Skip to content

Release history for the Splunk Add-on for Github

The latest version of the Splunk Add-on for Github is version 3.2.0. See Release notes for the Splunk Add-on for Github for the release notes of this latest version.

Version 3.1.0

Version 3.1.0 of the Splunk Add-on for GitHub was released on Oct 25, 2024.

Compatibility

Version 3.1.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 9.0.x 9.1.x, 9.2.x, 9.3.x
CIM 5.3.2
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, v3.13, Github Enterprise Cloud

New Features

  • Introduced two new modular inputs for collecting alerts from GitHub Cloud:
    • Dependabot Scanning Alerts
    • Secret Scanning Alerts
  • Added support for two new event types in sourcetypes:
    • github:cloud:dependabot:scanning:alerts
    • github:cloud:secret:scanning:alerts
  • The events from both inputs are mapped to CIM data models, and the relevant CIM fields are now properly extracted.
  • Support for UCC Dashboard

Fixed issues

Version 3.1.0 of the Splunk Add-on for GitHub has the following fixed issues:

Known issues

Version 3.1.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Third-party libraries

The Splunk Add-on for GitHub version 3.1.0 uses the following third-party libraries:

Third-party libraries for Splunk Add-on for GitHub version 3.1.0

Version 3.0.0

Version 3.0.0 of the Splunk Add-on for GitHub was released on July 23, 2024.

Compatibility

Version 3.0.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 9.0.x 9.1.x, 9.2.x
CIM 5.3.2
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, v3.13, Github Enterprise Cloud

New Features

  • Added a new modinput to collect Code Scanning Alerts from GitHub Cloud.
    • The events collected via new modinput will fall under new sourcetype github:cloud:code:scanning:alerts and is tagged with Alerts CIM data model
  • Added support for the “Start Date” field in GitHub Audit Input
    • This will enable the user to start the data collection of Audit logs from a specific date
  • Added support for the latest version of GitHub Enterprise Server - v3.13
    • Added support of 68 new events in the sourcetype github:enterprise:audit by providing CIM tagging to the events
    • The new events are mapped with CIM data models and appropriate CIM fields are extracted
  • Updated the data model mapping and CIM fields for many of the events in both the sourcetypes - github:cloud:audit & github:enterprise:audit
    • All the events that were earlier mapped to the Change:Auditing_Changes data model are now mapped with Change:All_Changes as the events were better fit with the Change:All_Changes dataset
    • The values of the CIM fields like object_category, object_attrs, command, src, src_user, and object are added or updated in the events across the sourcetype
  • Verified IPv6 compliance checks for the add-on and enhanced TA functionality accordingly
  • Added support of latest CIM version - v5.3.2
  • Fixed the security vulnerability found in the urllib3 and certifi libraries by upgrading the libraries to their version from 1.26.18 to 1.26.19 and from 2023.11.17 to 2024.7.4 respectively

