Everything your MSP needs. One platform.
Vigil was built because off-the-shelf MSP stacks are fragmented, expensive, and don't talk to each other. Instead of stitching together five SaaS products, Obsidian clients get a cohesive platform where every module shares context, data, and automation pipelines.
Patch Management
Automated security and system updates for Linux servers via Ansible, Windows workstations via ManageEngine, and mobile devices — all from one dashboard. Maintenance windows, compliance reports, and CISA KEV tracking included.
Unified Enrollment
One bootstrap script deploys Wazuh, Tactical RMM, Fleet osquery, and Ansible SSH access in a single run. Phase 2 enables automated Ansible push from Vigil once SSH is confirmed — no more manual bootstrap per service.
Security Monitoring
Wazuh integration brings SIEM, FIM, vulnerability detection, and active response to every enrolled host. Vigil surfaces agent status, alerts, and compliance posture directly in the portal.
Threat Intelligence
OpenCTI integration delivers curated threat feeds, IOC tracking, and adversary campaign data. CISA Known Exploited Vulnerabilities are cross-referenced against your device inventory automatically.
Remote Operations
Tactical RMM provides real-time remote access, script execution, and alerting. Fleet osquery enables live inventory queries and endpoint visibility across your entire environment.
Playbook Library
A curated Ansible playbook catalog (security hardening, fail2ban, disk cleanup, key enforcement, and more) plus a YAML editor to build custom playbooks — deployed directly to Semaphore from the portal.
Two-phase deployment. No agents pre-installed.
Bootstrap Script
Customer downloads a generated bash script that installs selected agents (Wazuh, Tactical RMM,
Fleet, Ansible SSH) in one run. The script creates the ansible-svc service account,
deposits the org's public key, and enables password auth for the initial handshake.
- No pre-existing SSH access required
- RSA 4096 keypair generated per org
- Per-service toggles (install only what's needed)
- x86_64 + ARM64 support
Ansible Push from Vigil
Once the admin confirms SSH connectivity, Vigil takes over. Host inventory is managed directly in the portal — synced to Semaphore automatically. Playbooks are deployed as templates and launched on demand or on schedule. Password auth is enforced off via Ansible.
- Key-only SSH enforced after confirmation
- Per-org host registry with group tagging
- Idempotent inventory sync to Semaphore
- Playbook launch with one click
Open-source core, enterprise integration
MSPs and their clients.
Vigil is the internal platform powering Obsidian Group's managed services. Clients get a branded self-service portal with visibility into their environment, compliance posture, and automation jobs. MSP admins get a unified back-office across all organisations.