Skip to main content
Xoxoday Plum monitors system health and security using Prometheus alerting, AWS Inspector, AWS GuardDuty, and SentinelOne EDR, all managed by a dedicated infrastructure team to keep the platform secure and performant.
Xoxoday Plum’s infrastructure team operates a layered monitoring stack designed to surface threats and performance issues before they affect users. At the centre of this stack is Prometheus, an open-source metrics and alerting system that continuously tracks service-level indicators across the platform. When a threshold is breached — whether CPU usage, response latency, or error rates — Prometheus fires alerts that allow the team to respond immediately. On the cloud security side, Xoxoday Plum leverages two core AWS services: AWS Inspector and AWS GuardDuty. AWS Inspector performs automated vulnerability assessments against EC2 instances, container images, and Lambda functions, flagging known CVEs and misconfigurations before they can be exploited. AWS GuardDuty adds intelligent threat detection by analysing VPC flow logs, DNS queries, and CloudTrail events to identify suspicious behaviour such as unusual API calls or potential credential compromise. For endpoint protection, Xoxoday Plum deploys SentinelOne EDR (Endpoint Detection and Response) across infrastructure endpoints. SentinelOne uses AI-driven behavioural analysis to detect and contain threats in real time, going beyond signature-based detection to catch novel or fileless attacks. This matters in enterprise environments where Xoxoday Plum integrates with systems such as Workday, SAP SuccessFactors, or Darwinbox, since the attack surface can span both cloud services and on-premise touchpoints. Together, these tools give Xoxoday Plum end-to-end visibility: Prometheus handles observability at the application layer, AWS Inspector and GuardDuty secure the cloud perimeter, and SentinelOne protects endpoints. The combination directly supports Xoxoday Plum’s adherence to recognised security frameworks — including ISO 27001 and SOC 2 Type II — by providing the continuous monitoring evidence those certifications require. All alerts and findings are routed to Xoxoday Plum’s dedicated infrastructure team, which triages, investigates, and remediates issues according to defined incident-response procedures. Your organisation does not need to manage this tooling directly; the monitoring layer operates transparently in the background so that rewards, gifting, and incentive workflows remain available and performant at all times. Learn more: [Xoxoday Plum Help Centre — General](

Security Certifications and Compliance

Learn how Xoxoday Plum maintains ISO 27001 and SOC 2 Type II certifications, and what this means for your organisation’s compliance posture.

Data Encryption at Rest and in Transit

Understand how Xoxoday Plum encrypts data across storage and network layers to protect sensitive reward and incentive information.