Orbital User Interface

This topic describes the main features in the Orbital user interface.

Signing Onto Orbital

Orbital’s sign-on process is handled by SecureX’s Sign-On. For more information on the sign-on process and how to use it, refer to the SecureX Sign-On Quick Start Guide.

Query

Use the Orbital Live Query page to construct and execute live, ad hoc queries on endpoints in order to gather more information from them. Orbital uses osquery, which allows you to query your devices like a database with basic SQL commands.

Live Query page

See Query for more information.

Scheduled Queries

Queries can be run on the fly as live queries, or you can create a scheduled query to save and run on a scheduled basis, with the results being sent to an application or data store of your choice.

Results

See Results for more information.

Endpoints

The Endpoints page describes nodes and their hosts. It shows which Orbital nodes are currently installed. Endpoints are Secure Endpoint computers. The AMPUID links back to the Secure Endpoint Console Computers page filtered by UUID.

Endpoints

See Endpoints for more information.

Catalog

The Orbital Query Catalog contains a rich collection of pre-defined queries that have been created by the Orbital engineering team and TRE (Threat Research for Endpoint) to help you get started with using Orbital and osquery for threat hunting.

Catalog page

See Catalog for more information.

Return to Table of Contents