Splunk® Supported Add-ons

Splunk Add-on for GitHub

CIM Compatibility for GitHub Cloud Audit Logs

The following data models are mapped in the sourcetype github:cloud:audit of the add-on corresponding to the vendor_action.

Datamodel mapped vendor_action
Change:All_Changes org.rename, org.update_terms_of_service, org.create, org.update_actions_secret, org.create_actions_secret, org.set_actions_fork_pr_approvals_policy, org.set_actions_retention_limit, org.set_workflow_permission_can_approve_pr, org.set_default_workflow_permissions, org.update_actions_settings, org.secret_scanning_push_protection_disable, org.secret_scanning_push_protection_enable, org.secret_scanning_push_protection_custom_message_enabled, org.secret_scanning_push_protection_custom_message_disabled, org.secret_scanning_push_protection_new_repos_enable, org.secret_scanning_custom_pattern_push_protection_disabled, org.secret_scanning_custom_pattern_push_protection_enabled, repo.access, org.runner_group_updated, org.runner_group_created, org.runner_group_removed, org.config.disable_collaborators_only, org.config.enable_collaborators_only, org.update_member_repository_invitation_permission, org.enable_two_factor_requirement, org.remove_integration_secret, org.remove_actions_secret, repo.self_hosted_runner_offline, repo.self_hosted_runner_online, org.oauth_app_access_denied, org.enable_oauth_app_restrictions, org.disable_oauth_app_restrictions, org.oauth_app_access_approved, org.allow_third_party_access_requests_from_outside_collaborators_enabled, org.allow_third_party_access_requests_from_outside_collaborators_disabled, org.enable_reader_discussion_creation_permission, org.disable_reader_discussion_creation_permission, org.enable_member_team_creation_permission, org.disable_member_team_creation_permission, org.display_commenter_full_name_disabled, org.display_commenter_full_name_enabled, org.disable_two_factor_requirement, org.update_integration_secret, org.create_integration_secret, org.confirm_business_invitation, org.accept_business_invitation, org.config.disable_contributors_only, org.config.enable_contributors_only, org.config.disable_sockpuppet_disallowed, org.config.enable_sockpuppet_disallowed, org.update_new_repository_default_branch_setting, org.update_member_repository_creation_permission, org.update_default_repository_permission, org.cancel_invitation, org.cancel_business_invitation, org.advanced_security_policy_selected_member_enabled, org.advanced_security_policy_selected_member_disabled, repo.advanced_security_disabled, org.advanced_security_disabled_on_all_repos, repo.advanced_security_enabled, org.advanced_security_enabled_on_all_repos, org.advanced_security_disabled_for_new_repos, org.advanced_security_enabled_for_new_repos, repo.update_default_branch, repo.update_integration_secret, repo.update_actions_secret, repo.create_actions_secret, repo.transfer, team.add_repository, repo.actions_enabled, repo.transfer_outgoing, team.remove_repository, repo.register_self_hosted_runner, repo.set_actions_retention_limit, repo.set_actions_fork_pr_approvals_policy, repo.pages_public, repo.update_actions_settings, repo.rename, repo.remove_topic, repo.remove_integration_secret, repo.remove_actions_secret, repo.remove_self_hosted_runner, repo.pages_private, repo.pages_cname, repo.pages_https_redirect_enabled, repo.pages_https_redirect_disabled, repo.pages_source, repo.pages_create, repo.pages_destroy, repo.create, repo.change_merge_setting, repo.destroy, repo.create_integration_secret, repo.config.disable_sockpuppet_disallowed, repo.config.enable_sockpuppet_disallowed, repo.config.disable_collaborators_only, repo.config.enable_collaborators_only, repo.config.disable_contributors_only, repo.config.enable_contributors_only, repo.code_scanning_configuration_for_branch_deleted, repo.code_scanning_analysis_deleted, repo.codeql_enabled, repo.add_topic, team.update_repository_permission, team.create, team.destroy, repo.unarchived, repo.archived, team.change_privacy, team.rename, team.change_parent_team, org.update_saml_provider_settings, org.enable_saml, org.disable_saml, business.disable_two_factor_requirement, business.enable_two_factor_requirement, business.remove_member, pull_request.ready_for_review, business_secret_scanning_custom_pattern.delete, business_secret_scanning_custom_pattern.update, business_secret_scanning_custom_pattern.create, business.advanced_security_policy_update, members_can_view_dependency_insights.clear, members_can_view_dependency_insights.disable, members_can_view_dependency_insights.enable, team_discussions.clear, team_discussions.disable, team_discussions.enable, repository_projects_change.clear, repository_projects_change.disable, repository_projects_change.enable, organization_projects_change.clear, organization_projects_change.disable, organization_projects_change.enable, pull_request.create_review_request, business.set_actions_fork_pr_approvals_policy, business.update_actions_settings, issues.deletes_disabled, issues.deletes_enabled, members_can_delete_repos.clear, members_can_delete_repos.disable, members_can_delete_repos.enable, repository_visibility_change.clear, repository_visibility_change.disable, repository_visibility_change.enable, business.update_member_repository_invitation_permission, private_repository_forking.clear, private_repository_forking.disable, private_repository_forking.enable, business.clear_members_can_create_repos, business.update_member_repository_creation_permission, git.fetch, pull_request.merge, git.push, git.clone, pull_request.create, pull_request.close, hook.create, repository_dependency_graph.enable, repository_secret_scanning.enable, pull_request.reopen, org_credential_authorization.deauthorize, org_credential_authorization.grant, workflows.enable_workflow, integration_installation.repositories_added, repository_secret_scanning_push_protection.disable, business.set_fork_pr_workflows_policy, business.set_actions_retention_limit, issues.deletes_policy_cleared, workflows.completed_workflow_run, workflows.prepared_workflow_job, workflows.created_workflow_run, repository_vulnerability_alerts.enable
Change:Account_Management org.add_member, org.remove_outside_collaborator, repo.remove_member, team.remove_member, org.remove_member, org.integration_manager_removed, org.integration_manager_added, org.update_member, org.restore_member, repo.add_member, team.add_member, org.invite_member, org.unblock_user, org.block_user, repo.update_member, team.demote_maintainer, team.promote_maintainer
Alerts repository_vulnerability_alert.create, repository_vulnerability_alert.reopen
Last modified on 23 July, 2024
Source types for the Splunk Add-on for GitHub   Release notes for the Splunk Add-on for GitHub

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters