Orbital App

Cisco Orbital is a cloud-based, attack research and response tool. It allows users to gather system and security information from the client's networked devices and to respond to any threats found.

The Orbital app is available in ribbon and it allows you to query your network's devices, using SQL, and then use Python scripts to respond to any found threats. Orbital uses osquery to allow SQL queries to run against your organization's endpoints. You can view your recent queries in the right panel. For example, if My Results is selected, only queries created by the currently logged in user are displayed.

Orbital App

You can hover over the (Information) icon next to My Results in the right panel to view more information on the Get endpoints button and the recent query metric data in a tooltip.