Incident Investigation

July 9, 2020

SECURITY

Getting more value from your endpoint security tool #4: Querying Tips for IT Operations

Orbital Advanced Search has an entire category dedicated to Posture Assessments which contains queries to check CPU data, network host connections, operating system information, installed programs, and more.

June 19, 2020

SECURITY

Getting more value from your endpoint security tool #3: Querying Tips for Incident Investigation

Cisco Orbital Advanced Search has an entire category dedicated to Forensics, which contains queries to collect data such as installed programs on the host, types of failed login attempts, operating system attributes, and more.