About Orbital
Orbital is a cloud-based, attack research and response tool. It allows the user to gather system and security information from the client’s networked devices and to respond to any threats found.
To accomplish this, Orbital allows you to query your network’s devices, using SQL, and then use Python scripts to respond to any found threats. Orbital uses osquery to allow SQL queries to run against your organization’s endpoints. Creating and running Orbital queries and scripts is performed on the Investigate page.
The results for the queries and scripts that have been run can be found listed on the Results page. Result details can be viewed by drilling down into the individual results listed on the Results page.
Orbital’s Catalog provides hundreds of carefully researched and tested queries and scripts. Additionally, you can write your own SQL queries and Python scripts, which can be saved to the Catalog or discarded after a single use.
Important Points of Note:
-
Orbital supports the use of proxies, except SSL terminating proxies. All operating systems can be used with proxies.
-
Apple Silicon is supported when running macOS 11 or newer.
-
The screen captures in these Help topics may not always reflect the latest product names or UI enhancements.
Table of Contents
- How Do I Get Orbital?
- What’s New?
- Frequently Asked Questions
- System Requirements
- Cisco XDR or SecureX Admin Users
- Supported Platforms
- Supported Browsers
- Network Connectivity
- Orbital Integrations
- Orbital Nodes
- What is osquery?
- Orbital Settings My Account Tab
- Orbital Settings User Tab
- Remote Data Stores
- Orbital Settings Organizations Tab
- Results Notifications
- Investigate
- Orbital Results
- Orbital Catalog
- Endpoints Page
- Orbital APIs
- Examples
- Orbital Service Addresses
- Request ID
- Orbital’s Script API
- Client Authentication
- Orbital API Errors
- Query API
- Request Parameters
- osquery Objects in Queries
- Postback Objects in Queries
- Specifying Nodes as Subjects of Queries
- A Number of Prefixes are Also Available to Identify Nodes by Specific Properties
- Machine Identifier
- Query API Limits
- The
None of the specified nodes were found
Error Message - Example 1: Getting a List of Processes From the Front Desk
- Example 2: A Non-Stock Query
- Example 3: A Stock Query
- Example 4: A Postback, Using an Existing Webhook
- Example 5: A Postback, Using a Live Webhook
- Results API
- Webhook API
- Orbital OK API
- WMI Classes
- Orbital Yara Rules and System Configuration
- Orbital Troubleshooting
- Glossary