Catalog Details

This element is a link back to the main Catalog page. Click this link to take you back to the main Catalog page.

This element lists the Orbital identification of the script or query. If the query or script is a stock query or script, this element will display the name assigned by the Threat Research for Endpoint team. If the query and script is an organizational query or script, the ID displayed will be the ID assigned by Orbital when you save the query or script.

This element allows you to designate the current query or script as a favorite query or script. Clicking the star icon so that it is filled in will designate the query or script as a favorite. If you clear the star icon will unfavorite the query or script. After you designate the query or script as a favorite, it will appear in the Favorites area, as discussed in Favorites section of the Investigation topic.

This element displays the name of the query or script being displayed on the Detailed Catalog page.

This element displays the name of person who created the query or script and the date and time the query or script was created.

This element displays the description that has been assigned to the query or script.

This element displays the ID that has been assigned to the query or script either by the Threat Research for Endpoint team or by Orbital itself. The value displayed here is the same as the value displayed in the above mentioned query or script ID beside the Catalog link.

This element displays the endpoint operating system or systems that the query or script will run against. The valid values displayed here are Windows, Linux, and macOS.

This element displays if the type of script is either a query or script. Clicking on this element will display only queries or scripts on the Catalog page, depending on the query or script currently being displayed.

This element displays the category or categories assigned to the query or script by the Threat Research for Endpoint team. This element is only displayed if the query or script is a stock query or script.

This element displays the values assigned to a script's parameters for both the parameter name and associated value. This element is only displayed for scripts.

This element will display the SQL content or Python script that comprises the query or script.

This element allows you to copy the content of the query or script to use with a new query or script in the Orbital Builder. For more information on the Builder, refer to the Orbital Builder topic.

This element allows you to use the query or script in the Orbital Builder. Clicking this element will load the query or script into the Orbital Builder for use as a custom or organizational query or script.

This element allows you to edit the query or script. For more information on editing queries and scripts, refer to the Edit Query/Script Function section of the Orbital Catalog topic. This element is only active on those queries or scripts that are custom or organizational queries or scripts.

This element allows you to delete the displayed query or script. Clicking on this element will display the Confirm Delete Query/Script dialog. This element is only active on those queries or scripts that are custom or organizational queries or scripts.