How Do I Get Orbital?
You can only get Orbital with the purchase of products in the Cisco security portfolio.
Secure Endpoint
Orbital is available for customers with Secure Endpoint Advantage.
Orbital allows you to query endpoints for detailed information wherever you have Orbital deployed. Secure Endpoint Advantage customers can deploy Orbital automatically if your endpoints already have a Connector installed. See the Secure Endpoint Console Secure Endpoint Console Help for the most current Connector version and other important information.
Orbital is bundled with the Secure Endpoints Connector package for both Windows and macOS. The Connector will deploy Orbital when you enable it in a policy.
Enable Orbital
If your endpoints already have a Connector installed, then you can simply enable Orbital in an existing Secure Endpoint policy for your endpoints.
- Go to the Secure Endpoint Console. In Management -> Policies. The Policies page opens. Expand an Orbital policy and click the Edit button to open the Edit Policy page. Under Advanced Settings select Orbital, and verify that Orbital enabled: the Enable Orbital Advanced Search box should be checked. If not, check the box to enable Orbital.
Note: If you disable Orbital in the Policies page it will disable the service but will not uninstall it. Enabling it again will restart the service.
How to Set Up Orbital with Secure Endpoint
The Orbital endpoint agent (node) is automatically downloaded and installed when you enable Orbital in your Secure Endpoint policy. Ideally you will not have to download anything, but simply enable Orbital for your existing endpoints. If necessary you can download a Secure Endpoint Connector from the Secure Endpoint Console.
You can enable Orbital for any existing policy. For example, if you have 1000 computers in your Protect group, simply enable Orbital on that policy and it should be dropped to your 1000 computers automatically.
If you want to use Orbital on a specific group of endpoints, for example, then create a new policy and group for this purpose. See the Secure Endpoint Console Help for detailed information.
Explore the Orbital User Interface
Once Orbital is enabled, you can execute queries on an endpoint in order to gather information from it.
- Go to Management -> Computers and locate your computer. Expand the pane and click Orbital Query. (You can also access the Orbital console by going to Analysis -> Search and clicking the Search your endpoints with Orbital link.)
- The Orbital console is loaded in a new browser tab. If needed, click Log in with Cisco Security to authenticate using your existing Secure Endpoint Console credentials.
Note: You can also access Orbital directly at https://orbital.amp.cisco.com
- The Endpoints field shows the computer(s) that will be queried. You can enter a specific GUID, or enter
all
in this field to query every endpoint in your organization that has Orbital installed. If you’d like to take a random sampling of endpoints, click theto open the Add Random Endpoints dialog box.
- You can type custom
SELECT
statements in the Custom SQL field, or click Browse to browse the Query Catalog, which contains dozens of predefined queries you can add to your query. You do not need to know how to write an SQL SELECT statement to use Orbital. - Click Query. The query is run against the specified endpoints, and results are displayed in the right pane. You can edit the query and rerun. You can download the results. You can save the query as a Scheduled Query to be run on a scheduled basis that you can configure.
More Info
- Requirements - List of Orbital Requirements
- Secure Endpoint Console Help - See the Secure Endpoint Console online help for more information, including the most current Connector version.