Xygeni Sensor for Azure
Last updated
Last updated
When sensors detect an unusual activity, it will raise an alert for tracking the origin and taking immediate action to mitigate the risk and prevent further damage.
This guide provides instructions on how to stream log events from Azure DevOps to Xygeni Server using Azure Event Grid. This integration allows Xygeni to detect unusual activity within Azure DevOps.
When Xygeni detects an unusual activity, it will raise an alert for tracking the origin and taking immediate action to mitigate the risk and prevent further damage.
This integration streams Azure DevOps log events to Xygeni Server via Azure Event Grid. It begins by setting up an Event Grid topic, configuring Azure DevOps to push specified events to this topic, and then subscribing to the Xygeni endpoint to receive these events.
Azure Devops Organization should be using Microsoft Entra.
Log Audit Events
should be active under Organization Settings.
On the Azure Portal Create a New Event Grid Topic.
Create a new Topic with name, region, and resource group.
Create Subscription and choose Web Hooks as the endpoint type and specify the Xygeni API endpoint URL.
Set Delivery Properties by entering a header Authorization
and a header value Bearer <your_token_here>
, replacing <your_token_here> with your Xygeni Api Key generated from the Xygeni portal.
Click on Save.
On Organization Settings / General / Auditing, go to Streams
and add the Azure Event Grid configured above.
By creating the subscription, an installation event is sent to Xygeni
Check if a new installation should appear at the Xygeni Integration page.
Permissions: Ensure all permissions are correctly set for Azure DevOps and Azure Event Grid.
Endpoint URL: Confirm the Xygeni URL is correct and accessible from Azure.
Review Logs: Check the Azure Event Grid logs for any delivery issues or errors.
You can navigate to the dashboard to keep track of all the Unusual Activity detected at the moment, ordered by time of exposure from most recent to less recent. Open .