Incident Response

Respond Faster with Consolidated Visibility

Incident response teams are under the gun to investigate, identify the root cause and assess impact quickly and with minimal impact to production. Obsidian enables rapid cloud incident response by collecting, normalizing, and storing large volumes of state and activity data from SaaS applications. The platform connects users, access, and privileges to activity, and enriches the data with threat intelligence and context. Filter and search through the data to understand root cause and scope. Export rich cloud telemetry for evidence, reporting, and recovery.

Incident Response Activity Time Stream

Consolidated Activity Timeline for Incident Response

Get efficient with your IR efforts by using consolidated data about users, privileges and activity. Obsidian ties users, access and privileges with activity, and enriches this with location, event type, ISPs, and devices.


Search by IP Address

Searching for activity by IP

Search for known bad IPs and IP addresses of interest to find other activities associated with that address.

Search by user

Searching for activity by user or document

Search for all activities tied to a specific user or performed on a document or asset of interest.

Export Activity Details

Export for Evidence and Reporting

Easily export data from the Obsidian platform for evidence collection and reporting after the investigation is completed. Obsidian stores the original events in JSON format that it collects from the cloud services.