Table of Contents
Overview ↵
Splunk Add-on for GitHub¶
Version | 3.1.0 |
Vendor Products | GitHub Enterprise v3.2, v3.13, GitHub Cloud |
Add-on has a Web UI | Yes. |
The Splunk Add-on for GitHub lets you collect audit logs from the GitHub Enterprise Server (GHES) using the Log Forwarding mechanism of GitHub and extracts useful information out of it. It can also fetch the audit logs for organization and enterprise account types and user metadata events of an organization from the GitHub Cloud. The add-on also fetches Code Scanning Alerts from GitHub Cloud, which enables users to collect those alerts from organization or enterprise account types in Splunk and normalize them using CIM data models
Download the Splunk Add-on for GitHub at Splunkbase.
For a summary of new features, fixed issues, and known issues, see Release notes for the Splunk Add-on for GitHub.
For information about installing and configuring the Splunk Add-on for GitHub, see Installation overview for the Splunk Add-on for GitHub.
Hardware and software requirements for the Splunk Add-on for GitHub¶
Prerequisites:
GitHub Enterprise Server (GHES) installed on a system with log monitoring/forwarding enabled. Splunk connect for Syslog (SC4S) installed and configured with default settings.
Splunk Add-on for GitHub uses KVStore Service in data collection from GitHub Cloud, so KVStore must be up and running
Splunk admin requirements¶
To install and configure the Splunk Add-on for GitHub, you must be a member of the admin or sc_admin role.
Splunk platform requirements¶
Because this add-on runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this add-on.
- For Splunk Enterprise system requirements: see System Requirements in the Splunk Enterprise Installation Manual.
- If you are managing on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.
Installation overview for the Splunk Add-on for GitHub¶
Install the Splunk Add-on for GitHub.
- Install the add-on.
- Upgrade the add-on.
- Set up GitHub so that the Splunk platform can collect data from them.
- Configure the inputs for the add-on.
Ended: Overview
Installation, Configuration and Upgrade ↵
Install the Splunk Add-on for GitHub¶
- Get the Splunk Add-on for GitHub by downloading it from Splunkbase or browsing to it using the app browser within Splunk Web.
- Determine where and how to install this add-on in your deployment using the tables on this page.
- Perform any prerequisite steps before installing as required and specified in the following tables.
- Complete your installation.
For step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthroughs section for links to installation instructions specific to a single-instance deployment, distributed deployment, or Splunk Cloud.
Distributed deployments¶
Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise.
Where to install this add-on¶
This table provides a quick reference for installing this add-on to a distributed deployment of Splunk Enterprise.
Splunk instance type | Supported | Required | Comments |
---|---|---|---|
Search Heads | Yes | Yes | Install this add-on to all search heads that require GitHub knowledge management. |
Indexers | Yes | No | Not required, because the parsing operations occur on the heavy forwarders. |
Heavy Forwarders | Yes | Yes | Install this add-on on heavy forwarders to perform data collection via modular inputs. |
Universal Forwarders | No | No | Install this add-on on a heavy forwarder for data collection |
Distributed deployment feature compatibility¶
This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.
Distributed deployment feature | Supported | Comments | |
---|---|---|---|
Search Head Clusters | Yes | You can install this add-on on a search head cluster for all search-time functionality. | |
Indexer Clusters | Yes | Supported for deploying the Add-on. | |
Deployment Server | Yes | Supported for deploying the Add-on. |
Installation walkthroughs¶
The Splunk Add-Ons manual includes an Installing add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform.
For a walkthrough of the installation procedure, follow the link that matches your deployment scenario:
Configure your GitHub Enterprise server to send data to the Splunk Add-on for GitHub¶
To let the Splunk Add-on for GitHub collect data from your GitHub Enterprise server, configure your GitHub Enterprise server to forward logs and push it to your Splunk platform installation. For more detailed information, see the GitHub log forwarding documentation.
- On the Management Console page, click Monitoring.
- Select Enable log forwarding.
- For Server address, type the address of the server to which you want to forward logs. You can specify multiple addresses in a comma-separated list.
- In the Protocol menu, select the protocol to use to communicate with the log server, we recommend TCP. The protocol will apply to all specified log destinations.
Collect data in the add-on using GitHub Enterprise¶
Splunk Connect for Syslog¶
All production deployments should utilize Splunk Connect For Syslog to forward syslog data into the Splunk platform for GitHub Enterprise data. This solution provides improved simplicity and scalability, among other benefits. For more information, see the Splunk Connect for Syslog manual.
