Obsidian

Version: 1.0.13

Obsidian is the cloud detection and response solution that delivers unified visibility of users, privileges and activity in SaaS, allowing you to detect and investigate breaches, uncover insider threats, and secure SaaS apps without affecting productivity.

Connect Obsidian with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Obsidian.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • API Key: The API Key to connect to the Obsidian.
  4. After you've entered all the details, click Connect.

Actions for Obsidian

Get Events

Retrieves the list of events/activities based on filter criteria.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Start Time

Column name from the parent table to lookup value for start time (Default is Batch start time). Example: 2020-07-03T12:42:00Z

Optional

End Time

Column name from the parent table to lookup value for end time (Default is Batch end time). Example: 2020-07-10T20:42:31Z

Optional

Jinja Template for Query

Jinja-templated query containing the query. Example: {{column1}} {{column2}}

Optional

Jinja Template for Services

Jinja-templated query containing comma-separated service ids (Default is all services, Service id of Google is GOOGLE). Example: {{column1}}, {{column2}}

Optional

Jinja Template for Event Type

Jinja-templated query containing the obsidian event type (Default is all event types). Example: {{column1}}, {{column2}}

Optional

Status

Select a value for status to lookup (Default is all status).

Optional

Jinja Template for Service Event Type

Jinja-templated query containing the service event type (Default is all service event types). Example: {{column1}}, {{column2}}

Optional

Jinja Template for Tenant ID

Jinja-templated query containing the tenant id (Default is all tenant id). Example: {{column1}}, {{column2}}

Optional

Limit

Limit of rows to be returned (default is 500).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: List of events/activities.

Get Alerts

Retrieves the list of alerts based on filter criteria.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Start Time

Column name from the parent table to lookup value for start time (Default is Batch start time). Example: 2020-07-03T12:42:00Z)

Optional

End Time

Column name from the parent table to lookup value for end time (Default is Batch end time). Example: 2020-07-10T20:42:31Z

Optional

Min Alert ID

Column name from the parent table to lookup value for minimum alert id (Default is all records). Records with the greater or equal value of id will be present in the result.

Optional

Max Alert ID

Column name from the parent table to lookup value for maximum alert id(Default is all records). Records with the lesser or equal value of id will be present in the result.

Optional

Status

Select a value for status to lookup (Default is all status).

Optional

Jinja Template for Query

Jinja-templated query containing the query. Example: {{column1}} {{column2}}

Optional

Severity

Select a value for severity to lookup (Default is all severity).

Optional

Jinja Template for Intelligence Names

Jinja-templated query containing the comma separated intelligence names. Example: {{column1}}, {{column2}}

Optional

Jinja Template for Alert IDs

Jinja-templated query containing the comma separated alert ids. Example: {{column1}}, {{column2}}

Optional

Jinja Template for Actor IDs

Jinja-templated query containing the comma separated actor ids. Example: {{column1}}, {{column2}}

Optional

Jinja Template for Target IDs

Jinja-templated query containing the comma separated target ids. Example: {{column1}}, {{column2}}

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: List of alerts.

Alert - Update Status

Update alert status.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Alert ID

Column name from the parent table to lookup value for alert id for the update.

Required

Alert Status

Select a value for alert status.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure message.

Alert - Add Comment

Update alert status.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Alert ID

Column name from the parent table to lookup value for the alert ID.

Required

Jinja Template for Alert Comments

Jinja-templated query containing the comments. Example: {{column1}} {{column2}}.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure message.

Get Alert Details by ID

Get the alert detailed information.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Alert ID

Column name from the parent table to lookup value for the alert ID.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Alert details.

Get Organization Context

Get the organization context-related information.

Input Field

Choose a connection that you have previously created to complete the connection.

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Organization context details.

Get User Details

Get the user detailed information. Action will pull the last 30 days of activity data for users.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Actor ID

Column name from the parent table to lookup value for actor ID.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: User details.

Did this page help you?