Breaking changes
Sourcetype vendor_action Fields v1 v2
Added Fields Modified Fields Removed Fields
[‘github:enterprise:audit’] business.add_admin object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag src_user, user null, null github-admin, github-admin
[‘github:enterprise:audit’] org.async_delete, business.add_organization object_category, event_group, eventtype, tag, tag::eventtype organization, change_audit, github_audit_changes, audit, audit Group Management, change_all, github_all_changes
[‘github:enterprise:audit’] business.update_member_repository_creation_permission, business.advanced_security_policy_update event_group, eventtype, tag, tag::eventtype change_audit, github_audit_changes, audit, audit change_all, github_all_changes
[‘github:enterprise:audit’] business.clear_members_can_create_repos object_category, event_group, eventtype, tag, tag::eventtype Policy Management, change_audit, github_audit_changes, audit, audit Group Management, change_all, github_all_changes
[‘github:enterprise:audit’] business.referrer_override_enable, business.referrer_override_disable object_category, event_group, eventtype, tag, tag::eventtype Policy Management, change_audit, github_audit_changes, audit, audit Other, change_all, github_all_changes
[‘github:enterprise:audit’] business.remove_organization, private_repository_forking.disable, private_repository_forking.enable, org.delete, org.create object_category, event_group, eventtype, tag, tag::eventtype organization, change_audit, github_audit_changes, audit, audit Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] business.update_default_repository_permission object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] business.update_terms_of_service object, eventtype, dvc, change_type, action, tag::eventtype, event_group, dest, src, object_id, status, object_category, tag
[‘github:enterprise:audit’] config_entry.destroy, config_entry.create, config_entry.update object_category, event_group, eventtype, tag, tag::eventtype business, change_audit, github_audit_changes, audit, audit Other, change_all, github_all_changes
[‘github:enterprise:audit’] discussion_post.destroy object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] oauth_access.destroy, enterprise.config.disable_anonymous_git_access, email_role.create, enterprise.config.lock_anonymous_git_access, oauth_access.create object_category, event_group, eventtype, tag, tag::eventtype user, change_audit, github_audit_changes, audit, audit Other, change_all, github_all_changes
[‘github:enterprise:audit’] enterprise_domain.approve object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] enterprise_domain.create object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] enterprise_domain.destroy object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] hook.active_changed object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] hook.config_changed object_category, event_group, eventtype, tag, tag::eventtype hook, change_audit, github_audit_changes, audit, audit Policy Management, change_all, github_all_changes
[‘github:enterprise:audit’] hook.create, hook.destroy, hook.events_changed object_category, event_group, eventtype, tag, tag::eventtype hook, change_audit, github_audit_changes, audit, audit Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] integration.create object, eventtype, dvc, change_type, action, tag::eventtype, event_group, command, src, dest, object_id, status, object_category, tag
[‘github:enterprise:audit’] issue.update, issue.destroy object_category, event_group, eventtype, tag, tag::eventtype issue, change_audit, github_audit_changes, audit, audit Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] issue_comment.update object, object_category, event_group, eventtype, tag, tag::eventtype 1, issue, change_audit, github_audit_changes, audit, audit https://1.2.3.4/GitHub-Admin/test/issue_comments/1, Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] lockout.remove object_category user Other
[‘github:enterprise:audit’] management_console.save_settings object, eventtype, dvc, change_type, action, tag::eventtype, event_group, command, object_path, dest, object_id, user, status, object_category, tag
[‘github:enterprise:audit’] management_console.user_sign_in eventtype, dvc, tag::eventtype, action, src_user, event_group, dest, user, object_category, tag
[‘github:enterprise:audit’] newsletter_preference.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] oauth_application.create, oauth_application.transfer, oauth_application.destroy object_category, event_group, eventtype, tag, tag::eventtype oauth_application, change_audit, github_audit_changes, audit, audit Application Management, change_all, github_all_changes
[‘github:enterprise:audit’] oauth_application.remove_client_secret, oauth_application.revoke_all_tokens, oauth_application.generate_client_secret object_category, event_group, eventtype, tag, tag::eventtype oauth_application, change_audit, github_audit_changes, audit, audit Password Management, change_all, github_all_changes
[‘github:enterprise:audit’] oauth_application.revoke_tokens object_category oauth_application Password Management
[‘github:enterprise:audit’] oauth_authorization.destroy, oauth_authorization.create object_category, event_group, eventtype, tag, tag::eventtype oauth_application, change_audit, github_audit_changes, audit, audit Authorization, change_all, github_all_changes
[‘github:enterprise:audit’] org.add_member object_category organization Group Management
[‘github:enterprise:audit’] org.advanced_security_policy_selected_member_enabled, org.enable_member_team_creation_permission, org.update_member_repository_creation_permission object_category, event_group, eventtype, tag, tag::eventtype organization, change_audit, github_audit_changes, audit, audit Policy Management, change_all, github_all_changes
