GitHub Enterprise Audit Log connector for Microsoft Sentinel
The GitHub audit log connector provides the capability to ingest GitHub logs into Microsoft Sentinel. By connecting GitHub audit logs into Microsoft Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.
Note: If you are intended to ingest GitHub subscribed events into Microsoft Sentinel , Please refer to GitHub (using Webhooks) Connector from "Data Connectors" gallery.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | GitHubAuditData |
| Data collection rules support | Not currently supported |
| Supported by | Microsoft Corporation |
Query samples
All logs
{{graphQueriesTableName}}
| take 10
Prerequisites
To integrate with GitHub Enterprise Audit Log make sure you have:
- GitHub API personal token Key: You need access to GitHub personal token, the key should have 'admin:org' scope
Vendor installation instructions
Connect GitHub Enterprise Audit Log to Microsoft Sentinel
Enable GitHub audit Logs. Follow this to create or find your personal key
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for