Download topic as PDF
CIM Compatibility for GitHub Cloud Audit Logs
The following data models are mapped in the sourcetype github:cloud:audit of the add-on corresponding to the vendor_action.
| Datamodel mapped | vendor_action |
|---|---|
| Change:All_Changes | org.rename, org.update_terms_of_service, org.create, org.update_actions_secret, org.create_actions_secret, org.set_actions_fork_pr_approvals_policy, org.set_actions_retention_limit, org.set_workflow_permission_can_approve_pr, org.set_default_workflow_permissions, org.update_actions_settings, org.secret_scanning_push_protection_disable, org.secret_scanning_push_protection_enable, org.secret_scanning_push_protection_custom_message_enabled, org.secret_scanning_push_protection_custom_message_disabled, org.secret_scanning_push_protection_new_repos_enable, org.secret_scanning_custom_pattern_push_protection_disabled, org.secret_scanning_custom_pattern_push_protection_enabled, repo.access, org.runner_group_updated, org.runner_group_created, org.runner_group_removed, org.config.disable_collaborators_only, org.config.enable_collaborators_only, org.update_member_repository_invitation_permission, org.enable_two_factor_requirement, org.remove_integration_secret, org.remove_actions_secret, repo.self_hosted_runner_offline, repo.self_hosted_runner_online, org.oauth_app_access_denied, org.enable_oauth_app_restrictions, org.disable_oauth_app_restrictions, org.oauth_app_access_approved, org.allow_third_party_access_requests_from_outside_collaborators_enabled, org.allow_third_party_access_requests_from_outside_collaborators_disabled, org.enable_reader_discussion_creation_permission, org.disable_reader_discussion_creation_permission, org.enable_member_team_creation_permission, org.disable_member_team_creation_permission, org.display_commenter_full_name_disabled, org.display_commenter_full_name_enabled, org.disable_two_factor_requirement, org.update_integration_secret, org.create_integration_secret, org.confirm_business_invitation, org.accept_business_invitation, org.config.disable_contributors_only, org.config.enable_contributors_only, org.config.disable_sockpuppet_disallowed, org.config.enable_sockpuppet_disallowed, org.update_new_repository_default_branch_setting, org.update_member_repository_creation_permission, org.update_default_repository_permission, org.cancel_invitation, org.cancel_business_invitation, org.advanced_security_policy_selected_member_enabled, org.advanced_security_policy_selected_member_disabled, repo.advanced_security_disabled, org.advanced_security_disabled_on_all_repos, repo.advanced_security_enabled, org.advanced_security_enabled_on_all_repos, org.advanced_security_disabled_for_new_repos, org.advanced_security_enabled_for_new_repos, repo.update_default_branch, repo.update_integration_secret, repo.update_actions_secret, repo.create_actions_secret, repo.transfer, team.add_repository, repo.actions_enabled, repo.transfer_outgoing, team.remove_repository, repo.register_self_hosted_runner, repo.set_actions_retention_limit, repo.set_actions_fork_pr_approvals_policy, repo.pages_public, repo.update_actions_settings, repo.rename, repo.remove_topic, repo.remove_integration_secret, repo.remove_actions_secret, repo.remove_self_hosted_runner, repo.pages_private, repo.pages_cname, repo.pages_https_redirect_enabled, repo.pages_https_redirect_disabled, repo.pages_source, repo.pages_create, repo.pages_destroy, repo.create, repo.change_merge_setting, repo.destroy, repo.create_integration_secret, repo.config.disable_sockpuppet_disallowed, repo.config.enable_sockpuppet_disallowed, repo.config.disable_collaborators_only, repo.config.enable_collaborators_only, repo.config.disable_contributors_only, repo.config.enable_contributors_only, repo.code_scanning_configuration_for_branch_deleted, repo.code_scanning_analysis_deleted, repo.codeql_enabled, repo.add_topic, team.update_repository_permission, team.create, team.destroy, repo.unarchived, repo.archived, team.change_privacy, team.rename, team.change_parent_team, org.update_saml_provider_settings, org.enable_saml, org.disable_saml, business.disable_two_factor_requirement, business.enable_two_factor_requirement, business.remove_member, pull_request.ready_for_review, business_secret_scanning_custom_pattern.delete, business_secret_scanning_custom_pattern.update, business_secret_scanning_custom_pattern.create, business.advanced_security_policy_update, members_can_view_dependency_insights.clear, members_can_view_dependency_insights.disable, members_can_view_dependency_insights.enable, team_discussions.clear, team_discussions.disable, team_discussions.enable, repository_projects_change.clear, repository_projects_change.disable, repository_projects_change.enable, organization_projects_change.clear, organization_projects_change.disable, organization_projects_change.enable, pull_request.create_review_request, business.set_actions_fork_pr_approvals_policy, business.update_actions_settings, issues.deletes_disabled, issues.deletes_enabled, members_can_delete_repos.clear, members_can_delete_repos.disable, members_can_delete_repos.enable, repository_visibility_change.clear, repository_visibility_change.disable, repository_visibility_change.enable, business.update_member_repository_invitation_permission, private_repository_forking.clear, private_repository_forking.disable, private_repository_forking.enable, business.clear_members_can_create_repos, business.update_member_repository_creation_permission, git.fetch, pull_request.merge, git.push, git.clone, pull_request.create, pull_request.close, hook.create, repository_dependency_graph.enable, repository_secret_scanning.enable, pull_request.reopen, org_credential_authorization.deauthorize, org_credential_authorization.grant, workflows.enable_workflow, integration_installation.repositories_added, repository_secret_scanning_push_protection.disable |
| Change:Account_Management | org.add_member, org.remove_outside_collaborator, repo.remove_member, team.remove_member, org.remove_member, org.integration_manager_removed, org.integration_manager_added, org.update_member, org.restore_member, repo.add_member, team.add_member, org.invite_member, org.unblock_user, org.block_user, repo.update_member, team.demote_maintainer, team.promote_maintainer |
| Change:Audit_Changes | business.set_fork_pr_workflows_policy, business.set_actions_retention_limit, issues.deletes_policy_cleared, workflows.completed_workflow_run, workflows.prepared_workflow_job, workflows.created_workflow_run, repository_vulnerability_alerts.enable |
| Alerts | repository_vulnerability_alert.create, repository_vulnerability_alert.reopen |
Last modified on 13 December, 2023
|
PREVIOUS Source types for the Splunk Add-on for GitHub |
NEXT Release notes for the Splunk Add-on for GitHub |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!