106 lines
5.6 KiB
Org Mode
106 lines
5.6 KiB
Org Mode
:PROPERTIES:
|
||
:ID: 26867184-57cf-472d-b5db-d6349665184e
|
||
:END:
|
||
#+title: Secure Client And Orbital SX EOL
|
||
#+Author: Yann Esposito
|
||
#+Date: [2024-06-26]
|
||
|
||
- tags ::
|
||
- source ::
|
||
|
||
* Orbital Modules Types
|
||
|
||
- NAM: ~b7f21c6b-701a-4b45-8a3d-449001844efe~
|
||
- EU: ~2c55baf0-5fa4-4ffc-a263-954920ddd8c6~
|
||
- APJC: ~9b801b44-310d-432a-8668-8611c74415e9~
|
||
- TEST: ~59bbd2bb-b2e9-4fa0-935d-61eafc663a07~
|
||
- INT: ~59bbd2bb-b2e9-4fa0-935d-61eafc663a07~
|
||
|
||
|
||
#+BEGIN_SRC js
|
||
{
|
||
"description": "Orbital is an advanced capability in Cisco Secure Endpoint that is designed to make security investigation and threat hunting simple by providing an implementation of powerful Osquery technology on each of your Secure Endpoint-enabled endpoints. Orbital allows you to create custom queries to look across your network for anything of interest, but also comes with over a hundred pre-canned queries, allowing you to quickly run complex queries on any or all endpoints. This capability enables you to gain deeper visibility on what happened to any endpoint at any given time by taking a snapshot of its current state. Whether you are doing an investigation as part of incident response, threat hunting, IT operations, or vulnerability and compliance, we get you the answers you need about your endpoints fast. Orbital can enrich information presented in the relations graph by pivoting into Orbital to query and gather additional intelligence about your host, IP, IP4, IP6, MAC, and OS, etc. The Orbital app is available on the ribbon and it allows you to run a live query. You can view metrics and your recent queries in the right panel.\n\nThis integration also creates a target automatically in Automation for out-of-box workflows.",
|
||
"properties": "mPBDSYPMOUhPHmeNfjsPusJFa5qSvyxqkl2bRzDMUcPgWt5NUthziK/hfaBIEnPnAqyml0m8Epl7p4+2LGwJ2ESBCKpUKjzuv0+0RG4xbIxLf+gFRiERjjFwqexQsaexmQPgWflkoMhUar4fj2Crn9M6uh1Wz95FrCt618A2CFyPZaDmsbCBuqvdwMb+SpOuy4Fb9kS7ss5D1qZDzKpDuCwmFYWVwEMFoZUht1Lz0mNEc9DykFdLQFNgdejmSO+gGJRYbTq200+y0aikGc1IIaKStHJ3BB4MOuA3Bn4MO5NqQyRIRilU3JrXrV/m9/tmls2pkDzx0om7ca6VWYhwQtYkSvmGUFZwpzFiOloq76gVVEyIdKS+FOPxD3EPCyaA",
|
||
"capabilities": [
|
||
{
|
||
"id": "health",
|
||
"description": "Healthcheck"
|
||
},
|
||
{
|
||
"id": "refer",
|
||
"description": "Reference links"
|
||
},
|
||
{
|
||
"id": "device_insights",
|
||
"description": "Device Insights"
|
||
}
|
||
],
|
||
"app_link_meta": {
|
||
"url": "https://visibility.amp.cisco.com/iroh/iroh-auth/login?redirect_after_login=https%3A%2F%2Forbital.amp.cisco.com%2Firoh%3Fnext%3DaHR0cHM6Ly9vcmJpdGFsLmFtcC5jaXNjby5jb20v",
|
||
"title": "launch"
|
||
},
|
||
"tips": "**Prerequisite:** Secure Endpoint Advantage license for North America and European Union.\n\n1. Complete the **Add Integration** form:\n \n * **Integration Name** - Leave the default name or enter a name that is meaningful to you. \n * **Integration with Device Insights** - The Devices feature consolidates your device inventory from multiple device managers into a unified view. \n By default, the check box is checked, which enables Orbital integration with the Devices feature and it allows you to view data from Orbital in Devices. \n Unchecking the check box disables Orbital integration with the Devices feature. Orbital will still integrate with the current platform, you just won’t be able to view data from Orbital in Devices.\n \n2. Click **Add** or **Save** to complete the Orbital integration configuration.",
|
||
"logo_dark": "https://brand-assets.security.cisco.com/secure-monochrome/orbital-dark.svg",
|
||
"logo": "https://brand-assets.security.cisco.com/secure-monochrome/orbital-light.svg",
|
||
"org_id": "964a8c3b-9aef-4e1d-aadf-e2754004d230",
|
||
"configuration_spec": [
|
||
{
|
||
"key": "custom_enable_device_insight",
|
||
"type": "boolean",
|
||
"label": "Integration with Device Insights",
|
||
"default_value": true
|
||
}
|
||
],
|
||
"short_description": "Cisco Orbital is a service that uses Osquery to provide you and your applications with detailed information about your hosts.",
|
||
"title": "Orbital",
|
||
"external_references": [
|
||
{
|
||
"link": "https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/amp-endpoints-faq.pdf",
|
||
"label": "FAQ"
|
||
},
|
||
{
|
||
"link": "https://orbital.amp.cisco.com/help/",
|
||
"label": "Help"
|
||
},
|
||
{
|
||
"link": "https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-orbital-advanced-search-privacy-data-sheet.pdf",
|
||
"label": "Privacy"
|
||
},
|
||
{
|
||
"class": "securex:di:asset_source",
|
||
"external_id": "securex:di:orbital"
|
||
},
|
||
{
|
||
"class": "securex:ao:target",
|
||
"external_id": "securex:ao:orbital"
|
||
}
|
||
],
|
||
"updated_at": "2024-03-27T14:30:16.763Z",
|
||
"id": "b7f21c6b-701a-4b45-8a3d-449001844efe",
|
||
"record": "relay-module.module/RelayModule+Orbital",
|
||
"user_id": "7b02b2d4-9961-4167-90ff-328df51f5b65",
|
||
"client_id": "iroh-ui",
|
||
"default_name": "Orbital",
|
||
"flags": [
|
||
"default",
|
||
"cisco",
|
||
"managed"
|
||
],
|
||
"enabled": true,
|
||
"visibility": "global",
|
||
"created_at": "2020-06-03T17:46:07.479Z"
|
||
}
|
||
#+END_SRC
|
||
|
||
|
||
* Request to create a new module-instance
|
||
|
||
#+BEGIN_SRC
|
||
POST ${IROH_API}/iroh/iroh-int/module-instance
|
||
Authorization: Bearer ${JWT}
|
||
Content-Type: application/json
|
||
|
||
{"name": "Orbital",
|
||
"module_type_id": "${MODULE_TYPE_ID}",
|
||
"settings": {"custom_enable_device_insight":true}}
|
||
#+END_SRC
|