Validate data collection¶
Once you have configured the input, run this search to check that you are ingesting the correct expected data.
sourcetype=github:enterprise:audit
Configure GitHub Cloud to send data to the Splunk Add-on for GitHub¶
You can collect the data from your GitHub Cloud using the following approaches:
- Utilize GitHub Cloud Log Streaming to collect the data
- To collect the data using this approach, refer to “Configure your GitHub Cloud Audit Log Streaming to send data to Splunk Add-on for GitHub” page for configuring the Splunk Cloud and GitHub Cloud Audit Log Streaming
- Utilize Add-on inputs to collect the data
- To collect the data using this approach, see the following to configure Account and Inputs
Collect data using the add-on inputs¶
Before you follow the instructions on this page to set up the Splunk Add-on for Github, obtain your Personal Access Token from Github Cloud. See your GitHub Documentation for more information.
Behavior of Audit logs API¶
- Audit logs list events triggered by the activities that affect your enterprise.
- By Default, APIs will collect audit data from the past three months. The APIs retain Git events such as cloning, fetching, and pushing data for seven days.
Steps to configure an Account in Github¶
- In Splunk Web, go to the Splunk Add-on for Github, by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Github.
- Click the Configuration tab.
- Click the Github Account tab.
In the Add dialogue box, fill in the required fields:
Field | Description |
---|---|
Account Name | A unique name for your Github account. |
Personal Access Token | The token you generated on Github Cloud. Next, configure your inputs. |
(Optional) Change logging level¶
You can change the default log level () to see more granular logs such as debug or more generic logs such as only error logs. The logging level can be configured using the steps below.
- On Splunk Web, go to the Splunk Add-on for Github, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Github.
- Click the Configuration tab.
- Click the Logging tab.
- Select a new logging level from the drop-down menu.
- Click Save to save your configurations.
(Optional) Proxy setup¶
If you have proxy set up for data collection, the proxy settings can be configured by providing the details so that the data will be collected via the configured proxy.
- On Splunk Web, go to the Splunk Add-on for Github, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Github.
- Click the Configuration tab.
- Click the Proxy tab.
- Check Enable and fill in the required fields.
Github Audit Input¶
Data will be collected in github:cloud:audit source type. The fields present in the Input are as below:
Field | Type | Description |
---|---|---|
Name | Textbox | Unique Input Name |
Event Type | Dropdown | Specifies the type of events to be collected: web - web (non-Git) events, git - Git events, all - both web and Git events |
Account Type | Dropdown | The type of account for which you want to collect the data, i.e., Organization or Enterprise. This field becomes uneditable once you save the input successfully, to change this you can create a new input with the correct account type. |
Organization /Enterprise Name | Textbox | Enter a valid name of Organization or Enterprise |
Github Account | Dropdown | Select the account from the created Accounts in Configuration |
Interval | Textbox | Enter the interval for consecutive invocations in seconds |
Index | Textbox | Enter the index name in which you want to collect the data |
Start Date | Textbox | Date to start the data collection from. Accepted in specified format - YYYY-MM-DDTHH:MM:SS |
To collect the audit-logs, the user should have the admin access of the organization/enterprise and read:audit_log scope for the Personal Access Token.
