Obsidian Security
Obsidian Security is a SaaS security posture management platform that integrates with your SaaS environments to provide visibility into tenants, user accounts, entities, compliance standards, rules, and security settings. You can bring account, compliance, rule violation, setting violation, and more data from Obsidian Security into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Obsidian Security and how to obtain that information from Obsidian Security. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Obsidian Security from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate Obsidian Security with Brinqa:
-
API URL: The Obsidian Security API base URL. The default URL is
https://<obsidian-server>/. -
API token: The API token for authenticating requests to the Obsidian Security API.
The connector authenticates using Bearer Token authentication. It sends the API token in the Authorization header as Bearer <apiToken> for all subsequent API requests.
Additional settings
The Obsidian Security connector contains additional options for specific configuration:
- Page size: The maximum number of records to get per API request. The default setting is 50.
- Maximum retries: The maximum number of times that the integration attempts to connect to the Obsidian Security API before giving up and reporting a failure. The default setting is 5.
- Parallelism level: The number of parallel requests for fetching details. The default setting is the minimum of 4 or the number of available CPU cores.
Types of data to retrieve
The Obsidian Security connector can retrieve the following types of data from the Obsidian Security API:
The Obsidian Security connector does not currently support operation options for the types of data it retrieves.
Table 1: Data retrieved from Obsidian Security
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Account | Yes | Cloud Resource |
| Compliance Control | Yes | Not mapped |
| Compliance Standard | Yes | Not mapped |
| Entity | Yes | Not mapped |
| Rule | Yes | Violation Definition |
| Rule Violation | Yes | Violation |
| Setting | Yes | Violation Definition |
| Setting Violation | Yes | Violation |
| Tenant | Yes | Cloud Resource |
| User | Yes | Person |
This diagram shows how Rule Violation and Setting Violation connector objects relate to their definitions and the assets they are found in.
Figure 1: Connector object relationships
For detailed steps on how to view the data retrieved from Obsidian Security in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Account
Table 2: Account attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| AccountResource.addresses[] (formatted) | ADDRESSES |
| AccountResource.aliases | ALIASES |
| AccountResource.alternativeEmails[].raw | ALTERNATIVE_EMAILS |
| AccountResource.alternativeNames | ALTERNATIVE_NAMES |
| AccountResource.alternativePhones[].raw | ALTERNATIVE_PHONES |
| AccountResource.temporalProperties.created | CREATED_TIME |
| AccountResource.temporalProperties.deleted | DELETED_TIME |
| AccountResource.email.raw | EMAILS |
| AccountResource.enabled | ENABLED |
| AccountResource.entitySubType | ENTITY_SUB_TYPE |
| AccountResource.temporalProperties.firstActive | FIRST_ACTIVE |
| AccountResource.temporalProperties.firstObserved | FIRST_OBSERVED |
| AccountResource.firstName | FIRST_NAME |
| AccountResource.id | ACCOUNT_ID |
| AccountResource.automated | IS_AUTOMATED |
| AccountResource.isAdmin | IS_ADMIN |
| AccountResource.isDeleted | IS_DELETED |
| AccountResource.isLicensed | IS_LICENSED |
| AccountResource.mfaEnabled | IS_MFA_ENABLED |
| AccountResource.isRestricted | IS_RESTRICTED |
| AccountResource.temporalProperties.lastActive | LAST_ACTIVE |
| Generated (sync capture timestamp) | LAST_CAPTURED |
