Most detection content catches persistence techniques as they happen. But what if the attacker was already there before you connected your logs? CloudTwin™ analyzes Entra ID configuration state — not just log events — to answer the question every SOC team should be asking: "Have I been pwned?"

Today, we’re excited to roll out our SaaS-sourced threat detections, built to give SecOps teams complete visibility across the services powering their cloud. Stream’s SaaS detections extend our end-to-end visibility beyond all cloud layers to include SaaS as part of our commitment to delivering full-spectrum coverage in a single platform.