[‘github:enterprise:audit’] org.display_commenter_full_name_enabled object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] org.set_workflow_permission_can_approve_pr object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] organization_default_label.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] personal_access_token.access_granted object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] personal_access_token.access_revoked object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] personal_access_token.create object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] personal_access_token.credential_regenerated object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] personal_access_token.destroy object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] personal_access_token.request_created object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] project.close, project.update object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] project_view.create, project.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] project_field.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] protected_branch.create object_category, event_group, eventtype, tag, tag::eventtype branch, change_audit, github_audit_changes, audit, audit Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] protected_branch.dismiss_stale_reviews object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] protected_branch.update_admin_enforced, protected_branch.update_linear_history_requirement_enforcement_level, protected_branch.update_signature_requirement_enforcement_level, protected_branch.update_required_status_checks_enforcement_level, protected_branch.update_pull_request_reviews_enforcement_level object_category, event_group, eventtype, tag, tag::eventtype branch, change_audit, github_audit_changes, audit, audit Policy Management, change_all, github_all_changes
[‘github:enterprise:audit’] protected_branch.update_allow_deletions_enforcement_level, protected_branch.update_require_code_owner_review, protected_branch.update_allow_force_pushes_enforcement_level object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] public_key.delete, public_key.create object_category, event_group, eventtype, tag, tag::eventtype public_key, change_audit, github_audit_changes, audit, audit Key Management, change_all, github_all_changes
[‘github:enterprise:audit’] public_key.verify object_category
[‘github:enterprise:audit’] pull_request.close, pull_request.reopen, pull_request.merge object, object_category, event_group, eventtype, tag, tag::eventtype 2, pull_request, change_audit, github_audit_changes, audit, audit https://1.2.3.4/GitHub-Admin/test/pull/2, Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] pull_request.converted_to_draft, pull_request.ready_for_review object, object_category, event_group, eventtype, tag, tag::eventtype 5, pull_request, change_audit, github_audit_changes, audit, audit https://1.2.3.4/GitHub-Admin/test/pull/5, Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] pull_request.create object, object_category, event_group, eventtype, tag, tag::eventtype 1, pull_request, change_audit, github_audit_changes, audit, audit https://1.2.3.4/GitHub-Admin/test/compare/test2?expand=1, Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] pull_request_review.submit object, object_category, event_group, eventtype, tag, tag::eventtype 2, pull_request, change_audit, github_audit_changes, audit, audit https://1.2.3.4/GitHub-Admin/test/pull/2/files, Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] pull_request_review.update object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] pull_request_review_comment.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] pull_request_review_comment.delete object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] pull_request_review_comment.update object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] pull_request_review_thread.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] release.destroy object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.access object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.update_member, repo.add_member object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.archived, repo.unarchived object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.change_merge_setting object_category, event_group, eventtype, tag, tag::eventtype repo, change_audit, github_audit_changes, audit, audit Policy Management, change_all, github_all_changes
[‘github:enterprise:audit’] repo.create, repository_secret_scanning.disable, repo.destroy, repo.disk_archive object_category, event_group, eventtype, tag, tag::eventtype repo, change_audit, github_audit_changes, audit, audit Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] repo.remove_member object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.update_default_branch, repo.rename_branch object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.transfer object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.transfer_outgoing object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repository_branch_protection_evaluation.disable object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repository_projects_change.disable, repository_projects_change.enable object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] repository_ruleset.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repository_ruleset.destroy object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repository_ruleset.update object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] role.create object, eventtype, dvc, change_type, action, tag::eventtype, event_group, command, dest, status, object_category, tag
[‘github:enterprise:audit’] staff.minimize_comment object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] staff.repo_lock, staff.repo_unlock object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag
[‘github:enterprise:audit’] staff.view_audit_log object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag
[‘github:enterprise:audit’] staff.view_site_admins object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag
[‘github:enterprise:audit’] team.add_member object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] team.remove_repository, team.update_repository_permission, team.add_repository object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] team.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] team_discussions.enable, team_discussions.disable object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag
[‘github:enterprise:audit’] user.delete, user.async_delete, user.create object_category user User Management
[‘github:enterprise:audit’] user.failed_login object_category
[‘github:enterprise:audit’] user.login object_category
[‘github:enterprise:audit’] user.mandatory_message_viewed object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag
[‘github:enterprise:audit’] user.minimize_comment object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] user.reset_password object_category, event_group, eventtype, tag, tag::eventtype user, change_all, github_all_changes, , Password Management, change_account, github_account_changes, account, account
[‘github:enterprise:audit’] user_default_label.destroy object_category, event_group, eventtype, tag, tag::eventtype user_default_label, change_audit, github_audit_changes, audit, audit Other, change_all, github_all_changes