| AccountResource.temporalProperties.lastModified | LAST_MODIFIED |
| AccountResource.lastName | LAST_NAME |
| AccountResource.temporalProperties.lastObserved | LAST_OBSERVED |
| AccountResource.name | NAME |
| AccountResource.nativeId | NATIVE_ID |
| AccountResource.obsidianStatus | OBSIDIAN_STATUS |
| AccountResource.phone.raw | PHONE_NUMBERS |
| AccountResource.phone.type | PHONE_TYPE |
| AccountResource.status | PROVIDER_STATUS |
| AccountResource.roles[].name | ROLES |
| AccountResource.services[].name | SERVICES |
| AccountResource.temporalProperties.created | SOURCE_CREATED_DATE |
| AccountResource.temporalProperties.lastModified | SOURCE_LAST_MODIFIED |
| AccountResource.status (normalized) | SOURCE_STATUS |
| AccountResource.tenantId | TENANT_ID |
| AccountResource.temporalProperties.terminated | TERMINATION_DATE |
| AccountResource.name + tenantId (or nativeId + tenantId) | UID |
| AccountResource.user.id | USER_ID |
| AccountResource.userGroups | USER_GROUPS |
| AccountResource.username | USERNAME |
Compliance Control
Table 3: Compliance Control attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| ComplianceControlResource.id | CONTROL_ID |
| ComplianceControlResource.description | DESCRIPTION |
| ComplianceControlResource.identifier | IDENTIFIER |
| Generated (sync capture timestamp) | LAST_CAPTURED |
| ComplianceControlResource.link | LINK |
| ComplianceControlResource.name | NAME |
| ComplianceControlResource.standardId | STANDARD_ID |
| ComplianceControlResource.id | UID |
Compliance Standard
Table 4: Compliance Standard attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| ComplianceStandardResource.description | DESCRIPTION |
| ComplianceStandardResource.isCustom | IS_CUSTOM |
| ComplianceStandardResource.isNormalized | IS_NORMALIZED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
| ComplianceStandardResource.link | LINK |
| ComplianceStandardResource.name | NAME |
| ComplianceStandardResource.orgId | ORG_ID |
| ComplianceStandardResource.publisher | PUBLISHER |
| ComplianceStandardResource.id | STANDARD_ID |
| ComplianceStandardResource.id | UID |
| ComplianceStandardResource.version | VERSION |
Entity
Table 5: Entity attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| EntityResource.temporalProperties.created | CREATED_TIME |
| EntityResource.id | ENTITY_ID |
| EntityResource.entitySubType | ENTITY_SUB_TYPE |
| EntityResource.isDeleted | IS_DELETED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
| EntityResource.temporalProperties.lastModified | LAST_MODIFIED |
| EntityResource.name | NAME |
| EntityResource.nativeId | NATIVE_ID |
| EntityResource.rawRefs | RAW_REFS |
| EntityResource.services[].name | SERVICES |
| EntityResource.temporalProperties.created | SOURCE_CREATED_DATE |
| EntityResource.temporalProperties.lastModified | SOURCE_LAST_MODIFIED |
| EntityResource.tenantId | TENANT_ID |
| nativeId or name + tenantId | UID |
| EntityResource.userGroups | USER_GROUPS |
Rule
Table 6: Rule attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| RuleResource.analyticId | ANALYTIC_ID |
| RuleResource.benchmark | BENCHMARK |
| RuleResource.controlIds | CONTROL_IDS |
| RuleResource.createdAt | CREATED |
| RuleResource.description | DESCRIPTION |
| RuleResource.descriptionShort | DESCRIPTION_SHORT |
| Generated (sync capture timestamp) | LAST_CAPTURED |
| RuleResource.updatedAt | LAST_UPDATED |
| RuleResource.name | NAME |
| RuleResource.obsidianRule | OBSIDIAN_RULE |
| RuleResource.remediationInstructions | RECOMMENDATION |
| RuleResource.remediationInstructions | REMEDIATION_INSTRUCTIONS |
| RuleResource.riskLevel | RISK_LEVEL |
| RuleResource.id | RULE_ID |
| RuleResource.type | RULE_TYPE |
| RuleResource.riskLevel (normalized) | SEVERITY |
