<span class="pill kill-chain">_document_id</span>
<span class="pill kill-chain">action</span>
<span class="pill kill-chain">actor</span>
<span class="pill kill-chain">actor_id</span>
<span class="pill kill-chain">actor_is_bot</span>
<span class="pill kill-chain">business</span>
<span class="pill kill-chain">business_id</span>
<span class="pill kill-chain">created_at</span>
<span class="pill kill-chain">operation_type</span>
<span class="pill kill-chain">org</span>
<span class="pill kill-chain">org_id</span>
<span class="pill kill-chain">public_repo</span>
<span class="pill kill-chain">repo</span>
<span class="pill kill-chain">repo_id</span>
<span class="pill kill-chain">request_access_security_header</span>
<span class="pill kill-chain">user</span>
<span class="pill kill-chain">user_agent</span>
<span class="pill kill-chain">user_id</span>
</div>
Data Source: GitHub Organizations Audit Logs
Description
Data source object for GitHub Organizations logs using the Splunk Add-on for Github using a Personal Access Token.
Details
| Property | Value |
|---|---|
| Source | github |
| Sourcetype | github:cloud:audit |
Related Detections
Supported Apps
- Splunk Add-on for Github (version 3.2.0)
Event Fields
Fields
Example Log
1{ @timestamp: 1736850926658 _document_id: fHPRFHOMZNXLxTZrk1w2IQ action: repository_vulnerability_alerts.disable actor: P4T12ICK actor_id: 8362376 actor_ip: 84.128.62.13 actor_is_bot: false actor_location: { [+] } business: pb business_id: 273781 created_at: 1736850926658 operation_type: modify org: pbtest2 org_id: 194489467 public_repo: false repo: pbtest2/pbtest5 repo_id: 916529548 request_access_security_header: null user: P4T12ICK user_agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 user_id: 8362376 }
Source: GitHub | Version: 1