Orbital User Interface

This topic describes the main features in the Orbital user interface.

Signing Onto Orbital

Orbital’s sign-on process is handled by SecureX’s Sign-On. For more information on the sign-on process and how to use it, refer to the SecureX Sign-On Quick Start Guide.


Use the Orbital Live Query page to construct and execute live, ad hoc queries on endpoints in order to gather more information from them. Orbital uses osquery, which allows you to query your devices like a database with basic SQL commands.

Live Query page

See Query for more information.

Scheduled Queries

Queries can be run on the fly as live queries, or you can create a scheduled query to save and run on a scheduled basis, with the results being sent to an application or data store of your choice.


See Results for more information.


The Endpoints page describes nodes and their hosts. It shows which Orbital nodes are currently installed. Endpoints are Secure Endpoint computers. The AMPUID links back to the Secure Endpoint Console Computers page filtered by UUID.


See Endpoints for more information.


The Orbital Query Catalog contains a rich collection of pre-defined queries that have been created by the Orbital engineering team and TRE (Threat Research for Endpoint) to help you get started with using Orbital and osquery for threat hunting.

Catalog page

See Catalog for more information.

Return to Table of Contents