Incident Response

Respond Faster with Consolidated Visibility
Incident response teams are under the gun to investigate, identify the root cause and assess impact quickly and with minimal impact to production. Obsidian enables rapid cloud incident response by collecting, normalizing, and storing large volumes of state and activity data from SaaS applications. The platform connects users, access, and privileges to activity, and enriches the data with threat intelligence and context. Filter and search through the data to understand root cause and scope. Export rich cloud telemetry for evidence, reporting, and recovery.

Consolidated Activity Timeline for Incident Response
Get efficient with your IR efforts by using consolidated data about users, privileges and activity. Obsidian ties users, access and privileges with activity, and enriches this with location, event type, ISPs, and devices.

Searching for activity by IP
Search for known bad IPs and IP addresses of interest to find other activities associated with that address.

Searching for activity by user or document
Search for all activities tied to a specific user or performed on a document or asset of interest.

Export for Evidence and Reporting
Easily export data from the Obsidian platform for evidence collection and reporting after the investigation is completed. Obsidian stores the original events in JSON format that it collects from the cloud services.