-
Notifications
You must be signed in to change notification settings - Fork 391
/
Copy pathgithub_enterprise_audit_logs.yml
32 lines (32 loc) · 1.46 KB
/
github_enterprise_audit_logs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
name: GitHub Enterprise Audit Logs
id: 8a4d656f-8801-4a2c-ae10-553d2696a59f
version: 1
date: '2025-01-15'
author: Patrick Bareiss, Splunk
description: Data source object for GitHub Enterprise logs using Audit log streaming as described in this documentation https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-splunk using a Splunk HTTP Event Collector.
source: http:github
sourcetype: httpevent
supported_TA:
- name: Splunk Add-on for Github
url: https://splunkbase.splunk.com/app/6254
version: 3.1.0
fields:
- _document_id
- action
- actor
- actor_id
- actor_is_bot
- business
- business_id
- created_at
- operation_type
- org
- org_id
- public_repo
- repo
- repo_id
- request_access_security_header
- user
- user_agent
- user_id
example_log: '{ @timestamp: 1736850926658 _document_id: fHPRFHOMZNXLxTZrk1w2IQ action: repository_vulnerability_alerts.disable actor: P4T12ICK actor_id: 8362376 actor_ip: 84.128.62.13 actor_is_bot: false actor_location: { [+] } business: pb business_id: 273781 created_at: 1736850926658 operation_type: modify org: pbtest2 org_id: 194489467 public_repo: false repo: pbtest2/pbtest5 repo_id: 916529548 request_access_security_header: null user: P4T12ICK user_agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 user_id: 8362376 }'