Detect and Remediate Breaches and Threats

Threat defense  is predicated on having continuous, consolidated visibility of access, privilege, and activity across SaaS applications. You cannot secure what you cannot see. Obsidian enables you to quickly detect and investigate cloud breaches, account compromise, and suspicious activity across SaaS environments. You get high-signal alerts around breaches informed by posture, behavioral analysis and machine learning. Obsidian detects indicators of anomalous logins, SaaS persistence, data exfiltration, lateral movement, OAuth token abuse, and other threats.

  • Compromise detection

  • Rogue application discovery

  • Threat hunting

Built-in Alerts for Malicious Techniques/TTPs

Get alerts on a wide range of threats out of the box without any required configuration. Are employees downloading an unusual amount of data from Salesforce? Logging in using a Tor browser? Are you seeing an alarming number of unsuccessful logins on a particular account? How about logins from an unfamiliar geo? Obsidian alerts cover well known malicious posturing and attempted attacks, and are sorted by severity level.

Location Logging

Location Logging

Monitor where users are logging from. Investigate unusual logins and activity for signs of account compromise.

Consolidated Activity View for Threat Hunting

Get proactive about detecting undiscovered threats in your SaaS environment using the consolidated view of privileges and activity and context around location, event type, ISP, devices, privileges, access history, and more.

Search Interface for Hunting and Investigation

Use the powerful, highly scalable built-in search interface to find events or patterns of interest. Are files with sensitive names being shared externally? Is a data exfiltration attempt triggering API rate limits? Was a user assigned additional admin privileges? Obsidian search makes it easy for you to find such events.

Built-in Search Library

Use the library of 100+ helpful built-in searches that Obsidian provides to identify signs of trouble or to simply better understand what is happening in the applications . Built-in searches  mapped to the MITRE ATT&CK framework are created by the Obsidian security research team to help security teams get up and running quickly. They are updated on an ongoing basis as our team discovers new queries that are useful for detection and response. You can also clone the search query and customize it according to your needs.

RSAC Innovation Sandbox Finalist

Hear Obsidian co-founder and CTO Ben Johnson give a 3-minute overview of Obsidian at the RSAC 2020 Innovation Sandbox contest.