Xygeni User Guides
  • Welcome to Xygeni
  • Getting Started
    • Create a Free Trial Account
    • Quick start with your code repository
    • Quick start with Xygeni CLI
    • Quick start with a preloaded project
    • Log in to Xygeni
    • Subscribe to Xygeni
  • Introduction to Xygeni
    • Key Concepts
      • Projects in Xygeni
      • Project Baseline
      • Detected Issues
      • Remediation Actions
      • Policies
      • Risk Level
      • SDLC Inventory
      • Standards Compliance
      • GuardRails
    • Xygeni Products
    • How Xygeni works
    • Xygeni Web UI Overview
      • Projects Screen
        • Risk Level
    • Integrating Xygeni into your Workflow
    • Prioritization Funnels
      • Custom Funnels
      • Prioritization Criteria (Stages)
        • Reachability
        • Exploitability
        • Fixable
    • Guardrails
    • Generate a SBOM
    • Reports
      • Trends
      • Scan History
    • Supported Integrations
    • Customizations
  • Xygeni Products
    • Application Security Posture Management (ASPM)
      • ASPM User Interface Guide
      • All Risks
        • Statistics
        • Issues Evolution
        • Issue Comparison Between Different Scans
      • Governance
      • Inventory
        • All Assets
        • Repositories
        • Components
        • CI/CD Assets
        • Delivery Assets
        • Systems & Tools
        • Collaborators
      • Health Check
      • Inventory Scanner
        • Inventory Scanner Configuration
        • Inventory Collaborators Scan
      • Importing reports from 3rd party tools
        • External Scanners Supported
          • Report upload for Kiuwan
            • ExportRule (.java)
    • Code Security (SAST)
      • Code Security (SAST) User Interface Guide
        • Risks (SAST)
        • Malicious Code
      • Malware Scanner
        • Malware Scanner Configuration
        • Malware Detectors
      • SAST Scanner
        • SAST Scanner Configuration
    • Open Source (SCA)
      • Open Source (SCA) User Interface Guide
      • Open Source Components
      • Supported Package Managers for dependency resolution
      • Risks (SCA)
      • OSS Prioritization Funnels
      • OSS Auto-Remediation
      • Malware Early Warning (MEW)
        • How Malware Early Warning works
        • Common types of Malware found in open source packages
      • Dependency Scanner
        • Dependency scanner configuration
        • Dependency Analyzers
      • Suspect Dependencies Scanner
        • Suspect Deps Scanner Configuration
        • Suspect Deps Detectors
    • CI/CD Security
      • CI/CD Security User Interface Guide
      • CI/CD Details
      • Build Attestations
      • CI/CD Scanner
        • CI/CD Misconfigurations Scanner Configuration
      • Compliance Scanner
        • Supported compliance standards
    • Secrets Security
      • Secrets User Interface Guide
      • Secrets Scanner
        • Secrets scanner configuration
      • Secret Leaks Handling
        • Secret Leaks Handling
        • How to Prevent Hard-Coded Secrets
        • Secret Leaks Handling CheatSheet
      • Secrets Auto-Remediation
    • IaC Security
      • IaC User Interface Guide
      • IaC Scanner
        • IaC Scanner Configuration
    • Malware
    • Build Security
      • Build Security Concepts
      • Build Attestations
      • Attestation format
      • How SALT works
      • Installing Salt CLI
      • Salt Command-Line Reference
      • SALT Architecture
      • SALT How To…​
    • Anomalous Activity Detection
      • Anomalous Activity Detection User Interface Guide
      • Xygeni Sensors
        • Xygeni Sensor for Azure
        • Xygeni Sensor for BitBucket
        • Xygeni Sensor for GitHub
          • GitHub Audit Log Processing
        • Xygeni Sensor for GitLab
        • Xygeni Sensor for Jenkins
        • Anomaly Detection's Detectors
      • Code Tampering Scanner
        • Code Tampering Scanner Configuration
    • Compliance & Malware Insights
      • SSCS Compliance
      • Malicious Packages DB
  • Scan Management
    • Manage Scans
    • Scan History
  • Xygeni Scanner CLI
    • Xygeni Scanners
    • Xygeni CLI Overview
      • Xygeni CLI Prerequisites
      • Xygeni CLI Installation
      • Xygeni CLI Docker Image
      • Xygeni CLI Authentication
        • CLI Authentication with Xygeni
      • SCM, CI/ CD and Container Registry tokens
      • Xygeni CLI Operation Modes
        • Single scan
          • Scanning a docker image
        • Multi Scan
        • Organization scan
      • Xygeni CLI Configuration options
      • Xygeni CLI Output Formats
      • Exporting Xygeni results to 3rd party tools
      • Automatic Remediation
      • Generate SBOM with the Xygeni CLI
      • CLI utils
        • Credentials Encryption
        • Central Configuration
      • Xygeni Guardrails
        • CI/CD Audit Analysis
      • Xygeni CLI Error Codes
      • Xygeni Scanner Reference
  • Xygeni Administration
    • Platform Administration
      • Profile
      • Subscription
      • Users Management
      • Projects Management
      • Groups Management
      • Policies
      • Integrations
        • Xygeni Single Sign-On (SSO) Authentication
          • SSO - OKTA
          • SSO - Microsoft Entra ID
        • Integrate Scanner CLI into CI/CD Systems
          • Azure Pipelines Integration
          • BitBucket Integration
          • CircleCI Integration
          • GitHub Actions Integration
          • GitLab Runner Integration
          • Jenkins Integration
          • Travis CI Integration
        • Git Hooks with Xygeni
        • Collaboration & communication Tools
        • Ticketing Systems
        • Remediation systems
      • Notifications
    • Rest API
  • Support
  • Changelog
    • Version 5.11 - April 11, 2025
    • Version 5.9 – March 26, 2025
Powered by GitBook
On this page
  • Real-Time Protection Against Exploits in Your Software Supply Chain
  • Robust Code Tampering Protection
  • Real-Time Alerting for Anomalies
  • Customize Anomaly Detection Rules
Export as PDF
  1. Xygeni Products

