Orbital APIs

Orbital offers a simple interface for applications that lets them schedule queries and collect the results. All Orbital APIs expect and return information formatted as JSON, and require basic authentication using a client ID and secret generated by an Orbital user.

• POST /v0/oauth2/token – Exchanges your client ID and secret for an access token.
• GET /v0/ok – Confirms that credentials work and gets information about the client.
• POST /v0/query – Schedules a query to be performed one or more times, returns a job object.
• GET /v0/jobs/{jobid}/results – Retrieves the results of your queries.
• POST /v0/webhooks – Create a remote data store as a result destination for scheduled queries.
• GET /v0/webhooks – Get all remote data stores for the user’s organization.
• GET /v0/webhooks/{webhookid} – Get a specific remote data store by ID.
• GET /v0/stock – Orbital maintains a large catalog of prepared osquery queries for common problems such as threat hunting, posture assessment, host monitoring, or simply searching for entities. The user can retrieve this query catalog using the v0/stock API. When called, it will return a list of all catalog queries and associated metadata, contained in a ZIP archive.

Examples

All of our API examples use HTTPie and JQ, and the following environment variables:

• $service – Your Orbital Service Address.
• $client – Your Orbital Client ID, see Orbital API Authentication.
• $secret – Your Orbital Client Secret, see Orbital API Authentication.
• $token – Your Orbital API Access Token, see Orbital API Authentication.

Orbital Service Addresses

The following DNS names are the addresses of the Orbital service. (All APIs are available on TCP port 443 via HTTPS).

• orbital.amp.cisco.com for North American customers.
• orbital.eu.amp.cisco.com for European customers.
• orbital.apjc.amp.cisco.com for Asian and Pacific customers.

Request ID

Note: Every API calls returns a response header that can be used to troubleshoot the request.

X-Orbital-Request-Id: 0def5acd-2336-8d85-c7e6-471b7dd67519

Orbital’s Script API

Important Note: The information presented in these topics relate to the Orbital Query API. For information relating to Orbital’s Script API, refer to the documentation located at https://developer.cisco.com/docs/orbital.

Return to Table of Contents