[‘github:enterprise:audit’] vulnerability_alert_rule.create object, eventtype, dvc, change_type, action, tag::eventtype, event_group, command, dest, object_id, status, object_category, tag
Sourcetype vendor_action Fields v1 v2
Added Fields Modified Fields Removed Fields
[‘github:cloud:audit’] business.advanced_security_policy_update src_user object_attrs advanced_security_policy_update business.advanced_security_policy_update
[‘github:cloud:audit’] business.clear_members_can_create_repos src_user object_attrs clear_members_can_create_repos business.clear_members_can_create_repos
[‘github:cloud:audit’] business.disable_two_factor_requirement src_user object_attrs disable_two_factor_requirement business.disable_two_factor_requirement
[‘github:cloud:audit’] business.enable_two_factor_requirement src_user object_attrs enable_two_factor_requirement business.enable_two_factor_requirement
[‘github:cloud:audit’] business.remove_member src_user object_attrs remove_member business.remove_member
[‘github:cloud:audit’] business.set_actions_fork_pr_approvals_policy src_user object_attrs set_actions_fork_pr_approvals_policy business.set_actions_fork_pr_approvals_policy
[‘github:cloud:audit’] business.set_actions_retention_limit src_user event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, set_actions_retention_limit, github_audit_changes, audit, audit change_all, business.set_actions_retention_limit, github_all_changes
[‘github:cloud:audit’] business.set_fork_pr_workflows_policy src_user event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, set_fork_pr_workflows_policy, github_audit_changes, audit, audit change_all, business.set_fork_pr_workflows_policy, github_all_changes
[‘github:cloud:audit’] business.update_actions_settings src_user object_attrs update_actions_settings business.update_actions_settings
[‘github:cloud:audit’] business.update_member_repository_creation_permission src_user object_attrs update_member_repository_creation_permission business.update_member_repository_creation_permission
[‘github:cloud:audit’] business.update_member_repository_invitation_permission src_user object_attrs update_member_repository_invitation_permission business.update_member_repository_invitation_permission
[‘github:cloud:audit’] business_secret_scanning_custom_pattern.create src_user object_attrs business_secret_scanning_custom_pattern business_secret_scanning_custom_pattern.create
[‘github:cloud:audit’] business_secret_scanning_custom_pattern.delete src_user object_attrs business_secret_scanning_custom_pattern business_secret_scanning_custom_pattern.delete
[‘github:cloud:audit’] business_secret_scanning_custom_pattern.update src_user object_attrs business_secret_scanning_custom_pattern business_secret_scanning_custom_pattern.update
[‘github:cloud:audit’] git.clone object_attrs
[‘github:cloud:audit’] git.fetch object_attrs, src_user
[‘github:cloud:audit’] git.push object_attrs, src_user
[‘github:cloud:audit’] hook.create object_attrs, src_user
[‘github:cloud:audit’] integration_installation.repositories_added src_user object_attrs integration_installation integration_installation.repositories_added
[‘github:cloud:audit’] issues.deletes_disabled src_user object_attrs deletes_disabled issues.deletes_disabled
[‘github:cloud:audit’] issues.deletes_enabled src_user object_attrs deletes_enabled issues.deletes_enabled
[‘github:cloud:audit’] issues.deletes_policy_cleared src_user event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, deletes_policy_cleared, github_audit_changes, audit, audit change_all, issues.deletes_policy_cleared, github_all_changes
[‘github:cloud:audit’] members_can_delete_repos.clear src_user object_attrs members_can_delete_repos members_can_delete_repos.clear
[‘github:cloud:audit’] members_can_delete_repos.disable src_user object_attrs members_can_delete_repos members_can_delete_repos.disable
[‘github:cloud:audit’] members_can_delete_repos.enable src_user object_attrs members_can_delete_repos members_can_delete_repos.enable
[‘github:cloud:audit’] members_can_view_dependency_insights.clear src_user object_attrs members_can_view_dependency_insights members_can_view_dependency_insights.clear
[‘github:cloud:audit’] members_can_view_dependency_insights.disable src_user object_attrs members_can_view_dependency_insights members_can_view_dependency_insights.disable
[‘github:cloud:audit’] members_can_view_dependency_insights.enable src_user object_attrs members_can_view_dependency_insights members_can_view_dependency_insights.enable
[‘github:cloud:audit’] org.accept_business_invitation src, src_user object_attrs accept_business_invitation org.accept_business_invitation
[‘github:cloud:audit’] org.add_member src object_attrs add_member org.add_member
[‘github:cloud:audit’] org.advanced_security_disabled_for_new_repos src, src_user object_attrs advanced_security_disabled_for_new_repos org.advanced_security_disabled_for_new_repos
[‘github:cloud:audit’] org.advanced_security_disabled_on_all_repos src, src_user object_attrs advanced_security_disabled_on_all_repos org.advanced_security_disabled_on_all_repos
[‘github:cloud:audit’] org.advanced_security_enabled_for_new_repos src, src_user object_attrs advanced_security_enabled_for_new_repos org.advanced_security_enabled_for_new_repos
[‘github:cloud:audit’] org.advanced_security_enabled_on_all_repos src, src_user object_attrs advanced_security_enabled_on_all_repos org.advanced_security_enabled_on_all_repos
[‘github:cloud:audit’] org.advanced_security_policy_selected_member_disabled src, src_user object_attrs advanced_security_policy_selected_member_disabled org.advanced_security_policy_selected_member_disabled
[‘github:cloud:audit’] org.advanced_security_policy_selected_member_enabled src, src_user object_attrs advanced_security_policy_selected_member_enabled org.advanced_security_policy_selected_member_enabled
[‘github:cloud:audit’] org.allow_third_party_access_requests_from_outside_collaborators_disabled src_user object_attrs allow_third_party_access_requests_from_outside_collaborators_disabled org.allow_third_party_access_requests_from_outside_collaborators_disabled
[‘github:cloud:audit’] org.allow_third_party_access_requests_from_outside_collaborators_enabled src_user object_attrs allow_third_party_access_requests_from_outside_collaborators_enabled org.allow_third_party_access_requests_from_outside_collaborators_enabled
[‘github:cloud:audit’] org.block_user src object_attrs block_user org.block_user
[‘github:cloud:audit’] org.cancel_business_invitation src, src_user object_attrs cancel_business_invitation org.cancel_business_invitation
