Greetings Endpoint Security folks!
We've started something new in the Community designed to help you get up to speed with Orbital Advanced Search - we call it the "Query Corner". Our team will be posting short stories around the Orbital query catalog, and how you can use it to drive your Threat Hunts, perform IT and Compliance checks, push Incident Investigation, and more.
We look forward to hearing from you on the things we publish, discussing how to use Orbital directly as a tool to understand your managed fleet of systems, and how it enables faster response inside of AMP for Endpoints.
Since this us just an intro post, let's get you to the links:
First query corner post:
https://community.cisco.com/t5/security-documents/orbital-query-corner-why-does-malware-keep-coming-back/ta-p/4118854
If you need a quick primer on Orbital, how to enable it, and a short walk-around of the UI, check out the tutorials inside the Cisco Learning Network:
https://learningnetwork.cisco.com/s/learning-plan-detail-standard?ltui__urlRecordId=a1c3i0000007i0IAAQ<ui__urlRedirect=learning-plan-detail-standard
I look forward to chatting with you in the Endpoint Security Community board,
ELH