Github User Input¶
Data will be collected in github:cloud:user source type. The fields present in the Input are as below:
Field | Type | Description |
---|---|---|
Name | Textbox | Unique Input Name |
Github Account | Dropdown | Select the account from the created Accounts in Configuration |
Organization /Enterprise Name | Textbox | Enter a valid name of Organization or Enterprise |
Interval | Textbox | Enter the interval for consecutive invocations in seconds |
Index | Textbox | Enter the index name in which you want to collect the data |
To collect the user data, the user should be a member of the organization and read:org scope for the Personal Access Token
Github Alerts Input¶
Data is collected specifcally using these sourcetypes:
- Code Scanning Alert: github:cloud:code:scanning:alerts
- Dependabot Scanning Alert: github:cloud:dependabot:scanning:alerts
- Secret Scanning Alert github:cloud:secret:scanning:alerts
The fields in the Input are as follows:
Field | Type | Description |
---|---|---|
Name | Textbox | Unique Input Name |
Account Type | Dropdown | The type of account for which you want to collect the data, i.e., Organization or Enterprise. This field becomes uneditable once you save the input successfully, and to change this you can create a new input with the correct account type. |
Organization /Enterprise Name | Textbox | Enter a valid name of the Organization or Enterprise. |
Github Account | Dropdown | Select the account from the created Accounts in Configuration |
Alert Type | Dropdown | Select the appropriate alert type for the events you want to ingest, such as: Code Scanning Alerts, Dependabot Scanning Alerts, Secret Scanning Alerts Splunk selects the “Code Scanning Alerts” by default. This field becomes uneditable once you successfully save the input. You must create a new input with the correct Alert type to change this field. |
State | Dropdown | The state in which you want to collect Code Scanning Alerts. Select Open, Closed, Dismissed, Fixed, or All from the list. By default, the “All” option will be considered |
Severity | Dropdown | Visible only when the user selects “Organization” Account Type. The severity in which you want to collect Code Scanning Alerts. Select Critical, High, Medium, Low, Note, Error, or All from the list. By default, the All option will be considered. |
Interval | Textbox | Enter the interval for consecutive invocations in seconds |
Index | Textbox | Enter the index name in which you want to collect the data |
Dependabot Alert Severity | Multi Select Dropdown | The severity in which you want to collect Dependabot Scanning Alerts. Visible only when the user selects “Dependabot Scanning Alert” from Alert Type dropdown. Select Critical, High, Medium, Low, and All from the list. By default, the All option will be considered. |
Dependabot Alert State | Multi Select Dropdown | The state in which you want to collect Dependabot Scanning Alerts. Visible only when the user selects “Dependabot Scanning Alert” from Alert Type dropdown. Select auto_dismissed, open, dismissed, fixed, or All from the list. By default, the All option will be considered. |
Dependaboth Alert Ecosystem | Multi Select Dropdown | The Ecosystem for which you want to collect Dependabot Scanning Alerts. Visible only when the user selects “Dependabot Scanning Alert” from Alert Type dropdown. Select rust, rubygems, pip, pub, nuget, maven, composer, go, npm, or All from the list. By default, the “All” option will be considered. |
Dependabot Alert Scope | Dropdown | Select scope of the alerts to be ingested. Visible only when the user selects “Dependabot Scanning Alert” from Alert Type dropdown. Select development or runtime or All from the list. By default, the “All” option will be considered. |
Secret Scanning Alerts Resolution | Multi Select Dropdown | The resolution in which you want to collect Secret Scanning Alerts. Visible only when the user selects “Secret Scanning Alert” from Alert Type dropdown. Select false_positive, wont_fix, revoked, pattern_edited, pattern_deleted, used_in_tests and All from the list. By default, the “All” option will be considered. |
Secret Scanning Alerts Validity | Multi Select Dropdown | The Secret Scanning Alerts Validity in which you want to collect Secret Scanning Alerts. Visible only when the user selects “Secret Scanning Alert” from Alert Type dropdown. Select active, inactive ,unknown or All from the list. By default, the All option will be considered. |
Secret Scanning State | Dropdown | The Secret Scanning Alerts state in which you want to collect Secret Scanning Alerts. Visible only when the user selects “Secret Scanning Alert” from Alert Type dropdown. Select Open or Resolved from the list. By default, the Open option will be considered. |
The fields that will be uneditable in the modinput are:
- Input Name
- Account Name
- Account Type
- Organization/Enterprise name
- State
- Severity
- Alert Type
- Dependabot Alert Severity
- Dependabot Alert State
- Ecosystem
- Dependabot Alert Scope
- Secret Scanning Alerts Resolution
- Secret Scanning Alerts and Validity
- Secret Scanning State
To collect code scanning alerts, the user should have admin access to the organization/enterprise and security_events or repo (for private or public repositories) or public_repo (for public repositories) scope for the Personal Access Token.
To collect Dependabot and secret scanning alerts, the user must be a member of Enterprise and an authenticated user of an organization owner. OAuth app tokens and personal access tokens (classic) need the security_events or repo to use this endpoint.
