Skip to main content

GitLab Event Collector

This Integration is part of the GitLab Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

An event collector for Gitlab audit events and events using Gitlab's API.

Audit events API documentation
Events API documentation

Configure Gitlab Event Collector on Cortex XSIAM#

  1. Navigate to Settings > Configurations > Data Collection > Automation & Feed Integrations.
  2. Search for Gitlab Event Collector.
  3. Click Add instance to create and configure a new integration instance.
Server HostGitlab Git URL.True
API keyThe request API key provided by Gitlab.True
Groups IDsA comma-separated list of group IDs to retrieve. To view your groups or to create a group, see Manage Groups in the Gitlab documentation.False
Projects IDsA comma-separated list of project IDs to get. To view your projects or to create a project, see Manage Projects in the Gitlab documentation.True
First fetch timestampThe period to retrieve events for. In the format ([number] [time unit]). For example, 12 hours, 1 day, 3 months.False
The maximum number of events to fetch for each event typeEach fetch will bring the limit number of events for each type (audits, groups and projects) and each group/project ID. For example, if limit is set to 500 and groups/projects IDs are given as well, then the fetch will bring 500 audit events and 500 group/project events for each group/project ID.False
Trust any certificate (not secure)Use SSL secure connection or ‘None’.False
User system proxy settingsRuns the integration instance using the proxy server (HTTP or HTTPS) that you defined in the server configuration.False
  1. Click Test to validate the URLs, tokens, and connection.


You can execute the following command from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Manual command to fetch events and display them.

Base Command#



Argument NameDescriptionRequired
should_push_eventsSet this argument to True in order to create events, otherwise the command will only display them. Default is False.True

Context Output#

There is no context output for this command.