# Xygeni Sensor for Azure

When sensors detect an unusual activity, it will raise an alert for tracking the origin and taking immediate action to mitigate the risk and prevent further damage.

## Azure Devops Audit Streaming

This guide provides instructions on how to stream log events from Azure DevOps to Xygeni Server using Azure Event Grid. This integration allows Xygeni to detect unusual activity within Azure DevOps.

When Xygeni detects an unusual activity, it will raise an alert for tracking the origin and taking immediate action to mitigate the risk and prevent further damage.

### How it works

This integration streams Azure DevOps log events to Xygeni Server via Azure Event Grid. It begins by setting up an Event Grid topic, configuring Azure DevOps to push specified events to this topic, and then subscribing to the Xygeni endpoint to receive these events.

### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

* Azure Devops Organization should be using Microsoft Entra.
* `Log Audit Events` should be active under Organization Settings.

### Installation Step 1: Create an Azure Event Grid Topic and Subscription

* On the Azure Portal Create a New Event Grid Topic.
* Create a new Topic with name, region, and resource group.
* Create Subscription and choose Web Hooks as the endpoint type and specify the Xygeni API endpoint URL[ ](https://api.xygeni.io/azure_streaming/aeg_event)<https://api.xygeni.io/azure_streaming/aeg_event>.
* Set Delivery Properties by entering a header `Authorization` and a header value `Bearer <your_token_here>`, replacing \<your\_token\_here> with your Xygeni Api Key generated from the Xygeni portal.
* Click on Save.

### Installation Step 2: Configure Azure DevOps Service Hooks

* On Organization Settings / General / Auditing, go to `Streams` and add the Azure Event Grid configured above.

### Installation Step 3: Test and Validate

* By creating the subscription, an installation event is sent to Xygeni
* Check if a new installation should appear at the Xygeni Integration page.

### Troubleshooting

* Permissions: Ensure all permissions are correctly set for Azure DevOps and Azure Event Grid.
* Endpoint URL: Confirm the Xygeni URL is correct and accessible from Azure.
* Review Logs: Check the Azure Event Grid logs for any delivery issues or errors.

### Alerts Tracking <a href="#alerts_tracking" id="alerts_tracking"></a>

You can navigate to the dashboard to keep track of all the Unusual Activity detected at the moment, ordered by time of exposure from most recent to less recent. Open [Anomalous Activity Summary](/xygeni-products/anomaly-detection/anomaly-detection-user-interface-guide.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.xygeni.io/xygeni-products/anomaly-detection/xygeni-sensors/xygeni-sensor-for-azure.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.