Orbital Scripts

Script is a companion to Orbital’s Query feature. Query allows you to search out malicious attacks and possible use of your networked assets. Script provides the ability to counteract any threats found using Query.

Script accomplishes this by providing you with the means to either create a Python script or select one from the Catalog, send it to one or more endpoints, execute the script on the endpoint or endpoints, and receive the results of the script’s execution. Additionally, it is possible that scripts can return information that osquery does not report which further extends Orbital’s Query feature.

For more information on Orbital’s use of Python, refer to the Python section in the Orbital Nodes topic. There are some important points you should be aware of while using Orbital’s Script. Some of these points of note are:

Some endpoint tasks that you can perform with Script are:

Turning Off Script

If you decide to turn off Orbital’s Script feature, certain Orbital functions will be stopped. The functions that will stop or change are:

Orbital allows you to link a script to an existing query. Like queries, linking a script to an existing query will allow the script to use the endpoint list from the query linked to. This means that the linked script will only act on those endpoints that the query identifies as meeting its criteria.

Important Note: Scripts can only be linked to an existing query. They cannot be linked to another script nor can queries be linked to existing scripts. Additionally, the Link Query command will only be listed in action menus, located on the Results page, that are associated with queries. It will not be listed in the action menus for existing scripts.

Linking scripts to queries follows the same process as linking queries to other queries. As such, you can follow the instructions laid out in the Using Linked Queries topic; however, instead of linking from a query to a query, your action will be to link from a script to an existing query.

More Info

Return to Table of Contents