Obsidian

Obsidian is the cloud detection and response solution that delivers unified visibility of users, privileges and activity in SaaS, allowing you to detect and investigate breaches, uncover insider threats, and secure SaaS apps without affecting productivity

Integration with LogicHub

Connecting with Obsidian

To connect to Obsidian following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • API Key: The API Key to connect to the Obsidian.

Actions with Obsidian

Get Events

Retrieves the list of events/activities based on filter criteria.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Start Time (Optional): Column name from the parent table to lookup value for start time (Default is Batch start time). Example: 2020-07-03T12:42:00Z .
  • End Time (Optional): Column name from the parent table to lookup value for end time (Default is Batch end time). Example: 2020-07-10T20:42:31Z .
  • Jinja Template for Query (Optional): Jinja-templated query containing the query. Example: {{column1}} {{column2}} .
  • Jinja Template Services (Optional): Jinja-templated query containing comma-separated service ids (Default is all services, Service id of Google is GOOGLE). Example: {{column1}}, {{column2}}.
  • Jinja Template for Event Type (Optional): Jinja-templated query containing the obsidian event type (Default is all event types). Example: {{column1}}, {{column2}} .
  • Status (Optional): Select a value for status to lookup (Default is all status).
  • Jinja Template for Service Event Type (Optional): Jinja-templated query containing the service event type (Default is all service event types). Example: {{column1}}, {{column2}} .
  • Jinja Template for Tenant ID (Optional): Jinja-templated query containing the tenant id (Default is all tenant id). Example: {{column1}}, {{column2}} .
  • Limit (Optional): Limit of rows to be returned (default is 500).

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: List of events/activities.

Get Alerts

Retrieves the list of alerts based on filter criteria.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Start Time (Optional): Column name from the parent table to lookup value for start time (Default is Batch start time). Example: 2020-07-03T12:42:00Z) .
  • End Time (Optional): Column name from the parent table to lookup value for end time (Default is Batch end time). Example: 2020-07-10T20:42:31Z .
  • Min Alert ID (Optional): Column name from the parent table to lookup value for minimum alert id (Default is all records). Records with the greater or equal value of id will be present in the result.
  • Max Alert ID (Optional): Column name from the parent table to lookup value for maximum alert id(Default is all records). Records with the lesser or equal value of id will be present in the result.
  • Status (Optional): Select a value for status to lookup (Default is all status).
  • Jinja Template for Query (Optional): Jinja-templated query containing the query. Example: {{column1}} {{column2}} .
  • Jinja Template Services (Optional): Jinja-templated query containing comma separated service ids (Default is all services, Service id of Google is GOOGLE). Example: {{column1}}, {{column2}}.
  • Severity (Optional): Select a value for severity to lookup (Default is all severity).
  • Jinja Template for Intelligence Names (Optional): Jinja-templated query containing the comma separated intelligence names. Example: {{column1}}, {{column2}} .
  • Jinja Template for Alert IDs (Optional): Jinja-templated query containing the comma separated alert ids. Example: {{column1}}, {{column2}} .
  • Jinja Template for Actor IDs (Optional): Jinja-templated query containing the comma separated actor ids. Example: {{column1}}, {{column2}} .
  • Jinja Template for Target IDs (Optional): Jinja-templated query containing the comma separated target ids. Example: {{column1}}, {{column2}} .

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: List of alerts.

Alert - Update Status

Update alert status.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Alert ID: Column name from the parent table to lookup value for alert id for the update.
  • Alert Status: Select a value for alert status.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure message.

Alert - Add Comment

Update alert status.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Alert ID: Column name from the parent table to lookup value for the alert ID.
  • Jinja Template for Alert Comments: Jinja-templated query containing the comments. Example: {{column1}} {{column2}}.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure message.

Get Alert Details by ID

Get the alert detailed information.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Alert ID: Column name from the parent table to lookup value for the alert ID.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Alert details.

Get Organization Context

Get the organization context-related information.

Inputs to this Action:

  • Connection: Choose a connection that you have created.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Organization context details.

Get User Details

Get the user detailed information. Action will pull the last 30 days of activity data for users.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Actor ID: Column name from the parent table to lookup value for actor ID.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: User details.

Did this page help you?