[‘github:cloud:audit’] org.cancel_invitation src, src_user object_attrs cancel_invitation org.cancel_invitation
[‘github:cloud:audit’] org.config.disable_collaborators_only src, src_user object_attrs config.disable_collaborators_only org.config.disable_collaborators_only
[‘github:cloud:audit’] org.config.disable_contributors_only src, src_user object_attrs config.disable_contributors_only org.config.disable_contributors_only
[‘github:cloud:audit’] org.config.disable_sockpuppet_disallowed src, src_user object_attrs config.disable_sockpuppet_disallowed org.config.disable_sockpuppet_disallowed
[‘github:cloud:audit’] org.config.enable_collaborators_only src, src_user object_attrs config.enable_collaborators_only org.config.enable_collaborators_only
[‘github:cloud:audit’] org.config.enable_contributors_only src, src_user object_attrs config.enable_contributors_only org.config.enable_contributors_only
[‘github:cloud:audit’] org.config.enable_sockpuppet_disallowed src, src_user object_attrs config.enable_sockpuppet_disallowed org.config.enable_sockpuppet_disallowed
[‘github:cloud:audit’] org.confirm_business_invitation src, src_user object_attrs confirm_business_invitation org.confirm_business_invitation
[‘github:cloud:audit’] org.create src, object_attrs, src_user
[‘github:cloud:audit’] org.create_actions_secret src, src_user object_attrs create_actions_secret org.create_actions_secret
[‘github:cloud:audit’] org.create_integration_secret src, src_user object_attrs create_integration_secret org.create_integration_secret
[‘github:cloud:audit’] org.disable_member_team_creation_permission src, src_user object_attrs disable_member_team_creation_permission org.disable_member_team_creation_permission
[‘github:cloud:audit’] org.disable_oauth_app_restrictions src, src_user object_attrs disable_oauth_app_restrictions org.disable_oauth_app_restrictions
[‘github:cloud:audit’] org.disable_reader_discussion_creation_permission src, src_user object_attrs disable_reader_discussion_creation_permission org.disable_reader_discussion_creation_permission
[‘github:cloud:audit’] org.disable_saml src_user object_attrs disable_saml org.disable_saml
[‘github:cloud:audit’] org.disable_two_factor_requirement src, src_user object_attrs disable_two_factor_requirement org.disable_two_factor_requirement
[‘github:cloud:audit’] org.display_commenter_full_name_disabled src, src_user object_attrs display_commenter_full_name_disabled org.display_commenter_full_name_disabled
[‘github:cloud:audit’] org.display_commenter_full_name_enabled src, src_user object_attrs display_commenter_full_name_enabled org.display_commenter_full_name_enabled
[‘github:cloud:audit’] org.enable_member_team_creation_permission src, src_user object_attrs enable_member_team_creation_permission org.enable_member_team_creation_permission
[‘github:cloud:audit’] org.enable_oauth_app_restrictions src, src_user object_attrs enable_oauth_app_restrictions org.enable_oauth_app_restrictions
[‘github:cloud:audit’] org.enable_reader_discussion_creation_permission src, src_user object_attrs enable_reader_discussion_creation_permission org.enable_reader_discussion_creation_permission
[‘github:cloud:audit’] org.enable_saml src_user object_attrs enable_saml org.enable_saml
[‘github:cloud:audit’] org.enable_two_factor_requirement src, src_user object_attrs enable_two_factor_requirement org.enable_two_factor_requirement
[‘github:cloud:audit’] org.integration_manager_added src object_attrs integration_manager_added org.integration_manager_added
[‘github:cloud:audit’] org.integration_manager_removed src object_attrs integration_manager_removed org.integration_manager_removed
[‘github:cloud:audit’] org.invite_member src object_attrs invite_member org.invite_member
[‘github:cloud:audit’] org.oauth_app_access_approved src object_attrs oauth_app_access_approved org.oauth_app_access_approved
[‘github:cloud:audit’] org.oauth_app_access_denied src, src_user object_attrs oauth_app_access_denied org.oauth_app_access_denied
[‘github:cloud:audit’] org.remove_actions_secret src, src_user object_attrs remove_actions_secret org.remove_actions_secret
[‘github:cloud:audit’] org.remove_integration_secret src, src_user object_attrs remove_integration_secret org.remove_integration_secret
[‘github:cloud:audit’] org.remove_member src object_attrs remove_member org.remove_member
[‘github:cloud:audit’] org.remove_outside_collaborator src object_attrs remove_outside_collaborator org.remove_outside_collaborator
[‘github:cloud:audit’] org.rename src, object_attrs, src_user
[‘github:cloud:audit’] org.restore_member object_attrs restore_member org.restore_member
[‘github:cloud:audit’] org.runner_group_created src, src_user object_attrs runner_group_created org.runner_group_created
[‘github:cloud:audit’] org.runner_group_removed src, src_user object_attrs runner_group_removed org.runner_group_removed
[‘github:cloud:audit’] org.runner_group_updated src, src_user object_attrs runner_group_updated org.runner_group_updated
[‘github:cloud:audit’] org.secret_scanning_custom_pattern_push_protection_disabled src, src_user object_attrs secret_scanning_custom_pattern_push_protection_disabled org.secret_scanning_custom_pattern_push_protection_disabled
[‘github:cloud:audit’] org.secret_scanning_custom_pattern_push_protection_enabled src, src_user object_attrs secret_scanning_custom_pattern_push_protection_enabled org.secret_scanning_custom_pattern_push_protection_enabled
[‘github:cloud:audit’] org.secret_scanning_push_protection_custom_message_disabled src, src_user object_attrs secret_scanning_push_protection_custom_message_disabled org.secret_scanning_push_protection_custom_message_disabled
[‘github:cloud:audit’] org.secret_scanning_push_protection_custom_message_enabled src, src_user object_attrs secret_scanning_push_protection_custom_message_enabled org.secret_scanning_push_protection_custom_message_enabled
[‘github:cloud:audit’] org.secret_scanning_push_protection_disable src, src_user object_attrs secret_scanning_push_protection_disable org.secret_scanning_push_protection_disable
[‘github:cloud:audit’] org.secret_scanning_push_protection_enable src, src_user object_attrs secret_scanning_push_protection_enable org.secret_scanning_push_protection_enable
[‘github:cloud:audit’] org.secret_scanning_push_protection_new_repos_enable src, src_user object_attrs secret_scanning_push_protection_new_repos_enable org.secret_scanning_push_protection_new_repos_enable
[‘github:cloud:audit’] org.set_actions_fork_pr_approvals_policy src, src_user object_attrs set_actions_fork_pr_approvals_policy org.set_actions_fork_pr_approvals_policy
