Windows 10 / 11
Standard Huntress agent
GAIntegrations
We work with what you already have.
Most small and mid-market businesses already run a handful of security and IT tools. Obsidian Ridge does not ask you to rip and replace — we connect to your existing stack, ingest the signals, and have the SOC review them. Below is a complete picture of what we plug into today.
Endpoints & devices
Endpoints & devices
Where the Managed EDR agent runs. Light, signed, and deployable across mixed fleets.
Windows Server 2016+
Includes Domain Controllers
GAmacOS 12+
Apple Silicon and Intel
GALinux (RHEL, Ubuntu, Debian, Amazon Linux)
Server workloads
GAMicrosoft Intune
Agent push via Intune policies
SupportedJAMF Pro
Agent push for managed Macs
SupportedKandji
Agent push for Apple fleets
SupportedAddigy
Agent push for Apple fleets
SupportedIdentity providers
Identity providers
Where Managed ITDR watches for the patterns that show up before account takeover.
Microsoft 365 / Entra ID
Full identity threat detection
GAGoogle Workspace
Full identity threat detection
GAOkta
Log forwarding and posture monitoring
SupportedJumpCloud
Available in Complete tier scope
RoadmapCloud platforms
Cloud platforms
Cloud workloads ingested into Managed SIEM for unified detection across your stack.
Microsoft Azure
Sentinel logs, Defender for Cloud
GAAmazon Web Services (AWS)
CloudTrail, GuardDuty, S3 access logs
GAGoogle Cloud Platform (GCP)
Cloud Audit Logs, SCC findings
SupportedCloudflare
WAF events, Zero Trust logs
SupportedNetwork & perimeter
Network & perimeter
Firewall, DNS, and VPN telemetry feeding Managed SIEM correlation.
Fortinet FortiGate
Syslog ingestion
GAPalo Alto Networks
Syslog and Cortex XDR
GASonicWall
Syslog ingestion
SupportedCisco Meraki
Syslog and event API
SupportedCisco Umbrella
DNS security telemetry
SupportedCloudflare WARP / Zero Trust
Activity logs
SupportedSecurity tools you may already run
Security tools you may already run
We don't ask you to rip and replace. Existing security tools become signal sources for the SOC.
Microsoft Defender for Endpoint
Coexists with Huntress agent
GASentinelOne
Alert ingestion and correlation
SupportedCrowdStrike Falcon
Alert ingestion and correlation
SupportedSophos / Sophos MDR
Alert ingestion and correlation
SupportedProductivity & SaaS
Productivity & SaaS
Audit-relevant SaaS log sources for compliance and threat detection.
Slack
Audit log forwarding
SupportedGitHub
Audit log and security event ingestion
SupportedAtlassian (Jira, Confluence)
Audit log forwarding
SupportedSalesforce
Available in Complete tier scope
RoadmapBox, Dropbox, OneDrive
Activity log forwarding
SupportedFAQ
Questions about integrations
What does "GA" vs "Supported" vs "Roadmap" mean?
GA (generally available) means the integration is fully productized and works out of the box on the relevant tier. Supported means we can connect it during onboarding with light configuration work. Roadmap means we can scope it as a custom integration in the Complete tier — typically a one-time setup fee.
I don't see a tool I use. Can you still ingest it?
Probably yes. The Managed SIEM in the Complete tier accepts standard log formats (Syslog, JSON, Webhook, S3 bucket forwarding). If your tool has any kind of log export, we can usually wire it in. Tell us during the briefing.
Do you need admin access to all of these tools?
We need read-only or scoped admin access to ingest logs and see alerts. For most tools, that means a service account with audit-log read permissions — not a global admin. We document exactly what's needed before deployment.
Will adding integrations slow down our existing tools?
No. Most integrations are log-forwarding (one-way), not in-line traffic inspection. The Huntress endpoint agent itself is light — under 50 MB of memory, no kernel hooks, signed by Microsoft.
Don't see your tool?
Most things connect. Tell us what you run.
The Managed SIEM in the Complete tier accepts standard log formats (Syslog, JSON, Webhook, S3 forwarding). If your tool can export logs, we can usually ingest them.