Pistachio Presence

Pistachio Presence is an insider threat detection tool designed for cloud-based organizations. It monitors user activity across Microsoft 365 and connected third-party applications to identify unusual behavior that may indicate data exfiltration, account takeover, or permissions misuse. Setup is completed by connecting Microsoft SSO, adding Entra ID groups, and syncing the organization. Once configured, Presence begins learning the behavioral baseline of the organization and its individual users without requiring ongoing manual configuration. Rather than using rigid, rule-based detection, Presence applies AI-based contextual analysis to distinguish normal work patterns from genuinely suspicious activity. It accumulates context before generating an alert, aiming to reduce false positives and surface only meaningful signals. Each alert includes an explanation of what occurred, why it is considered suspicious, and how it deviates from established behavioral norms. Administrators can also download the raw activity logs associated with any flagged user for independent investigation. Presence does not monitor productivity, access device content, or track routine work activity. Only potentially threatening behavior is surfaced; other activity remains private, including from administrators. The product is positioned for organizations of various sizes, including those without dedicated large security teams. Pricing is annual and contract-based, with tailored rates depending on organization size.