Using Scripts

Use the Investigate page to create and execute ad hoc scripts on identified devices to reduce threats or gather additional information on them.

Choose the Script Target

In the Endpoints field, enter the ID of one or more devices in your organization that will have the script run against them.

  1. You can add multiple devices. Click the Add random devices () icon to open the dialog.

  2. Enter the number of random devices you want to run the script against into the Number field or use the default one.

    The default value for the number field is 10. You can change it by entering a new number in the Number field or using arrows.

  3. Click Add to add the devices to the Endpoints field. To remove a device from the field, click the X icon on the device name.

Enter a Script

You can enter or paste a Python script into the Custom script field or select one from the catalog.

  1. Click Browse catalog.
    The catalog contains predefined scripts created by the Orbital engineering team and TRE (Threat Research for Endpoint) to help you get started.

    2. You can use a Search field to find the needed script.

  2. Click a script name to view detailed information.

  3. Choose a script from the list.

    The script detail dialog includes:

    • a detailed script description

    • ID

    • OS

    • Type

    • Categories

    • MITRE | ATT&CK Techniques and Tactics

    • information and warning messages

    • Script content

    Some catalog scripts will require additional parameters once they have been added. These scripts will display one or more Parameters fields describing the required information after they've been added.

  4. Click Use script.

The Python code added from the Catalog is hidden by default. To display the code, click the arrow on the catalog script name.

Any values or parameters you enter on the Investigate page fields will be retained if you move to another page or tab, then return. However, if you click Clear all or your Orbital session expires, the information will not be saved.

Save to the Catalog

To save a custom script to the Orbital catalog:

  1. Go to the Investigate page.

  2. Enter your Python code in the Custom script field.

  3. Click Save. This will display the Save script dialog.

  4. Enter the script name and its description.

  5. Select the operating systems the script will run against, using the OS checkboxes. Once you have selected at least one operating system, the Save button will be displayed.

  6. Click Save. Your custom script is listed at the bottom of the page.

More Info