# Xygeni Sensor for GitLab

The Xygeni Sensor for GitLab monitors activity in an Organization (or User) and its repositories.

### How it works

The sensor works by registering [Audit Event Streaming for GitLab](https://docs.gitlab.com/ee/administration/audit_event_streaming/index.html), which will send HTTPS messages to the streaming endpoint URL for the Xygeni platform.

See [Audit event streaming examples](https://docs.gitlab.com/ee/administration/audit_event_streaming/examples.html) for further information on the events and payloads sent from GitLab to Xygeni platform.

{% hint style="info" %}
**The Audit Event Streaming feature is only available in the Ultimate tier.**
{% endhint %}

{% hint style="info" %}
The streaming URL is [`https://api.xygeni.io/gitlab/streaming`](https://api.xygeni.io/gitlab/streaming) for the Xygeni cloud platform.\
The streaming endpoint is secured with a shared secret and TLS, following the recommendations in [Verify event authenticity](https://docs.gitlab.com/ee/administration/audit_event_streaming/index.html#verify-event-authenticity).
{% endhint %}

### Installation

Audit Event Streaming should be set for each top-level group you require to monitor using Xygeni. In case of Gitlab local self-managed instances it will be set once per instance.

#### Add a new HTTP destination

* In Gitlab, follow instruction to setup a streaming destination as described at [Add new HTTP destination](https://docs.gitlab.com/ee/administration/audit_event_streaming/#add-a-new-http-destination)
  * As `Destination Name` write a description for that streaming
  * Set the `Destination URL` (<https://api.xygeni.io/gitlab/streaming>).

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FV0JU7pCFmxlytaKOU39a%2Fimage.png?alt=media&#x26;token=74a05594-0e22-42d4-9c0b-1237abebe06d" alt=""><figcaption></figcaption></figure>

#### Save Verification token at Xygeni <a href="#save_verification_token_at_xygeni" id="save_verification_token_at_xygeni"></a>

* Once the destination is created, expand the stream to locate the verification token.<br>

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2F3Q1iDaCFGacEqLh44D21%2Fimage.png?alt=media&#x26;token=fa8b1686-0bec-481b-b404-0004e936253b" alt="" width="375"><figcaption></figcaption></figure>

* Then copy the `Verification Token`, go to Xygeni 'Integrations Configuration' screen, and paste it at the 'Verification token' field, 'Sensors' section".

### Alerts Tracking <a href="#alerts_tracking" id="alerts_tracking"></a>

You can navigate to the dashboard to keep track of all the Unusual Activity detected at the moment, ordered by time of exposure from most recent to less recent. Open [Anomalous Activity Summary](https://docs.xygeni.io/xygeni-products/anomaly-detection/anomaly-detection-user-interface-guide).