Orbital Overview

Orbital is a cloud-based attack research and response tool. It lets you gather system and security information from networked devices in your organization and respond to any threats found. Orbital also features native integrations with Cisco XDR and Cisco Secure Endpoint, with much of its functionality available within the consoles of those products.

 

Orbital allows you to query devices through osquery with SQL, then use Python scripts to respond to any threats. Create and run Orbital queries and scripts on the Investigate page. Go to the Results page to view the results for the run queries and scripts. The Catalog provides researched and tested queries and scripts to use. You can also write custom SQL queries and Python scripts that can be saved in the Catalog.

 

Important Points of Note

• Orbital supports the use of proxies, except SSL terminating proxies. All operating systems can be used with proxies.

• Apple Silicon is supported when running macOS 11 or newer.

• Orbital's API documentation is located on Cisco's DevNet portal at: https://developer.cisco.com/docs/orbital.

• The screen captures in these Help topics may not always reflect the latest product names or UI enhancements.

• Orbital pages support keyboard accessibility. Refer to https://www.w3.org/WAI/ARIA/apg/patterns/ page to learn about keyboard interaction web standards. For Safari: go to Settings > Advanced > Accessibility and select the Press Tab to highlight each item on a webpage checkbox.