Speed Up Investigations
Incident response teams need to move quickly to investigate, identify the root cause and assess impact with minimal impact to production. IR in SaaS applications requires consolidated access to activity data that has been enriched with geolocation, user access, and information about known bad actors.
Obsidian enables in-house IR teams and retained IR firms to quickly investigate incidents and breaches across SaaS environments without touching live application environments. The solution aggregates data about access, privileges and activity from monitored SaaS applications. This data is further enriched and presented as a searchable activity timeline.
Consolidated Activity Timeline
Get efficient with your IR efforts by using consolidated data about users, privileges and activity. Obsidian ties users, access and privileges with activity, and enriches this with location, event type, ISPs, and devices.
Monitor where users are logging from. Investigate unusual logins and activity for signs of account compromise.
Search Interface for Investigations
Use the powerful, highly scalable built-in search interface to investigate the impact of incidents. Was sensitive data exfiltrated? Was a compromised privileged account used to elevate privileges or create backdoor accounts? Obsidian search makes it easy for you to find such events.
Raw Data Inspection
Inspect and export the raw data underlying activity timeline data for analysis, evidence gathering, and reporting.
Integration with CrowdStrike EDR
Obsidian and CrowdStrike have partnered to deliver seamless visibility and protection across endpoints and SaaS applications. You can now connect your CrowdStrike Falcon Platform solution to Obsidian, so that you can view and correlate CrowdStrike endpoint events with SaaS activity directly in Obsidian.
RSAC Innovation Sandbox Finalist
Hear Obsidian co-founder and CTO Ben Johnson give a 3-minute overview of Obsidian at the RSAC 2020 Innovation Sandbox contest.