| RuleResource.riskLevel (scored) | SEVERITY_SCORE |
| RuleResource.createdAt | SOURCE_CREATED_DATE |
| RuleResource.updatedAt | SOURCE_LAST_MODIFIED |
| RuleResource.riskLevel | SOURCE_SEVERITY |
| RuleResource.standardIds | STANDARD_IDS |
| RuleResource.id | UID |
| RuleResource.violations | VIOLATIONS |
Rule Violation
Table 7: Rule Violation attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| RuleResource.type | CATEGORIES |
| RuleResource.exceptionsCount.active | EXCEPTIONS_COUNT_ACTIVE |
| RuleResource.exceptionsCount.inactive | EXCEPTIONS_COUNT_INACTIVE |
| RuleViolationResource.obsecFirstSeen | FIRST_SEEN |
| Generated (sync capture timestamp) | LAST_CAPTURED |
| RuleViolationResource.obsecLastRemediated | LAST_REMEDIATED |
| RuleViolationResource.obsecLastSeen | LAST_SEEN |
| RuleViolationResource.violationId | NAME |
| RuleViolationResource.obsecFirstSeen | OBSEC_FIRST_SEEN |
| RuleViolationResource.obsecLastRemediated | OBSEC_LAST_REMEDIATED |
| RuleViolationResource.obsecLastSeen | OBSEC_LAST_SEEN |
| RuleResource.platformId | PLATFORM_ID |
| RuleResource.productIds | PRODUCT_IDS |
| RuleResource.state | PROVIDER_STATUS |
| RuleResource.releaseLabel | RELEASE_LABEL |
| RuleViolationResource (raw JSON) | RESULTS |
| RuleResource.riskAccepted | RISK_ACCEPTED |
| RuleResource.securityDomain | SECURITY_DOMAIN |
| Normalized state/riskAccepted | SOURCE_STATUS |
| RuleResource.state | STATE |
| RuleResource.tags | TAGS |
| RuleViolationResource.accountId | TARGETS |
| RuleViolationResource.appName + tenantId | TARGETS |
| RuleViolationResource.clientId | TARGETS |
| RuleViolationResource.id + tenantId (Resource ID) | TARGETS |
| RuleViolationResource.name + tenantId | TARGETS |
| RuleViolationResource.orgName + tenantId | TARGETS |
| RuleViolationResource.policyName + tenantId | TARGETS |
| RuleViolationResource.repositoryName + tenantId | TARGETS |
| RuleViolationResource.tokenId | TARGETS |
| RuleViolationResource.userName + tenantId | TARGETS |
| RuleResource.tenantUuid | TARGETS |
| RuleViolationResource.tenantId | TENANT_ID |
| RuleResource.tenantUuid | TENANT_UUID |
| RuleResource.id | TYPE |
| RuleViolationResource.violationId | UID |
Setting
Table 8: Setting attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| SettingResource.controlIds | CONTROL_IDS |
| SettingResource.description | DESCRIPTION |
| Generated (sync capture timestamp) | LAST_CAPTURED |
| SettingResource.name | NAME |
| SettingResource.description | RECOMMENDATION |
| SettingResource.riskLevel | RISK_LEVEL |
| SettingResource.riskLevel (normalized) | SEVERITY |
| SettingResource.riskLevel (scored) | SEVERITY_SCORE |
| SettingResource.riskLevel | SOURCE_SEVERITY |
| SettingResource.standardIds | STANDARD_IDS |
| SettingResource.id | UID |
Setting Violation
Table 9: Setting Violation attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| SettingResource.canSetValue | CAN_SET_VALUE |
| SettingResource.platformCategory | CATEGORIES |
| SettingResource.dataType | DATA_TYPE |
| SettingResource.isActivityBased | IS_ACTIVITY_BASED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
| SettingResource.lastScanned | LAST_SCANNED |
| SettingResource.lastStateChange | LAST_SEEN |
| SettingResource.lastStateChange | LAST_STATE_CHANGE |
| SettingResource.location | LOCATION |
| SettingResource.uniqueId | NAME |
| SettingResource.operation | OPERATION |
| SettingResource.options | OPTIONS |
| SettingResource.orgId | ORG_ID |
| SettingResource.platformId | PLATFORM_ID |
| SettingResource.platformCategory | PLATFORM_CATEGORY |
| SettingResource.platformSettingId | PLATFORM_SETTING_ID |
| SettingResource.productIds | PRODUCT_IDS |
| SettingResource.state | PROVIDER_STATUS |
| SettingResource.releaseLabel | RELEASE_LABEL |
