Xoxoday Plum supports real-time security monitoring through a centralised Security Information and Event Management (SIEM) capability that aggregates events from application, network, and infrastructure layers for correlation, anomaly alerting, and post-incident forensic analysis.
Real-time operational and security monitoring
Xoxoday Plum runs on a cloud-based, high-availability architecture with continuous infrastructure monitoring and application performance monitoring (APM) active at all times. Alerts for performance degradation, availability events, and security anomalies are generated in real time and routed to an on-call DevOps and security operations function, including pager-based escalation to ensure timely triage. Cloud-native tooling — including AWS CloudWatch integrated with Grafana dashboards — provides visibility across the full stack, from compute and network to application-layer behaviour.Centralised SIEM and security event correlation
Xoxoday Plum’s SIEM centralises and correlates security telemetry from multiple sources: application logs, access logs, firewall events, and IDS/IPS alerts. This enables the security operations team to detect anomalous or policy-violating activity and generate targeted alerts for investigation. Perimeter controls — including a Web Application Firewall (WAF) and intrusion detection and prevention systems (IDS/IPS) — feed security telemetry directly into the SIEM, ensuring that network-layer events are visible alongside application-layer signals. For organisations operating under frameworks such as ISO 27001 or SOC 2 Type II, this architecture supports the continuous monitoring controls those standards require.Log retention and forensic analysis
Infrastructure logs are collected via cloud audit trail capabilities, and application logs are centralised in a searchable log store with defined retention policies. Audit logging covers key administrative and system actions, providing the traceability needed for post-incident investigation. Retention policies are designed to support both operational troubleshooting and compliance-driven investigation requirements, with access to log repositories controlled and restricted to authorised personnel. This means that when a security event occurs — for example, an anomalous redemption pattern or an unexpected administrative action — the security team can reconstruct a detailed event timeline for forensic review.Incident response workflow
Xoxoday Plum’s security monitoring feeds into a documented incident response process. Incidents are logged, investigated, and quantified, with response workflows aligned to the severity of the event. Where your organisation requires evidence for its own audit or compliance purposes — such as during a SOC 2 audit or an internal information security review — Xoxoday can provide relevant log extracts and incident artefacts on request, subject to appropriate approvals and confidentiality controls.Client SIEM integration
Xoxoday Plum’s SIEM and security operations monitoring are managed centrally by Xoxoday. Real-time log streaming or direct integration into a client-managed SIEM is not provided as a default capability. Organisations that require specific log evidence for their own security operations can request log extracts through the formal process described above. Learn more: [Xoxoday Plum Help Centre — General](How does Xoxoday Plum handle security incident response?
Learn how Xoxoday Plum’s documented incident response process detects, contains, and resolves security events across its cloud infrastructure.
What encryption standards does Xoxoday Plum use for data in transit and at rest?
Understand how Xoxoday Plum protects reward and user data using industry-standard encryption controls across storage and transmission layers.