Xygeni Sensor for Azure

When sensors detects an unusual activity, it will raise an alert for tracking the origin and taking immediate action to mitigate the risk and prevent further damage.

Azure Devops Audit Streaming

This guide provides instructions on how to stream log events from Azure DevOps to Xygeni Server using Azure Event Grid. This integration allows Xygeni for detect unusual activity within Azure DevOps.

When Xygeni detects an unusual activity, it will raise an alert for tracking the origin and taking immediate action to mitigate the risk and prevent further damage.

How it works

This integration streams Azure DevOps log events to Xygeni Server via Azure Event Grid. It begins by setting up an Event Grid topic, configuring Azure DevOps to push specified events to this topic, and then subscribing Xygeni endpoint to receive these events.

Prerequisites

  • Azure Devops Organization should be using Microsoft Entra.

  • Log Audit Events should be active under Organization Settings.

Installation Step 1: Create an Azure Event Grid Topic and Subscription

  • On the the Azure Portal Create a New Event Grid Topic.

  • Create a new Topic with name, region, and resource group.

  • Create Subscription and choose Web Hooks as the endpoint type and specifying the Xygeni API endpoint URL https://api.xygeni.io/azure/streaming.

  • Set Delivery Properties by entering a header Authorization and a header value Bearer <your_token_here>, replacing <your_token_here> with your Xygeni Api Key generated from the Xygeni portal.

  • Click on Save.

Installation Step 2: Configure Azure DevOps Service Hooks

  • On Organization Settings / General / Auditing, go to Streams and add the Azure Event Grid configured above.

Installation Step 3: Test and Validate

  • By creating the subscription, an installation event is sent to Xygeni

  • Check a new installation should appears at Xygeni Integration page.

Troubleshooting

  • Permissions: Ensure all permissions are correctly set for Azure DevOps and Azure Event Grid.

  • Endpoint URL: Confirm the Xygeni URL is correct and accessible from Azure.

  • Review Logs: Check the Azure Event Grid logs for any delivery issues or errors.

Alerts Tracking

You can navigate to the dashboard to keep track of the all the Unusual Activity detected at the moment, ordered by time of exposure from most recent to less recent. Open Anomalous Activity Summary.

PreviousXygeni SensorsNextXygeni Sensor for BitBucket

Last updated