# Xygeni Sensor for GitLab

The Xygeni Sensor for GitLab monitors activity in an Organization (or User) and its repositories.

### How it works

The sensor works by registering [Audit Event Streaming for GitLab](https://docs.gitlab.com/ee/administration/audit_event_streaming/index.html), which will send HTTPS messages to the streaming endpoint URL for the Xygeni platform.

See [Audit event streaming examples](https://docs.gitlab.com/ee/administration/audit_event_streaming/examples.html) for further information on the events and payloads sent from GitLab to Xygeni platform.

{% hint style="info" %}
**The Audit Event Streaming feature is only available in the Ultimate tier.**
{% endhint %}

{% hint style="info" %}
The streaming URL is [`https://api.xygeni.io/gitlab/streaming`](https://api.xygeni.io/gitlab/streaming) for the Xygeni cloud platform.\
The streaming endpoint is secured with a shared secret and TLS, following the recommendations in [Verify event authenticity](https://docs.gitlab.com/ee/administration/audit_event_streaming/index.html#verify-event-authenticity).
{% endhint %}

### Installation

Audit Event Streaming should be set for each top-level group you require to monitor using Xygeni. In case of Gitlab local self-managed instances it will be set once per instance.

#### Add a new HTTP destination

* In Gitlab, follow instruction to setup a streaming destination as described at [Add new HTTP destination](https://docs.gitlab.com/ee/administration/audit_event_streaming/#add-a-new-http-destination)
  * As `Destination Name` write a description for that streaming
  * Set the `Destination URL` (<https://api.xygeni.io/gitlab/streaming>).

<figure><img src="/files/3IFc71rUVNnaGktgyPQE" alt=""><figcaption></figcaption></figure>

#### Save Verification token at Xygeni <a href="#save_verification_token_at_xygeni" id="save_verification_token_at_xygeni"></a>

* Once the destination is created, expand the stream to locate the verification token.<br>

<figure><img src="/files/vdYLxazTbLjRXYio0XGm" alt="" width="375"><figcaption></figcaption></figure>

* Then copy the `Verification Token`, go to Xygeni 'Integrations Configuration' screen, and paste it at the 'Verification token' field, 'Sensors' section".

### Alerts Tracking <a href="#alerts_tracking" id="alerts_tracking"></a>

You can navigate to the dashboard to keep track of all the Unusual Activity detected at the moment, ordered by time of exposure from most recent to less recent. Open [Anomalous Activity Summary](/xygeni-products/anomaly-detection/anomaly-detection-user-interface-guide.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.xygeni.io/xygeni-products/anomaly-detection/xygeni-sensors/xygeni-sensor-for-gitlab.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.