Remote Data Stores

The results from scheduled queries can be sent to a location known as a remote data store which comes from either a list of webhooks that have been configured by your organization, or a definition provided when creating the scheduled query in the API. All of the current remote data stores are listed on the Remote Data Stores tab of your Settings page.

Under the Hood

Orbital integrates natively with Amazon S3™, Azure™, and Splunk™. When choosing these destinations through the UI, the necessary information is collected to authenticate according to their protocols. For any custom destinations, Orbital will attempt to do the following, both upon creation to verify the existence of the data store, and when sending out result payloads:

• An HTTP POST request, and expect a 200 response code.

• Send the following header when a token is provided: Authentication: Bearer <token>.

• Validate the server certificate using well known CAs when a fingerprint is not provided, and the provided fingerprint otherwise.

Fingerprints for Remote Data Stores

Results can be sent to a remote data store over an encrypted HTTPS connection for endpoints with a valid and signed TLS certificate. For self-signed certificates the SHA-256 fingerprint of the certificate can be provided, which Orbital will use to verify the certificate presented by the remote host.

Destinations for Remote Data Stores

When setting up an Amazon S3 remote data store, here are some details to be aware of:

• If you're not sure, the default URL of s3.amazonaws.com is usually the right one to use.

• The following permissions must be granted to the user/policy whose credentials are being used:

• ListBucket(s) for at least the given bucket (used to determine if bucket exists)

• PutObject

• See Amazon S3 documentation for additional details.

When setting up a Azure remote data store, you will need to connect it to Orbital. The parameters required to connect Orbital to Azure are:

• The Azure container’s URL.

• The Azure container’s name.

• The Azure container’s SAS token.

When setting up a Splunk remote data store, here are some details to be aware of:

• The sourcetype you select should be _json.

• An example URL showing the typical input path is https://prd-p-2gzy9.splunkcloud.com:8088/services/collector.

• Users can use the search term source="orbital" to find Orbital data inside Splunk.

• See the Splunk documentation for additional details.

Regional NAT IP Addresses

The following is a list of the regional NAT IP addresses:

Region	1st IP Address	2nd IP Address	3rd IP Address
EU	52.29.47.197	52.57.222.67	52.58.172.218
NAM	34.223.219.240	35.160.108.105	52.11.13.222
APJC	52.194.143.206	52.69.138.67	54.95.9.136

 

Note:

All of the regional NAT IP addresses listed above make use of random, high port numbers.

More Info

• Result Notifications

• The Remote Data Stores Page

• Setting Up Remote Data Stores