Obsidian

Version: 2.0.0

Obsidian is the cloud detection and response solution that delivers unified visibility of users, privileges and activity in SaaS, allowing you to detect and investigate breaches, uncover insider threats, and secure SaaS apps without affecting productivity.

Connect Obsidian with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Obsidian.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • API Key: The API Key to connect to the Obsidian.
  4. After you've entered all the details, click Connect.

Actions for Obsidian

Get Events

Retrieves the list of events/activities based on filter criteria.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Start TimeColumn name from the parent table to lookup value for start time (Default is Batch start time). Example: 2020-07-03T12:42:00ZOptional
End TimeColumn name from the parent table to lookup value for end time (Default is Batch end time). Example: 2020-07-10T20:42:31ZOptional
Jinja Template for QueryJinja-templated query containing the query. Example: {{column1}} {{column2}}Optional
Jinja Template for ServicesJinja-templated query containing comma-separated service ids (Default is all services, Service id of Google is GOOGLE). Example: {{column1}}, {{column2}}Optional
Jinja Template for Event TypeJinja-templated query containing the obsidian event type (Default is all event types). Example: {{column1}}, {{column2}}Optional
StatusSelect a value for status to lookup (Default is all status).Optional
Jinja Template for Service Event TypeJinja-templated query containing the service event type (Default is all service event types). Example: {{column1}}, {{column2}}Optional
Jinja Template for Tenant IDJinja-templated query containing the tenant id (Default is all tenant id). Example: {{column1}}, {{column2}}Optional
LimitLimit of rows to be returned (default is 500).Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: List of events/activities.
1662

Get Alerts

Retrieves the list of alerts based on filter criteria.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Start TimeColumn name from the parent table to lookup value for start time (Default is Batch start time). Example: 2020-07-03T12:42:00Z)Optional
End TimeColumn name from the parent table to lookup value for end time (Default is Batch end time). Example: 2020-07-10T20:42:31ZOptional
Min Alert IDColumn name from the parent table to lookup value for minimum alert id (Default is all records). Records with the greater or equal value of id will be present in the result.Optional
Max Alert IDColumn name from the parent table to lookup value for maximum alert id(Default is all records). Records with the lesser or equal value of id will be present in the result.Optional
StatusSelect a value for status to lookup (Default is all status).Optional
Jinja Template for QueryJinja-templated query containing the query. Example: {{column1}} {{column2}}Optional
SeveritySelect a value for severity to lookup (Default is all severity).Optional
Jinja Template for Intelligence NamesJinja-templated query containing the comma separated intelligence names. Example: {{column1}}, {{column2}}Optional
Jinja Template for Alert IDsJinja-templated query containing the comma separated alert ids. Example: {{column1}}, {{column2}}Optional
Jinja Template for Actor IDsJinja-templated query containing the comma separated actor ids. Example: {{column1}}, {{column2}}Optional
Jinja Template for Target IDsJinja-templated query containing the comma separated target ids. Example: {{column1}}, {{column2}}Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: List of alerts.
1442

Alert - Update Status

Update alert status.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Alert IDColumn name from the parent table to lookup value for alert id for the update.Required
Alert StatusSelect a value for alert status.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure message.
1974

Alert - Add Comment

Update alert status.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Alert IDColumn name from the parent table to lookup value for the alert ID.Required
Jinja Template for Alert CommentsJinja-templated query containing the comments. Example: {{column1}} {{column2}}.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure message.

Get Alert Details by ID

Get the alert detailed information.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Alert IDColumn name from the parent table to lookup value for the alert ID.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Alert details.
1716

Get Organization Context

Get the organization context-related information.

Input Field

Choose a connection that you have previously created to complete the connection.

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Organization context details.

Get User Details

Get the user detailed information. Action will pull the last 30 days of activity data for users.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Actor IDColumn name from the parent table to lookup value for actor ID.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: User details.
1518

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem

© Devo Technology Inc. All Rights Reserved.