Orbital
Cisco Orbital is a service that uses Osquery to provide you and your applications with detailed information about your hosts.
Orbital is an advanced capability in Cisco Secure Endpoint that is designed to make security investigation and threat hunting simple by providing an implementation of powerful Osquery technology on each of your Secure Endpoint-enabled endpoints. Orbital allows you to create custom queries to look across your network for anything of interest, but also comes with over a hundred pre-canned queries, allowing you to quickly run complex queries on any or all endpoints. This capability enables you to gain deeper visibility on what happened to any endpoint at any given time by taking a snapshot of its current state. Whether you are doing an investigation as part of incident response, threat hunting, IT operations, or vulnerability and compliance, we get you the answers you need about your endpoints fast. Orbital can enrich information presented in the relations graph by pivoting into Orbital to query and gather additional intelligence about your host, IP, IP4, IP6, MAC, and OS, etc. The Orbital app is available on the ribbon and it allows you to run a live query. You can view metrics and your recent queries in the right panel.
This integration also creates a target automatically in Automation for out-of-box workflows.
These are workflows that you can install in Cisco XDR automation and use with this integration. These are different from built-in workflows which are built into Cisco XDR by default for all customers.
These actions can be used in Cisco XDR automation to build workflows for this product. Workflows can help you automate how you investigate, respond to incidents, and more.