Orbital Endpoints
The Endpoints page lists endpoints in your organization that have an Orbital node installed.
The terms host and node are defiled as follows:
host - A host is a computer that runs an Orbital node and is monitored by the node.
node - A node is the Orbital process running on a host that talks to the Orbital service and performs work.
This page consists of:
|
Hosts Seen Time Period Dropdown |
This dropdown is used to define the number of days that Orbital will use when counting the number of endpoint hosts that were online and ready to accept queries or scripts. The values for this dropdown are Last 24 hours, Last 7 days, and Last 30 days. This dropdown will affect the number of endpoints or hosts listed in the Hosts Seen card. |
|
|
Download |
Clicking the Download icon will display the File Type Selector. Select the file format, either JSON or CSV to download the endpoint information in. |
|
|
Refreshed |
Click the Refresh button ( |
|
|
|
Refresh Time |
Lists the amount of time between the time and date that the endpoint list was last refreshed and the current time and date. For example, this component might list 7 minutes ago or an hour ago. |
|
|
Copy Refresh Time |
Copy the time of the last endpoint list refresh in the Universal Time Coordinated format. For example; 2024-04-10 18:37:15 |
|
|
Copy Unix Refresh Time Stamp |
Copy the time of the last endpoint list refresh in the UNIX time stamp format. For example; 1712774235 |
|
|
Change time preferences Link |
Opens your My Account page so you can change the default Time Options. See the Time Options interface section of the My Account Page topic. |
|
Hosts Seen |
Displays the number of hosts that are online and available to run queries and scripts. This is referred to as Hosts Seen. The number that appears on the card will depend on what the Hosts Seen Time Period dropdown set to. |
|
|
Node Version Status |
Displays the status of the Orbital nodes and their versions that are installed on your organization's endpoints. Refer to the Orbital Node Version Releases section of the What Are Orbital Nodes? topic. |
|
|
Search Endpoints |
Allows you to search through the listing of your organization's endpoint You can search for the desired endpoint by typing in the endpoint host name, the endpoint's IP address, its media access control address (MAC), its node ID, or its node Connector ID. Once you have typed in the appropriate value, you will have to select the endpoint's or endpoints' operating system. Click the Operation System Filter icon ( You will need to select one or more operating systems to search for endpoints then click Search. |
|
|
Hostname |
This column lists the host name of the endpoint. Click the access arrow ( |
|
|
Added To Orbital |
This column lists the date and time that the endpoint was added to your Orbital organization. Click Added To Orbital to display the Time Setting menu. |
|
|
Last Seen |
This column lists the date and time that the endpoint was last reported as being online and ready to accept queries and scripts. Click the Last Seen value to display the Time Setting menu. |
|
|
Active IP |
This column displays the endpoint IP address and access port that the Orbital node uses. Click the access arrow ( |
|
|
OS |
This column displays the name and version of the operating system that is running on the endpoint. Click the Copy icon ( |
|
|
MAC |
This column displays the MAC address for the endpoint network interface. Click the access arrow ( |
|
|
Connector GUID |
This column displays the ID number of the globally unique identifier for the Secure Endpoint Connector assigned to the endpoint. Click the GUID to open the ID number in Secure Endpoint. Click the access arrow ( |
|
) to refresh the endpoint list. This will update the date displayed the beside the 
) to display the 
) to investigate the endpoint through XDR (
), to copy the host name to your clipboard (
), and to access the XDR action menu (
).allowos In Endpoint Searches
The Search Endpoints function, located on the Endpoints allows the use of the allowos filter in its search string. This filter can be typed into the search field by itself or in conjunction with other search parameters. Refer to the allowos definition in the Query API topic for more information on using the allowos filter.
Include the allowos filter in a search string to return only those endpoints that are running the specified operating system or systems. The names of the specified operating systems will be displayed in the Search Endpoints field.
| Note: | Using the allowos filter will only include the specified operating systems. It cannot be used to exclude operating systems. For example, if you type allowos:linux, it will only include endpoints running the Linux operating system in the search results. Typing allowos:linux again will not remove the Linux filter from the search. |
The allowos syntax for the Search Endpoints field is:
allowos:[OS Name]
where OS Name is one of Linux, macOS, or Windows.
| Note: | If you wish to include more than one operating system in the filter, you will need to type the allowos command for each operating system you wish to include. For example, if you wish to list results from only those endpoints that are running Linux and Windows, you would first type the command allowos:linux and then type the command allowos:windows. |