Available now
Windows 10 / 11
Standard endpoint agent
Integrations
We work with what you already have.
Most small and mid-market businesses already run a handful of security and IT tools. Obsidian Ridge does not ask you to rip and replace — we connect to your existing stack, ingest the signals, and have the SOC review them. Below is a complete picture of what we plug into today.
Available nowProductized — works on day one.
ConfigurableSet up during onboarding.
Coming soonCustom integration in Complete tier.
Category
Endpoints & devices
Where the Managed EDR agent runs. Light, signed, and deployable across mixed fleets.
Available now
Windows Server 2016+
Includes Domain Controllers
Available now
macOS 12+
Apple Silicon and Intel
Available now
Linux (RHEL, Ubuntu, Debian, Amazon Linux)
Server workloads
Configurable
Microsoft Intune
Agent push via Intune policies
Configurable
JAMF Pro
Agent push for managed Macs
Configurable
Kandji
Agent push for Apple fleets
Configurable
Addigy
Agent push for Apple fleets
Category
Identity providers
Where Managed ITDR watches for the patterns that show up before account takeover.
Available now
Microsoft 365 / Entra ID
Full identity threat detection
Available now
Google Workspace
Full identity threat detection
Configurable
Okta
Log forwarding and posture monitoring
Coming soon
JumpCloud
Available in Complete tier scope
Category
Cloud platforms
Cloud workloads ingested into Managed SIEM for unified detection across your stack.
Available now
Microsoft Azure
Sentinel logs, Defender for Cloud
Available now
Amazon Web Services (AWS)
CloudTrail, GuardDuty, S3 access logs
Configurable
Google Cloud Platform (GCP)
Cloud Audit Logs, SCC findings
Configurable
Cloudflare
WAF events, Zero Trust logs
Category
Network & perimeter
Firewall, DNS, and VPN telemetry feeding Managed SIEM correlation.
Available now
Fortinet FortiGate
Syslog ingestion
Available now
Palo Alto Networks
Syslog and Cortex XDR
Configurable
SonicWall
Syslog ingestion
Configurable
Cisco Meraki
Syslog and event API
Configurable
Cisco Umbrella
DNS security telemetry
Configurable
Cloudflare WARP / Zero Trust
Activity logs
Category
Security tools you may already run
We don't ask you to rip and replace. Existing security tools become signal sources for the SOC.
Available now
Microsoft Defender for Endpoint
Coexists with our endpoint agent
Configurable
SentinelOne
Alert ingestion and correlation
Configurable
CrowdStrike Falcon
Alert ingestion and correlation
Configurable
Sophos / Sophos MDR
Alert ingestion and correlation
Category
Productivity & SaaS
Audit-relevant SaaS log sources for compliance and threat detection.
Configurable
Slack
Audit log forwarding
Configurable
GitHub
Audit log and security event ingestion
Configurable
Atlassian (Jira, Confluence)
Audit log forwarding
Coming soon
Salesforce
Available in Complete tier scope
Configurable
Box, Dropbox, OneDrive
Activity log forwarding
FAQ
Questions about integrations
What does "GA" vs "Supported" vs "Roadmap" mean?
GA (generally available) means the integration is fully productized and works out of the box on the relevant tier. Supported means we can connect it during onboarding with light configuration work. Roadmap means we can scope it as a custom integration in the Complete tier — typically a one-time setup fee.
I don't see a tool I use. Can you still ingest it?
Probably yes. The Managed SIEM in the Complete tier accepts standard log formats (Syslog, JSON, Webhook, S3 bucket forwarding). If your tool has any kind of log export, we can usually wire it in. Tell us during the briefing.
Do you need admin access to all of these tools?
We need read-only or scoped admin access to ingest logs and see alerts. For most tools, that means a service account with audit-log read permissions — not a global admin. We document exactly what's needed before deployment.
Will adding integrations slow down our existing tools?
No. Most integrations are log-forwarding (one-way), not in-line traffic inspection. The endpoint agent itself is light — under 50 MB of memory, no kernel hooks, signed by Microsoft.
Don't see your tool?
Most things connect. Tell us what you run.
The Managed SIEM in the Complete tier accepts standard log formats (Syslog, JSON, Webhook, S3 forwarding). If your tool can export logs, we can usually ingest them.