Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Github Audit Logs (Cloud) | ✅ | ✅ | github_audit_logs | NDJSON | S3 | ||
Github Audit Logs (Server) | ✅ | ✅ | github_server_logs | Syslog | S3 |
Overview
GitHub is a provider of Internet hosting for software development and version control using Git.
Organizations that manage their code on GitHub may view and export various logs regarding the platform.
Supported data types
Github Audit Logs (Cloud)
Table name: github_audit_logs
The audit log allows organization admins to quickly review the actions performed by members of their organization. It includes details such as who performed the action, what the action was, and when it was performed.
Learn more here.
Github Audit Logs (Server)
Table name: github_server_logs
This is a similar log, differing by originating from an on-premise Github server, instead of from Github’s SaaS offering.
Learn more here.
📘Note
These logs are only available for GitHub Enterprise owners, through both GitHub Enterprise Cloud and GitHub Enterprise Server.
Send data to Hunters
Hunters supports the collection of logs from GitHub through an intermediary S3 bucket.
To connect GitHub logs:
Route your GitHub logs into an S3 bucket:
GitHub Enterprise Cloud - Click here to learn how to stream Enterprise Cloud logs from GitHub to S3.
GitHub Enterprise Server - Set up a periodic/continuous logs' stream from the on premise server to an S3 bucket.
Complete the process on the Hunters platform, following this guide.
Expected format
Github Audit Logs (Cloud)
Logs are expected in JSON format.
{"action":"git.fetch","_document_id":"ALU1IEsheliktHvAm-RvYA==","actor_location":{"country_code":"US"},"transport_protocol":2,"transport_protocol_name":"ssh","repository":"<repo>/<path>","repo":"<repo>/<path>","repository_public":false,"actor":"jenkins-deployer","org":"<name>","business":"<name>","business_id":3423,"user":"","@timestamp":1642538183423}
Github Audit Logs (Server)
Logs are expected in Syslog format.
Mar 1 12:40:42 github-<costumers_name>-<country_code> babeld[17431]: ts=2022-03-01T12:40:42.395820Z pid=1 tid=70 version=52e3281 proto=http id=314174f56617653de832ca869597af56 http_url="/<something>/<something>.git/info/refs?service=git-upload-pack" http_ua="git/2.26.2" ip=10.10.10.10 xff_ip=10.10.10.10 repo=<something>/<something> cmd=git-upload-pack ac_ms=8.561 duration_ms=8.663 sr=1646138442387.153 ss=1646138442395.816 fs_sent=0 fs_recv=0 client_recv=429 client_sent=0 fsc_ms=0.000 gpv=2 log_level=INFO msg="http op done: (401)" http_status=401 handler_code=0 imode=0