Custom Scripts

1. Define the endpoints that the script will be run against.

1. Enter the ID for one or more of your organization's endpoints in the Endpoints field. You can also click the Add Random Endpoints icon () button located under the lower-right corner of the Endpoints field to add multiple random endpoints.

2. Select the desired operating system or systems from the Add Random Endpoints dialog.

3. Click Add. The selected endpoints are added to the Endpoints field.

2. Define your script by selecting an existing script from the Orbital Catalog.

1. Click Browse Catalog

2. Type the name of the script you wish to run in the Search field. The script list will automatically adjust to only include the catalog scripts that contain the search term(s).

3. Click on the desired script name to view its detailed information.

Review the contents of the script's detailed information and decide if you wish to use the script or not.

4. When you have found the script you wish to run, click Use script.

5. Add any required parameters in the Parameters field if the script requires you to specify them.

3. Click Run Script to run the script and view the results.

Use Enter to enter the code editor and Esc to exit.

Custom Script

To send the script to the specified endpoints click Run Script. The results will be returned in the right pane.

Study the results and the Python script to learn how to edit catalog scripts and write your own Python to follow your investigation wherever it leads. You can edit the script and click Run Script again; the results will refresh.

You can configure Custom Script settings on the My Account page.

Download

The Download function allows you to download the records of all the results of the active ad hoc query. The records retrieved using Download can be either formatted in a Comma Separated Value (CSV) file or a JavaScript Object Notation (JSON) file.

To download the active ad hoc query results:

1. Click Download. This will display the file type selector, as shown in the figure below.

2. Select the file type, either JSON or CSV. This will display the Preparing download... message.

When the results file is ready to download, Orbital will display the download is ready message.

3. Click download is ready.

This will download the ad hoc query results in a ZIP file.

More Info

• Scripts

• Investigation

• The Orbital Builder

• Using Scripts

• Using Scheduled Scripts

• Connecting Scripts to Linked Queries