4 minutes

Obsidian + CrowdStrike: Detection and Response Across Cloud and Endpoints

Last week, CrowdStrike and Obsidian announced our partnership and technology integration for delivering seamless visibility and protection across software-as-a-service (SaaS) applications and endpoint devices. This partnership brings together the industry’s first cloud detection and response (CDR) solution from Obsidian with the leading endpoint detection and response (EDR) solution from CrowdStrike. We are thrilled to be working with CrowdStrike to make the Obsidian CDR solution available as a third-party application in the CrowdStrike® Store.

Simple Workflow to Create a Connection to CrowdStrike from the Obsidian Console

Bridging Visibility Silos Between Endpoint And Cloud

Rapid cloud adoption and an increasingly mobile workforce have driven digital transformation over the past decade. Organizations are able to move faster and focus on their core missions. Business users can now access cloud services directly on their mobile devices and laptops at any time from anywhere in the world. While this is empowering, this also means that security teams cannot rely on traditional network monitoring to understand what is happening and to detect and respond to threats.

CrowdStrike EDR gives security teams the telemetry, contextual visibility and automated detection capabilities they need to protect endpoints. With CrowdStrike, security teams can investigate and respond to incidents on their users’ endpoints quickly. This gives them a leg up in the fight against the latest threats. Obsidian has built the industry’s first CDR solution to deliver enterprise security for SaaS. Just as EDR addresses the need for ongoing visibility and protection in endpoints, CDR provides single-pane visibility and protection across SaaS applications.

While each solution is powerful in itself, the power is amplified by bringing together EDR and CDR to provide a consolidated end-to-end view of a user’s activity across endpoints and SaaS. You get closed-loop visibility that covers both ends of the path between the user and the cloud.

What You Get with CDR + EDR

The integration between Obsidian CDR and the CrowdStrike Falcon® platform delivers seamless visibility and end-to-end protection across both SaaS applications and endpoint devices. This provides security teams with consolidated data about user access, privileges and activity across SaaS applications and with telemetry from endpoints. They can monitor devices and cloud accounts belonging to a user, along with activity associated with the user across the distributed landscape. They can use this data to monitor for inappropriate or suspicious behavior, detect risks and threats, and quickly respond to incidents.

Ben Johnson, Obsidian co-founder and CTO, provides a quick demo of the integrated solution in this video:

By combining Obsidian’s SaaS activity data with endpoint telemetry from CrowdStrike Falcon, security teams can answer questions like:

  • “This user’s laptop had malware — are her SaaS accounts compromised?”
  • “I’m looking at this user’s SaaS accounts during an investigation — what devices does he have?”
  • “We see strange logins from a new country for this user — where are the devices for this user?”

How It Works

  • Obsidian uses the CrowdStrike API to aggregate endpoint telemetry data into the Obsidian SaaS platform.
  • It presents essential CrowdStrike events and alerts alongside Obsidian’s aggregated view of events and alerts across SaaS in a single pane of glass.
  • This consolidated view speeds incident investigation and response with pre-populated contextual views and the ability to search and filter user activity across endpoints and SaaS.
  • It enhances the accuracy of detections in the Obsidian solution by overlaying contextual data about user locations and device status with SaaS activity.
Endpoint telemetry from CrowdStrike is ingested into Obsidian and presented alongside SaaS activity data.


Consolidated, continuous visibility is the backbone of detection and response. Security teams need visibility into what users have access to and what they are doing in the cloud as well as on endpoints, both sanctioned and unsanctioned. Obsidian and CrowdStrike have partnered to enable their customers to quickly discover and investigate suspicious behavior, privilege misuse, data breaches and compromise incidents with contextual analysis that spans users’ devices and cloud accounts. To learn more about our joint solution, visit our CrowdStrike partnership page. CrowdStrike customers can get started with a free trial in the CrowdStrike Store. Obsidian customers can simply select CrowdStrike in the Create Connections view to begin.