Orbital Integration

Cisco Orbital is an attack research and response tool that allows you to both gather system and security information from the client's networked devices and to respond to any threats found.

Orbital uses osquery to allow SQL queries and Python scripts to be run against your organization's endpoints.

To integrate Orbital with Cisco XDR:

  1. In the Cisco XDR navigation menu, choose Administration -> Integrations.

  2. Click the Cisco tab and scroll to the Orbital integration tile.

  3. Click Get Started in the lower-right corner of the tile. The Orbital integration page is displayed.

  4. Expand the Integration Guide section and follow the instructions on how to add the Orbital integration in Cisco XDR.

After you have integrated Orbital with Cisco XDR, you can:

  • Investigate by searching on a known Orbital IP, observable, or asset. For more information, see Investigate.

  • Query to gather additional intelligence about your host, IPv4, IPv6, MAC, and OS.

  • Run queries and scripts against endpoints.

  • Access Orbital from the Cisco XDR Ribbon to query your network's devices using SQL and use Python scripts to respond to any found threats.  For details, see Orbital App.

  • Run Orbital queries and scripts directly from the Cisco XDR Ribbon.  For more information, see Ribbon and Orbital App.

  • View all endpoint assets using Orbital.

  • The Orbital target is automatically created for custom and out-of-box workflows.  For details, see Targets Created From Integrations.