[‘github:cloud:audit’] org.set_actions_retention_limit src, src_user object_attrs set_actions_retention_limit org.set_actions_retention_limit
[‘github:cloud:audit’] org.set_default_workflow_permissions src, src_user object_attrs set_default_workflow_permissions org.set_default_workflow_permissions
[‘github:cloud:audit’] org.set_workflow_permission_can_approve_pr src, src_user object_attrs set_workflow_permission_can_approve_pr org.set_workflow_permission_can_approve_pr
[‘github:cloud:audit’] org.unblock_user src object_attrs unblock_user org.unblock_user
[‘github:cloud:audit’] org.update_actions_secret src, src_user object_attrs update_actions_secret org.update_actions_secret
[‘github:cloud:audit’] org.update_actions_settings src, src_user object_attrs update_actions_settings org.update_actions_settings
[‘github:cloud:audit’] org.update_default_repository_permission src, src_user object_attrs update_default_repository_permission org.update_default_repository_permission
[‘github:cloud:audit’] org.update_integration_secret src, src_user object_attrs update_integration_secret org.update_integration_secret
[‘github:cloud:audit’] org.update_member src object_attrs update_member org.update_member
[‘github:cloud:audit’] org.update_member_repository_creation_permission src, src_user object_attrs update_member_repository_creation_permission org.update_member_repository_creation_permission
[‘github:cloud:audit’] org.update_member_repository_invitation_permission src, src_user object_attrs update_member_repository_invitation_permission org.update_member_repository_invitation_permission
[‘github:cloud:audit’] org.update_new_repository_default_branch_setting src, src_user object_attrs update_new_repository_default_branch_setting org.update_new_repository_default_branch_setting
[‘github:cloud:audit’] org.update_saml_provider_settings src_user object_attrs update_saml_provider_settings org.update_saml_provider_settings
[‘github:cloud:audit’] org.update_terms_of_service src, src_user object_attrs update_terms_of_service org.update_terms_of_service
[‘github:cloud:audit’] org_credential_authorization.deauthorize src_user object_attrs org_credential_authorization org_credential_authorization.deauthorize
[‘github:cloud:audit’] org_credential_authorization.grant src_user object_attrs org_credential_authorization org_credential_authorization.grant
[‘github:cloud:audit’] organization_projects_change.clear src_user object_attrs organization_projects_change organization_projects_change.clear
[‘github:cloud:audit’] organization_projects_change.disable src_user object_attrs organization_projects_change organization_projects_change.disable
[‘github:cloud:audit’] organization_projects_change.enable src_user object_attrs organization_projects_change organization_projects_change.enable
[‘github:cloud:audit’] private_repository_forking.clear src_user object_attrs private_repository_forking private_repository_forking.clear
[‘github:cloud:audit’] private_repository_forking.disable src_user object_attrs private_repository_forking private_repository_forking.disable
[‘github:cloud:audit’] private_repository_forking.enable src_user object_attrs private_repository_forking private_repository_forking.enable
[‘github:cloud:audit’] pull_request.close object_attrs, src_user
[‘github:cloud:audit’] pull_request.create object_attrs, src_user
[‘github:cloud:audit’] pull_request.create_review_request object_attrs, src_user
[‘github:cloud:audit’] pull_request.merge object_attrs, src_user
[‘github:cloud:audit’] pull_request.ready_for_review object_attrs, src_user
[‘github:cloud:audit’] pull_request.reopen object_attrs, src_user
[‘github:cloud:audit’] repo.access object_attrs, src_user
[‘github:cloud:audit’] repo.actions_enabled src_user object_attrs actions_enabled repo.actions_enabled
[‘github:cloud:audit’] repo.add_member object_attrs add_member repo.add_member
[‘github:cloud:audit’] repo.add_topic src, src_user object_attrs add_topic repo.add_topic
[‘github:cloud:audit’] repo.advanced_security_disabled src, src_user object_attrs advanced_security_disabled repo.advanced_security_disabled
[‘github:cloud:audit’] repo.advanced_security_enabled src, src_user object_attrs advanced_security_enabled repo.advanced_security_enabled
[‘github:cloud:audit’] repo.archived src, object_attrs, src_user
[‘github:cloud:audit’] repo.change_merge_setting src_user object_attrs change_merge_setting repo.change_merge_setting
[‘github:cloud:audit’] repo.code_scanning_analysis_deleted src, src_user object_attrs code_scanning_analysis_deleted repo.code_scanning_analysis_deleted
[‘github:cloud:audit’] repo.code_scanning_configuration_for_branch_deleted src, src_user object_attrs code_scanning_configuration_for_branch_deleted repo.code_scanning_configuration_for_branch_deleted
[‘github:cloud:audit’] repo.codeql_enabled src, src_user object_attrs codeql_enabled repo.codeql_enabled
[‘github:cloud:audit’] repo.config.disable_collaborators_only src_user object_attrs config.disable_collaborators_only repo.config.disable_collaborators_only
[‘github:cloud:audit’] repo.config.disable_contributors_only src_user object_attrs config.disable_contributors_only repo.config.disable_contributors_only
[‘github:cloud:audit’] repo.config.disable_sockpuppet_disallowed src_user object_attrs config.disable_sockpuppet_disallowed repo.config.disable_sockpuppet_disallowed
[‘github:cloud:audit’] repo.config.enable_collaborators_only src_user object_attrs config.enable_collaborators_only repo.config.enable_collaborators_only
[‘github:cloud:audit’] repo.config.enable_contributors_only src_user object_attrs config.enable_contributors_only repo.config.enable_contributors_only
[‘github:cloud:audit’] repo.config.enable_sockpuppet_disallowed src_user object_attrs config.enable_sockpuppet_disallowed repo.config.enable_sockpuppet_disallowed
[‘github:cloud:audit’] repo.create object_attrs, src_user
[‘github:cloud:audit’] repo.create_actions_secret src_user object_attrs create_actions_secret repo.create_actions_secret
[‘github:cloud:audit’] repo.create_integration_secret src_user object_attrs create_integration_secret repo.create_integration_secret
[‘github:cloud:audit’] repo.destroy object_attrs, src_user
[‘github:cloud:audit’] repo.pages_cname src_user object_attrs pages_cname repo.pages_cname
[‘github:cloud:audit’] repo.pages_create src_user object_attrs pages_create repo.pages_create
[‘github:cloud:audit’] repo.pages_destroy src_user object_attrs pages_destroy repo.pages_destroy
[‘github:cloud:audit’] repo.pages_https_redirect_disabled src_user object_attrs pages_https_redirect_disabled repo.pages_https_redirect_disabled
