Using Orbital with Secure Malware Analytics
Secure Malware Analytics was integrated with Orbital starting with the 3.5.43 release on November 7, 2019: Orbital is now available in Secure Malware Analytics for Secure Endpoint users. With this integration, if a sample is submitted to Secure Malware Analytics that contains any behavioral indicators which include Orbital queries, you will be able to pivot from Secure Malware Analytics directly into Orbital, which will open pre-populated with that query.
Orbital information and pivot links are available within Secure Malware Analytics in the quick views in the several locations:
- The Samples manager page - In the results dropdown views
- The Sample Analysis Report - The Behavioral Indicators section contains a toggle to only display indicators with Orbital queries, and an Orbital Queries column is added with the Orbital Queries links that will pivot directly into Orbital. The behavioral indicators detailed dropdown view also contain an Orbital Query pivot link under Actions.
- The Indicators page
- Individual Behavioral Indicator pages
Using Orbital with Cisco’s XDR or SecureX
Cisco’s XDR or SecureX was integrated with Orbital starting with the 1.40 release on Jan 22, 2020.
In the integration with Cisco’s XDR or SecureX, Orbital is a reference module which can enrich information presented in the relations graph by pivoting into Orbital to query and gather additional intelligence about your host, IPv4, IPv6, MAC, and OS.
Note: Orbital is procured as part of the Secure Endpoint Advantage Licensing and is supported in North America and European Union.
Linkable Cisco XDR or SecureX Integration Modules
In order for Orbital to run queries against endpoints, it has to know which endpoints are available to it. It does this by linking to the appropriate Cisco XDR or SecureX integration module or modules. Cisco XDR or SecureX integration modules are set up on your Integrations page of your Cisco XDR account or the Integration Modules page of your SecureX account, whichever service you use. Refer to the Configuring Integration Modules page of the Cisco XDR Help or SecureX Help system for information on setting up the Cisco XDR or SecureX integration modules.
It is very important to understand that Orbital can use only one type of Cisco XDR or SecureX integration module, Secure Endpoint modules. A Secure Endpoint module defines the endpoints that are used by your organization. For example, you can have an integration module called Orbital, or one called AMP for Endpoints. Both of these will work with Orbital. Other integration modules, such as Umbrella are not Secure Endpoint integration modules and cannot be used by Orbital. In order to use Orbital, you must have Secure Endpoint integration modules to define your organization’s endpoints or Orbital will have no endpoints to query, and therefore, any queries you run will fail.
If you check the Organizations tab of your Settings page before you have set up your integration modules, you will receive the error message
Endpoint organizations need to be linked for Orbital to run user queries. Link endpoint organizations below. If you receive this error message, refer to the Linking Organizations section of the Orbital Settings Organizations Tab topic.
Return to Table of Contents