Anomalous Activity Detection

PreviousSALT How To…​NextAnomalous Activity Detection User Interface Guide

Last updated 28 days ago

Real-Time Protection Against Exploits in Your Software Supply Chain

Xygeni’s Anomaly Detection provides robust security by actively monitoring and addressing vulnerabilities and risks as they are detected. Our real-time analytics ensure that any attempt to exploit these vulnerabilities is identified and mitigated quickly, protecting the integrity and security of your software operations.

Anomaly Detection platform provides an additional layer of security by continuously monitoring and analyzing activities within your SCM and CI/CD infrastructure to identify and respond to unusual behavior quickly. Xygeni detects anomalies that indicate unauthorized modifications, access, or exploitations in real time. This proactive approach ensures that potential security breaches are addressed before they can escalate into serious threats.

Robust Code Tampering Protection

Xygeni’s Code Tampering secures your applications by detecting unauthorized modifications in your codebase, pipelines, and configurations. It scans critical file changes, promptly identifies malicious alterations, and notifies findings for immediate action. Furthermore, it provides detailed insights including commit details and specific affected files, enhancing your response efficiency.

Find mismatches from the expected state at each point in the software pipeline

Certain mismatches between data from tools across the supply chain may alert the organization of a potential issue that could be exploited by a bad actor. Examples of such mismatches include differences between IaC configurations and the settings at production, integrity failures like differences between files in the code repository and the build / CI systems, or changes in important files that should not change without notification, like installation scripts, CI configurations and pipelines or protection controls in tools.

Protect critical code against unintended changes

Parts of software source code, like installation or upgrade scripts, build pipelines, or important configuration files should have changes blocked by default, and a strict procedure should be enforced for their modification. Xygeni helps with implementing such procedures and detecting any change in critical code not following them.

Code Tamper Scanner

  • CI/CD: Detects changes in build and workflow files.

  • Context-Aware Prioritization: Monitors modifications in CODEOWNERS, configuration, environment files, and shell scripts.

  • Descriptor: Scans for unauthorized changes in dependency descriptor files.

  • Infrastructure as Code (IaC): Identifies modifications in IaC templates.

  • Policy: Tracks changes in security policy files.

  • Security Tool Configuration: Detects alterations in the configuration of security tools.

  • Custom Critical Files: Alerts on changes to files designated as critically important by the user.

Real-Time Alerting for Anomalies

Xygeni ensures proactive security by providing real-time alerts for detected anomalies, allowing your team to respond quickly to potential threats.

Identify anomalies in behavior as evidence for a potential security breach

Unusual activity, on the other way, might hold evidence that an actual breach took place. Imagine a resource like an organization’s private code repository: clones from unintended users or from anomalous geographic locations, adding-and-removing permissions in a short time period, deleting branch protection rules, or using admin rights to merge code without review or with failed status checks, are examples of such anomalies.

Xygeni warns of such anomalies across the DevOps process, and signals any drift in sources and configurations along the chain.

Alerts can be sent directly via email, a webhook, or integrated into messaging platforms like Slack, ensuring that your teams receive immediate notifications. This rapid alerting system is equipped to deliver crucial context about each incident, enabling a quick and informed response to protect your operations.

  • Organization Detectors: Monitor changes in configurations, compliance frameworks, and administrative privileges.

  • Repository Detectors: Detect unusual repository operations such as anomalous merges, deletions, and permission changes.

  • Branch Detectors: Focus on commits that bypass protections, along with branch setting alterations.

  • Jenkins Detectors: Track suspicious login behaviors and unusual plugin installations or build durations.

Customize Anomaly Detection Rules

Adapt your anomaly detection strategy to your environment’s specific needs with Xygeni’s customizable rulesets. Tailor rules align with your organization’s unique risk profile, ensuring that alerts are relevant and timely. This customization capability allows you to fine-tune the sensitivity and specificity of the detection system, enhancing the relevance of alerts and improving overall security posture.

See for further details.

is equipped with a variety of detectors designed to identify unauthorized modifications across several crucial areas:

See Scanner for further information.

See for a full description and supported platforms

Anomaly Detection Web UI
Code Tamper Scanner
Code Tampering
Xygeni Sensors