[‘github:cloud:audit’] repo.pages_https_redirect_enabled src_user object_attrs pages_https_redirect_enabled repo.pages_https_redirect_enabled
[‘github:cloud:audit’] repo.pages_private src, src_user object_attrs pages_private repo.pages_private
[‘github:cloud:audit’] repo.pages_public src_user object_attrs pages_public repo.pages_public
[‘github:cloud:audit’] repo.pages_source src_user object_attrs pages_source repo.pages_source
[‘github:cloud:audit’] repo.register_self_hosted_runner src_user object_attrs register_self_hosted_runner repo.register_self_hosted_runner
[‘github:cloud:audit’] repo.remove_actions_secret src, src_user object_attrs remove_actions_secret repo.remove_actions_secret
[‘github:cloud:audit’] repo.remove_integration_secret src, src_user object_attrs remove_integration_secret repo.remove_integration_secret
[‘github:cloud:audit’] repo.remove_member src object_attrs remove_member repo.remove_member
[‘github:cloud:audit’] repo.remove_self_hosted_runner src, src_user object_attrs remove_self_hosted_runner repo.remove_self_hosted_runner
[‘github:cloud:audit’] repo.remove_topic src, src_user object_attrs remove_topic repo.remove_topic
[‘github:cloud:audit’] repo.rename src, object_attrs, src_user
[‘github:cloud:audit’] repo.self_hosted_runner_offline object_attrs self_hosted_runner_offline repo.self_hosted_runner_offline
[‘github:cloud:audit’] repo.self_hosted_runner_online object_attrs self_hosted_runner_online repo.self_hosted_runner_online
[‘github:cloud:audit’] repo.set_actions_fork_pr_approvals_policy src_user object_attrs set_actions_fork_pr_approvals_policy repo.set_actions_fork_pr_approvals_policy
[‘github:cloud:audit’] repo.set_actions_retention_limit src_user object_attrs set_actions_retention_limit repo.set_actions_retention_limit
[‘github:cloud:audit’] repo.transfer object_attrs, src_user
[‘github:cloud:audit’] repo.transfer_outgoing src_user object_attrs transfer_outgoing repo.transfer_outgoing
[‘github:cloud:audit’] repo.unarchived src, object_attrs, src_user
[‘github:cloud:audit’] repo.update_actions_secret src_user object_attrs update_actions_secret repo.update_actions_secret
[‘github:cloud:audit’] repo.update_actions_settings src, src_user object_attrs update_actions_settings repo.update_actions_settings
[‘github:cloud:audit’] repo.update_default_branch src_user object_attrs update_default_branch repo.update_default_branch
[‘github:cloud:audit’] repo.update_integration_secret src_user object_attrs update_integration_secret repo.update_integration_secret
[‘github:cloud:audit’] repo.update_member src object_attrs update_member repo.update_member
[‘github:cloud:audit’] repository_dependency_graph.enable src_user object_attrs repository_dependency_graph repository_dependency_graph.enable
[‘github:cloud:audit’] repository_projects_change.clear src_user object_attrs repository_projects_change repository_projects_change.clear
[‘github:cloud:audit’] repository_projects_change.disable src_user object_attrs repository_projects_change repository_projects_change.disable
[‘github:cloud:audit’] repository_projects_change.enable src_user object_attrs repository_projects_change repository_projects_change.enable
[‘github:cloud:audit’] repository_secret_scanning.enable src_user object_attrs repository_secret_scanning repository_secret_scanning.enable
[‘github:cloud:audit’] repository_secret_scanning_push_protection.disable src_user object_attrs repository_secret_scanning_push_protection repository_secret_scanning_push_protection.disable
[‘github:cloud:audit’] repository_visibility_change.clear src_user object_attrs repository_visibility_change repository_visibility_change.clear
[‘github:cloud:audit’] repository_visibility_change.disable src_user object_attrs repository_visibility_change repository_visibility_change.disable
[‘github:cloud:audit’] repository_visibility_change.enable src_user object_attrs repository_visibility_change repository_visibility_change.enable
[‘github:cloud:audit’] repository_vulnerability_alert.create object_attrs, src_user
[‘github:cloud:audit’] repository_vulnerability_alert.reopen object_attrs, src_user
[‘github:cloud:audit’] repository_vulnerability_alerts.enable src_user event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, repository_vulnerability_alerts, github_audit_changes, audit, audit change_all, repository_vulnerability_alerts.enable, github_all_changes
[‘github:cloud:audit’] team.add_member object_attrs add_member team.add_member
[‘github:cloud:audit’] team.add_repository src_user object_attrs add_repository team.add_repository
[‘github:cloud:audit’] team.change_parent_team src, src_user object_attrs change_parent_team team.change_parent_team
[‘github:cloud:audit’] team.change_privacy src, src_user object_attrs change_privacy team.change_privacy
[‘github:cloud:audit’] team.create src, object_attrs, src_user
[‘github:cloud:audit’] team.demote_maintainer src object_attrs demote_maintainer team.demote_maintainer
[‘github:cloud:audit’] team.destroy src, object_attrs, src_user
[‘github:cloud:audit’] team.promote_maintainer src object_attrs promote_maintainer team.promote_maintainer
[‘github:cloud:audit’] team.remove_member src object_attrs remove_member team.remove_member
[‘github:cloud:audit’] team.remove_repository src_user object_attrs remove_repository team.remove_repository
[‘github:cloud:audit’] team.rename src, object_attrs, src_user
[‘github:cloud:audit’] team.update_repository_permission src, src_user object_attrs update_repository_permission team.update_repository_permission
[‘github:cloud:audit’] team_discussions.clear src_user object_attrs team_discussions team_discussions.clear
[‘github:cloud:audit’] team_discussions.disable src_user object_attrs team_discussions team_discussions.disable
[‘github:cloud:audit’] team_discussions.enable src_user object_attrs team_discussions team_discussions.enable
[‘github:cloud:audit’] workflows.completed_workflow_run src_user event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, workflow_run, github_audit_changes, audit, audit change_all, workflows.completed_workflow_run, github_all_changes
[‘github:cloud:audit’] workflows.created_workflow_run src_user event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, workflow_run, github_audit_changes, audit, audit change_all, workflows.created_workflow_run, github_all_changes
[‘github:cloud:audit’] workflows.enable_workflow src_user object_attrs enable_workflow workflows.enable_workflow
[‘github:cloud:audit’] workflows.prepared_workflow_job event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, workflow_job, github_audit_changes, audit, audit change_all, workflows.prepared_workflow_job, github_all_changes

