Orbital Release Notes 2023

Orbital releases can be:

Service Release - Maintenance, upgrades, and updates to the Orbital service or console.
Node Release - Maintenance, upgrades, and updates to the Orbital node that runs on endpoints.

Orbital Service Release 1.33, 2023-12-12

Orbital's API documentation is in the process of being moved over to Cisco's DevNet portal. The new documentation suite is located at: https://developer.cisco.com/docs/orbital.
The Orbital user interface has been modernized. The menu has been moved from the top to the left side of the screen. This update has included user interface themes and colors in line with Cisco XDR.
User notifications have been moved from the Notification tab to a notification popup that appears when the user clicks on the bell icon in the upper-right corner of the screen. The Notification tab has been removed.
The Orbital Settings page has been removed and the settings tabs (My Account, Users, Remote Data Stores, and Organization) have been moved under the Administration menu on the left side of the screen.
Users can now log out of their identity provider after they have logged out of Orbital.
Users will now be logged out after one (1) hour of inactivity.
Users that are currently subscribed to Cisco XDR will be shown the Cisco XDR ribbon instead of the SecureX ribbon.

Addressed a potential http2 vulnerability identified in the NIST Vulnerability Database issue CVE-2023-44487.

Fixed a UI crash that could occur when running queries from the My Recent History pane and the viewing results.
Fixed a UI crash that could occur when viewing the detailed results of a script.
Fixed an issue where the Script feature banner, shown in the illustration below, wouldn't display for organizations that had never turned on the feature. The script feature is available banner isn't displaying in UI for orgs who have never turned on the script feature.

Script Feature Banner

Orbital's Script feature has been released to the general public. For more information on Script, refer to:

The downloading of results and catalog items has been decentralized and the selection of the file type has been moved to the Investigate page and to the appropriate Results, Endpoints, and Catalog pages.
osquery has been updated to version 5.8.2 for all operating systems.

This release consists of minor improvements and bug fixes.

Added a new General Query Information pane to Query Result Details page. More information can be found in the [General Query Information Pane](../query-results-page/#gen_query_info) section of the Results topic.
Removed the Interval and RDS columns from the Results page.
Replaced the Show live queries toggleswitch with a filter pane on the left side of the Results and Endpoint Details pages. The filter contains filters for displaying scheduled and non-scheduled queries.

Created a new topic called Using the Catalog This splits the procedural content out of the Catalog topic.

Orbital now adheres to MITRE ATT&CK Version 12 For more information on ATT&CK Version 12, refer to the MITRE Update webpage.
Stock queries now are able to make use of MITRE ATT&CK sub-techniques. Queries that adhere to sub-techniques can be listed using the new ATT&CK Sub-Techniques filter set in the Filters pane of the Catalog page. Orbital's MITRE ATT&CK® Adherence is described in the What is MITRE ATT&CK? topic.
Created a new topic called Orbital Settings My Account Tab It can be read [here](../orbital-settings-myacc-tab).
General organization information has been moved from the My Account tab to the Organizations tab of the Settings page.

Added the ability to define a default time zone and time format specifically for the user's account. This is described in the My Account Tab topic.

Rearranged the columns on the Results page. These column changes can be viewed in the Results topic.
The Malware category has been removed from the Orbital Query Catalog The reason for this is that most malware-oriented queries are short lived, often having a lifespan of weeks.
Added the ability to edit user-defined queries that have been saved to the Query Catalog The description of this new feature can be read about [here](../catalog/#edit_query).
osquery has been updated to version 5.5.1 for all operating systems.
All catalog queries with datetime columns using format %Y-%m-%d %H:%M:%S have been updated to correctly show UTC times.
osquery logs are now included as part of Orbital node logging. Refer to the Orbital and osquery Logging section of the Orbital Troubleshooting topic for more information.

Removed the Orbital dashboard tiles in SecureX. This update is aligned with the changes in 1.26 to streamline Orbital stats.

Removed the Orbital Dashboard from the user interface, as well as the Hosts Queried by Me and Hosts Seen card Endpoints cards on the Endpoints page.
User input into Query field values will now be kept if the user moves off of the page. This is described in a note at the bottom of the SQL - Enter a Query section of the Using Orbital Queries topic and can be found [here](../using-orbital-queries/#query_retain_values).
Discussed the new feature Show Disabled Users Toggleswitch in the [The Show Disabled Users Toggleswitch](../orbital-settings-user-tab/#show_disabled_users) section of the new topic, Orbital Settings User Tab.