Orbital Integrations

Using Orbital with Secure Malware Analytics

Secure Malware Analytics was integrated with Orbital starting with the 3.5.43 release on November 7, 2019: Orbital is now available in Secure Malware Analytics for Secure Endpoint users. With this integration, if a sample is submitted to Secure Malware Analytics that contains any behavioral indicators which include Orbital queries, you will be able to pivot from Secure Malware Analytics directly into Orbital, which will open pre-populated with that query.

Orbital information and pivot links are available within Secure Malware Analytics in the quick views in the several locations:

Using Orbital with Cisco’s XDR or SecureX

Cisco’s XDR or SecureX was integrated with Orbital starting with the 1.40 release on Jan 22, 2020.

In the integration with Cisco’s XDR or SecureX, Orbital is a reference module which can enrich information presented in the relations graph by pivoting into Orbital to query and gather additional intelligence about your host, IPv4, IPv6, MAC, and OS.

Note: Orbital is procured as part of the Secure Endpoint Advantage Licensing and is supported in North America and European Union.

In order for Orbital to run queries against endpoints, it has to know which endpoints are available to it. It does this by linking to the appropriate Cisco XDR or SecureX integration module or modules. Cisco XDR or SecureX integration modules are set up on your Integrations page of your Cisco XDR account or the Integration Modules page of your SecureX account, whichever service you use. Refer to the Configuring Integration Modules page of the Cisco XDR Help or SecureX Help system for information on setting up the Cisco XDR or SecureX integration modules.

It is very important to understand that Orbital can use only one type of Cisco XDR or SecureX integration module, Secure Endpoint modules. A Secure Endpoint module defines the endpoints that are used by your organization. For example, you can have an integration module called Orbital, or one called AMP for Endpoints. Both of these will work with Orbital. Other integration modules, such as Umbrella are not Secure Endpoint integration modules and cannot be used by Orbital. In order to use Orbital, you must have Secure Endpoint integration modules to define your organization’s endpoints or Orbital will have no endpoints to query, and therefore, any queries you run will fail.

If you check the Organizations tab of your Settings page before you have set up your integration modules, you will receive the error message Endpoint organizations need to be linked for Orbital to run user queries. Link endpoint organizations below. If you receive this error message, refer to the Linking Organizations section of the Orbital Settings Organizations Tab topic.

Return to Table of Contents