Frequently Asked Questions
1: What is Orbital?
Orbital is a Cisco service that provides access to osquery on Secure Endpoint-enabled devices. Orbital can be used by Cisco products to query endpoints and by Cisco customers to use osquery wherever they have Secure Endpoint installed.
2. How long is my data retained?
Endpoints will be visible on the Endpoints page for 90 days since they were last seen. Endpoints that reconnect after the 90 day period has passed may receive a new Orbital endpoint identifier, but will otherwise function normally and appear on the Endpoints page again.
Result content is retained for up to 48 hours, including:
- osquery result data
Result metadata is retained for 90 days, including:
- Result row count
- Result creation time
- Endpoint that produced the result
Query metadata is retained for six (6) months and includes:
- Query SQL statements
- Query creator
- Query creation timestamp
In order to retrieve and store query results for a longer period of time Orbital offers result collection within this 48 hour window via the Results API endpoint, downloading results in JSON format from the Orbital UI Results page as well as the ability to configure a Remote Data Store that Orbital can deliver results to.