Xygeni Sensor for GitLab

The Xygeni Sensor for GitLab monitors activity in an Organization (or User) and its repositories.

How it works

The sensor works by registering Audit Event Streaming for GitLab, which will send HTTPS messages to the streaming endpoint URL for the Xygeni platform.

See Audit event streaming examples for further information on the events and payloads sent from GitLab to Xygeni platform.

The Audit Event Streaming feature is only available in the Ultimate tier.

The streaming URL is https://api.xygeni.io/gitlab/streaming for the Xygeni cloud platform. The streaming endpoint is secured with a shared secret and TLS, following the recommendations in Verify event authenticity.

Installation

Audit Event Streaming should be set for each top-level group you require to monitor using Xygeni. In case of Gitlab local self-managed instances it will be set once per instance.

Add a new HTTP destination

In Gitlab, follow instruction to setup a streaming destination as described at Add new HTTP destination
- As Destination Name write a description for that streaming
- Set the Destination URL (https://api.xygeni.io/gitlab/streaming).

Save Verification token at Xygeni

Once the destination is created, expand the stream to locate the verification token.

Then copy the Verification Token, go to Xygeni 'Integrations Configuration' screen, and paste it at the 'Verification token' field, 'Sensors' section".

Alerts Tracking

You can navigate to the dashboard to keep track of all the Unusual Activity detected at the moment, ordered by time of exposure from most recent to less recent. Open Anomalous Activity Summary.

PreviousGitHub Audit Log Processing NextXygeni Sensor for Jenkins

Last updated 2 months ago