Orbital Cisco Interactions
Orbital has been integrated with other Cisco Secure Platform products. Orbital is tied to Cisco Secure Malware Analytics and Cisco XDR/Secure Client Cloud Management products. These integrations are discussed in more detail in this topic.
Use Orbital with Secure Malware Analytics
Secure Malware Analytics was integrated with Orbital and is available in Secure Malware Analytics for Secure Endpoint users. Because of this integration, if a sample is submitted to Secure Malware Analytics that contains any behavioral indicators which include Orbital queries, you will be able to pivot from Secure Malware Analytics directly into Orbital. This pivot will populate the Orbital Builder with that query.
Orbital information and pivot links are available within Secure Malware Analytics in the quick views in the several locations:
-
The Samples manager page - In the results dropdown views
-
The Sample Analysis Report - The Behavioral Indicators section contains a toggle to only display indicators with Orbital queries, and an Orbital Queries column is added with the Orbital Queries links that will pivot directly into Orbital. The behavioral indicators detailed dropdown view also contain an Orbital Query pivot link under Actions.
-
The Indicators page
-
Individual Behavioral Indicator pages
Using Orbital with Cisco XDR or Secure Client Cloud Management
Orbital can be integrated with Cisco XDR or Secure Client Cloud Management as a reference module which can enrich information presented in the relations graph by pivoting into Orbital to query and gather additional intelligence about your host, IPv4, IPv6, MAC, and OS.
| Note: | Orbital is obtained as part of the Secure Endpoint Advantage Licensing and is supported in North America, European Union, and Asia and Pacific. |
Cisco XDR and Secure Client Cloud Management Integration
For Orbital to run queries and scripts against endpoints, it has to know which endpoints are available to it. It does this by linking to the appropriate Cisco XDR or Secure Client Cloud Management organizations.
Cisco XDR Integration
Cisco XDR is set up on the Integrations page of your Cisco XDR account. Refer to the Integrations page of the Cisco XDR Help for information on setting up Cisco XDR integration.
Secure Client Cloud Management Integration
Secure Endpoint and Secure Client Cloud Management organizations can be linked by clicking the Connect Cisco XDR or Cisco Secure Client Cloud Management banner in the Secure Endpoint console.
If you check the Organizations page of theAdministration group on left side navigation bar before you have set up your integration modules, you will receive the error message Endpoint organizations need to be linked for Orbital to run user queries. Link endpoint organizations below. If you receive this error message, refer to the Linked Organizations section of the Organizations Page topic.