GitHub (using Webhooks) (using Azure Functions) connector for Microsoft Sentinel
The GitHub webhook data connector provides the capability to ingest GitHub subscribed events into Microsoft Sentinel using GitHub webhook events. The connector provides ability to get events into Microsoft Sentinel which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.
Note: If you are intended to ingest GitHub Audit logs, Please refer to GitHub Enterprise Audit Log Connector from "Data Connectors" gallery.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
Connector attribute | Description |
---|---|
Log Analytics table(s) | githubscanaudit_CL |
Data collection rules support | Not currently supported |
Supported by | Microsoft Corporation |
Query samples
GitHub Events - All Activities.
githubscanaudit_CL
| sort by TimeGenerated desc
Prerequisites
To integrate with GitHub (using Webhooks) (using Azure Functions) make sure you have:
- Microsoft.Web/sites permissions: Read and write permissions to Azure Functions to create a Function App is required. See the documentation to learn more about Azure Functions.
Vendor installation instructions
Note
This connector has been built on http trigger based Azure Function. And it provides an endpoint to which github will be connected through it's webhook capability and posts the subscribed events into Microsoft Sentinel. This might result in additional data ingestion costs. Check the Azure Functions pricing page for details.
(Optional Step) Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. Follow these instructions to use Azure Key Vault with an Azure Function App.
Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function
IMPORTANT: Before deploying the GitHub Webhook connector, have the Workspace ID and Workspace Primary Key (can be copied from the following).
Post Deployment steps
Now we are done with the github Webhook configuration. Once the github events triggered and after the delay of 20 to 30 mins (As there will be a dealy for LogAnalytics to spin up the resources for the first time), you should be able to see all the transactional events from the GitHub into LogAnalytics workspace table called "githubscanaudit_CL".
For more details, Click here
Next steps
For more information, go to the related solution in the Azure Marketplace.