

The finding type of an alert is determined by its alert category in Orca. The following table details how alerts in each Orca alert category show up in Nucleus:

| Orca Alert Category | Nucleus Finding Type (VMs and Container Images) | Nucleus Finding Type (Other asset types) |
| --- | --- | --- |
| Authentication | Compliance | Compliance |
| Best practices | Compliance | Compliance |
| Data at risk | Vulnerability & Compliance | Compliance |
| Data protection | Compliance | Compliance |
| IAM misconfigurations | Compliance | Compliance |
| Lateral movement | Vulnerability & Compliance | Compliance |
| Logging and monitoring | Compliance | Compliance |
| Malicious activity | N/A | N/A |
| Malware | N/A | N/A |
| Neglected assets | Compliance | Compliance |
| Network misconfigurations | Compliance | Compliance |
| Suspicious activity | N/A | N/A |
| System integrity | N/A | N/A |
| Vendor services misconfigurations | Compliance | Compliance |
| Workload misconfigurations | Compliance | Compliance |