Fixed issues

Version 3.0.0 of the Splunk Add-on for GitHub has the following fixed issues:

Known issues

Version 3.0.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Third-party libraries

The Splunk Add-on for GitHub version 3.0.0 uses the following third-party libraries:

Third-party libraries for Splunk Add-on for GitHub version 3.0.0

Version 2.2.1

Version 2.2.1 of the Splunk Add-on for GitHub was released on December 11, 2023.

Compatibility

Version 2.2.1 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.1.1
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, Github Enterprise Cloud

New Features

Fixed a security vulnerability found in the Splunk Add-on for GitHub library by upgrading its version from 1.37.2 to 1.38.0

Fixed issues

Version 2.2.1 of the Splunk Add-on for GitHub has the following fixed issues:

Known issues

Version 2.2.1 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Third-party libraries

The Splunk Add-on for GitHub version 2.2.1 uses the following third-party libraries:

Third-party libraries for Splunk Add-on for GitHub version 2.2.1

Version 2.2.0

Version 2.2.0 of the Splunk Add-on for GitHub was released on July 5, 2023.

Compatibility

Version 2.2.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.1.1
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, Github Enterprise Cloud

New Features

  • Provided support of GitHub Cloud Audit events with category org, repo, and team in sourcetype github:cloud:audit.
  • Provided support of GitHub Enterprise Cloud Audit log streaming in sourcetype github:cloud:audit of the add-on.
  • Made “Account Type” field uneditable while editing a GitHub Cloud Audit Input to avoid data collection gaps.

Fixed issues

Version 2.2.0 of the Splunk Add-on for GitHub has the following fixed issues:

Known issues

Version 2.2.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Third-party libraries

The Splunk Add-on for GitHub version 2.2.0 uses the following third-party libraries:

Third-party libraries for Splunk Add-on for GitHub version 2.2.1

Version 2.1.1

Version 2.1.1 of the Splunk Add-on for GitHub was released on March 2, 2023.

Compatibility

Version 2.1.1 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.0.1
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, Github Enterprise Cloud

New Features

There are no new features in this release.There are certain bug fixes mentioned in the below section.

Fixed issues

Version 2.1.1 of the Splunk Add-on for GitHub has the following fixed issues:

  • Fixed validation issues for GitHub Cloud Audit Input.
  • Upgraded the third-party certifi library to version 2022.12.7
  • Fixed a security vulnerability found in the certifi library.

Known issues

Version 2.1.1 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Third-party libraries

The Splunk Add-on for GitHub version 2.1.1 uses the following third-party libraries:

Third-party libraries for Splunk Add-on for GitHub version 2.1.1

Version 2.1.0

Version 2.1.0 of the Splunk Add-on for GitHub was released on October 9, 2022.

Compatibility

Version 2.1.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.0.1
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, Github Enterprise Cloud

New Features

There are no new feature in this release.

Fixed issues

Version 2.1.0 of the Splunk Add-on for GitHub has the following fixed issues:

  • Fixed the checkpoint mechanism for both Audit and User inputs.
  • Enhanced input configuration validations for a better user experience.
  • Added a retry mechanism for user data collection in case of server errors.

Known issues

Version 2.1.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Third-party libraries

The Splunk Add-on for GitHub version 2.1.0 uses the following third-party libraries:

Third-party libraries for Splunk Add-on for GitHub version 2.1.0

Version 2.0.0

Version 2.0.0 of the Splunk Add-on for GitHub was released on May 27, 2022.

Compatibility

Version 2.0.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x
CIM 5.0.1
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, Github Enterprise Cloud

New Features

  • Integrated the support of data collection from the GitHub Enterprise Cloud.
  • Added the add-on UI components for Configuration and Inputs.
  • Added support to fetch audit logs for Organization and Enterprise account types.
  • Added support to fetch user metadata events from GitHub Cloud via modular inputs.
  • Added proxy and logging support in data collection.
  • Added compatibility with the latest CIM version 5.1.0 for the newly collected events from GitHub Cloud.

Fixed issues

Version 2.0.0 of the Splunk Add-on for GitHub has the following fixed issues:

Known issues

Version 2.0.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Version 1.0.0

Version 1.0.0 of the Splunk Add-on for GitHub was released on December 27, 2021.

Splunk platform versions 8.0.x, 8.1.x, 8.2.x
CIM 4.20.2
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2

New Features

  • Provides support for audit logs of GitHub Enterprise Server (GHES) for version v3.2.
  • Collects GitHub Enterprise audited actions logs using GitHub’s Log Forwarding feature on the specified Splunk server with Splunk connect for Syslog (SC4S).
  • SC4S assigns github:enterprise:audit sourcetype to all events and the logs are collected in the gitops index.
  • Added CIM mapping & extractions from scratch for the latest CIM compatible version 4.20.2.

Known issues

Version 1.0.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported: