Using Orbital with Secure Malware Analytics
Secure Malware Analytics was integrated with Orbital starting with the 3.5.43 release on November 7, 2019: Orbital is now available in Secure Malware Analytics for Secure Endpoint users. With this integration, if a sample is submitted to Secure Malware Analytics that contains any behavioral indicators which include Orbital queries, you will be able to pivot from Secure Malware Analytics directly into Orbital, which will open pre-populated with that query.
Orbital information and pivot links are available within Secure Malware Analytics in the quick views in the several locations:
- The Samples manager page - In the results dropdown views
- The Sample Analysis Report - The Behavioral Indicators section contains a toggle to only display indicators with Orbital queries, and an Orbital Queries column is added with the Orbital Queries links that will pivot directly into Orbital. The behavioral indicators detailed dropdown view also contain an Orbital Query pivot link under Actions.
- The Indicators page
- Individual Behavioral Indicator pages
Using Orbital with Threat Response
SecureX Threat Response was integrated with Orbital starting with the 1.40 release on Jan 22, 2020.
In the integration with SecureX Threat Response, Orbital is a reference module which can enrich information presented in the Threat Response relations graph by pivoting into Orbital to query and gather additional intelligence about your host, IPv4, IPv6, MAC, and OS.
Note: Orbital is procured as part of the Secure Endpoint Advantage Licensing and is supported in North America and European Union.
Linkable SecureX Integration Modules
In order for Orbital to run queries against endpoints, it has to know which endpoints are available to it. It does this by linking to the appropriate SecureX integration module or modules. SecureX integration modules are set up on your Integration Modules page of your SecureX account. Refer to the Configuring Integration Modules page of the SecureX Help system for information on setting up SecureX integration modules.
It is very important to understand that Orbital can use only one type of SecureX integration module, Secure Endpoint modules. A Secure Endpoint module defines the endpoints that are used by your organization. For example, you can have an integration module called Orbital, or one called AMP for Endpoints. Both of these will work with Orbital. Other integration modules, such as Umbrella are not Secure Endpoint integration modules and cannot be used by Orbital. In order to use Orbital, you must have Secure Endpoint integration modules to define your organization’s endpoints or Orbital will have no endpoints to query, and therefore, nothing to do.
If you have not set up your Secure Endpoint integration modules or you do not have any Secure Endpoint integration modules, and you try to run queries in Orbital, your queries will fail. If you check the Organizations tab of your Settings page, you will receive the error message
Endpoint organizations need to be linked for Orbital to run user queries. Link endpoint organizations below. If you receive this error message, click Set up modules (shown in the figure below). This will take you to your SecureX Integration Modules page where you can set up the necessary Secure Endpoints integration module or modules.
Return to Table of Contents