Orbital API

Orbital API

A RESTful API to programmatically manage your Orbital Queries and Scripts


Orbital is a cloud-based, attack research and response tool. It allows security team members to gather system and security information from client network devices, and to respond to any threats found.

To accomplish this, Orbital admins query network connected endpoints using SQL, then execute Python scripts to respond to any found threats. Orbital uses osquery to enable an organization's endpoints to be queried with a SQL interface.

Orbital is currently supported on:

  • Windows 10 (1803 or later) / 11
  • Windows Server 2012 / 2012 R2 / 2016 / 2019 / 2022
  • Windows 10 IoT Enterprise
  • macOS 10.15 / 11 / 12 / 13
  • RedHat Enterprise Linux (and compatible distributions) 6.10 / 7 (7.2 or later) / 8
  • Ubuntu 18.04 / 20.04 / 22.04
  • Oracle Linux (UEK) 7 / 8
  • Debian 10 / 11
  • Amazon Linux 2

What is the Orbital API?

The Orbital API provides a RESTful programmability interface for Orbital queries & scripts, as well as for retrieving query & script output.

This enables developers to create automation or application integrations that combine the powerful security, visibility, and remediation capabilities of Orbital with their own unique customized solutions.

Orbital API operations include:

  • Scheduling a query or script to be performed one or more times
  • Retrieve the results of your queries or scripts
  • Create one or more remote data store(s) as a destination for scheduled query and script results
  • Get all remote data stores for your organization.
  • Use the catalog of queries and scripts

Top Use Cases

The Orbital API can be used to programmatically schedule queries and scripts. It also provides a simple interface to retrieve data to be gathered for reports.


Orbital is available for customers with Secure Endpoint Advantage.

Orbital offers APIs to query endpoints for detailed information. Secure Endpoint Advantage customers can deploy Orbital automatically wherever a Connector is installed. See the Secure Endpoint Console Help for the most current Connector version and other important information.

Orbital is bundled with the Secure Endpoints Connector package for both Windows and macOS. The Connector will deploy Orbital when enabled in a policy.