| SettingResource.riskAccepted | RISK_ACCEPTED |
| SettingResource.securityDomain | SECURITY_DOMAIN |
| SettingResource.target | SETTING_TARGET |
| normalizeFindingStatus(status) | SOURCE_STATUS |
| SettingResource.state | STATE |
| SettingResource.tags | TAGS |
| SettingResource.tenantUuid | TARGETS |
| SettingResource.tenantId | TENANT_ID |
| SettingResource.tenantUuid | TENANT_UUID |
| SettingResource.id | TYPE |
| SettingResource.uniqueId | UID |
| SettingResource.uniqueId | UNIQUE_ID |
| SettingResource.units | UNITS |
| SettingResource.value | VALUE |
Tenant
Table 10: Tenant attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| TenantResource.idpCapable | IDP_CAPABLE |
| TenantResource.isCustom | IS_CUSTOM |
| TenantResource.isIdp | IS_IDP |
| TenantResource.isMarketplace | IS_MARKETPLACE |
| TenantResource.isOnPrem | IS_ON_PREM |
| Generated (sync capture timestamp) | LAST_CAPTURED |
| TenantResource.logoDescriptor | LOGO_DESCRIPTOR |
| TenantResource.name | NAME |
| TenantResource.obsidianProducts | OBSIDIAN_PRODUCTS |
| TenantResource.platform | PLATFORM |
| TenantResource.platformId | PLATFORM_ID |
| TenantResource.production | PRODUCTION |
| TenantResource.sensitivity | SENSITIVITY |
| TenantResource.updatedTime | SOURCE_LAST_MODIFIED |
| TenantResource.tags | TAGS |
| TenantResource.id | TENANT_ID |
| TenantResource.id | UID |
| TenantResource.updatedBy | UPDATED_BY |
| TenantResource.updatedTime | UPDATED_TIME |
| TenantResource.value | VALUE |
User
Table 11: User attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| UserResource.accounts[].name | ACCOUNTS |
| UserResource.temporalProperties.created | CREATED_TIME |
| UserResource.department | DEPARTMENT |
| UserResource.division | DIVISION |
| UserResource.email.raw | EMAILS |
| UserResource.enabled | ENABLED |
| UserResource.entitySubType | ENTITY_SUB_TYPE |
| UserResource.firstName | FIRST_NAME |
| UserResource.isDeleted | IS_DELETED |
| UserResource.isPrivileged | IS_PRIVILEGED |
| UserResource.isServiceAccount | IS_SERVICE_ACCOUNT |
| UserResource.isTerminated | IS_TERMINATED |
| UserResource.jobTitle | JOB_TITLE |
| Generated (sync capture timestamp) | LAST_CAPTURED |
| UserResource.temporalProperties.lastModified | LAST_MODIFIED |
| UserResource.lastName | LAST_NAME |
| UserResource.name | NAME |
| UserResource.nativeId | NATIVE_ID |
| UserResource.phone.raw | PHONE_NUMBERS |
| UserResource.rawRefs | RAW_REFS |
| UserResource.services[].name | SERVICES |
| UserResource.temporalProperties.created | SOURCE_CREATED_DATE |
| UserResource.temporalProperties.lastModified | SOURCE_LAST_MODIFIED |
| UserResource.tenantId | TENANT_ID |
| UserResource.timezone | TIMEZONES |
| UserResource.email.raw (or id) | UID |
| UserResource.userGroups | USER_GROUPS |
| UserResource.id | USER_ID |
APIs
The Obsidian Security connector uses the Obsidian Security API. Specifically, it uses the following endpoints:
Table 12: Obsidian Security API endpoints
| Connector Object | API Endpoint |
|---|---|
| Account | POST v1/gql — GraphQL query getAccounts |
| Compliance Control | GET posture/v3_0/compliance/info/{standardId} |
| Compliance Standard | GET posture/v3_0/compliance/list |
| Entity | POST v1/gql — GraphQL query getEntities |
| Rule | GET posture/v3_0/rules/list |
| Rule Violation | GET posture/v3_0/rules/info/{ruleId}/preview |
| Setting | GET posture/v3_0/settings/list |
| Setting Violation | GET posture/v3_0/settings/list |
| Tenant | GET v1/connection-management/tenants |
| User | POST v1/gql — GraphQL query getUsers |
Changelog
The Obsidian Security connector has undergone the following changes:
Table 13: Obsidian Security Changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.0 | Initial Integration+ release. | April 27th, 2026 |