What is Orbital?

Orbital is a cloud-based attack research and response tool. It enables gathering system and security information from the client's networked devices and responding to any threats found.

To accomplish this, Orbital allows you to query your network's devices using SQL and then use Python scripts to respond to any found threats. Orbital uses osquery to allow SQL queries to run against your organization's devices. Creating and running Orbital queries and scripts is performed on the Investigate page.

Go to the Results page to view the results for the run queries and scripts.

Orbital's Catalog provides hundreds of carefully researched and tested queries and scripts. Additionally, you can write your own SQL queries and Python scripts, which can be saved to the Catalog or discarded after a single use.

Important Points of Note

• Orbital supports the use of proxies, except SSL terminating proxies. All operating systems can be used with proxies.

• Apple Silicon is supported when running macOS 11 or newer.

• Orbital's API documentation is located on Cisco's DevNet portal at: https://developer.cisco.com/docs/orbital.

• The screen captures in these Help topics may not always reflect the latest product names or UI enhancements.

• Orbital pages support keyboard accessibility. Refer to https://www.w3.org/WAI/ARIA/apg/patterns/ page to learn about keyboard interaction web standards. For Safari: go to Settings > Advanced > Accessibility and select the Press Tab to highlight each item on a webpage checkbox.