Validate data collection¶
Once you have configured the input, run this search to check that you are ingesting the correct expected data.
sourcetype=github:cloud:audit OR sourcetype=github:cloud:user OR souretype=github:cloud:code:scanning:alertsORgithub:cloud:dependabot:scanning:alerts OR github:cloud:secret:scanning:alerts
Configure GitHub Cloud Audit Log Streaming to send data to Splunk Add-on for GitHub¶
This section provides the steps to configure the GitHub Cloud Audit Log Streaming to send the audit logs data from GitHub Cloud to Splunk Cloud
The Splunk Cloud instance on which you want to receive Log Streaming data must be a Public Splunk Cloud
Splunk Configuration¶
Create a HEC token:
- Click Settings > Add Data.
- Click Monitor.
- Click HTTP Event Collector
- Enter a Name for the token.
- (Optional) For Source name override, enter a name for a source to be assigned to events that this endpoint generates.
- (Optional) For Description, enter a description for the input.
- (Optional) To enable indexer acknowledgment for the token, check Enable indexer acknowledgment.
- Click Next.
- Make edits to source type and confirm the index where you want HEC events to be stored. Make the sourcetype github:cloud:audit.
- Click Review.
- Confirm the settings for your endpoint, then click Submit.
- Copy the token value that Splunk Web displays, this token will be used to configure audit log streaming in GitHub
GitHub Cloud Configuration¶
-
In the top-right corner, click on your profile photo, then click Your enterprises.
-
Select the enterprise you want to view.
- In the Enterprise Account sidebar, click Settings.
- In Settings, select Audit log.
- Under “Audit log”, click Log streaming.
-
In the Configure stream menu select Splunk.
- On the configuration page, enter the following details:
- The domain on which the application you want to stream to is hosted.
If you’re using Splunk Cloud, the domain should be http-inputs-, where host is the domain you use in Splunk Cloud. For example, http-inputs-mycompany.splunkcloud.com. If you’re using the free trial version of Splunk Cloud, the domain should be inputs., where host is the domain you use in Splunk Cloud. For example, inputs.mycompany.splunkcloud.com.
- The port on which the application accepts data.
If you’re using Splunk Cloud and haven’t changed the port configuration, Port should be 443. If you’re using the free trial version of Splunk Cloud, Port should be 8088.
-
Make sure that Enable SSL verification selected.
- Click Check endpoint to verify that GitHub can connect and write to the Splunk endpoint.
- After you have successfully verified the endpoint, click Save.
Upgrade the Splunk Add-on for GitHub¶
Upgrade from version 2.0.0 to version 2.1.0 or later of the Splunk Add-on GitHub¶
There are no additional steps required for this version upgrade. See the Install the Splunk Add-on for GitHub topic in this manual.
Ended: Installation, Configuration and Upgrade
Troubleshooting ↵
Troubleshoot the Splunk Add-on for GitHub¶
For helpful troubleshooting tips that you can apply to all add-ons, see Troubleshoot add-ons in Splunk Add-ons. For additional resources, see Support and resource links for add-ons in Splunk Add-ons.
If the add-on fails to collect data, check whether the ‘gitops’ index is created. Then check whether the log monitoring/forwarding is enabled on the GitHub Enterprise Server with the correct splunk instance IP/host and port information.
If the fields are not extracted check whether SC4S and the Splunk add-on for GitHub are installed correctly.
Issues with Data Collection or Configuration via Modinputs¶
If you experience issues with data collection or addon configuration via mod inputs, you might be setting permissions incorrectly for the Personal Access Token used to collect data. Refer to Configure inputs using Splunk Add-on for GitHub for instructions to set required permissions for Personal Access Token to collect data.
Rate Limit for GitHub Cloud Audit Log API¶
The GitHub Cloud Audit Log API allows 1750 API calls in an hour and each API call allows 100 records to be fetched If the limit is exhausted, the user would have to wait till the API limit resets
Ended: Troubleshooting
Reference ↵
Lookups for the Splunk Add-on for GitHub¶
The Splunk Add-on for GitHub has the following lookups. The lookups files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_github/lookups
File name | Description |
---|---|
github_action_related_info_300.csv | Outputs action, status, change_type, and event_group based on action in the event. |
github_cloud_action_lookup_300.csv | Oututs event_group, action, change_type, and object_category based on action in the event |
Source types for the Splunk Add-on for GitHub¶
The Splunk Add-on for GitHub has the following sourcetypes.
Source type | Event type | CIM data models |
---|---|---|
github:enterprise:audit | github_authentication | Authentication |
github_all_changes | Change | |
github_account_changes | Change Account Management | |
github_audit_changes | Change Auditing Changes | |
github:cloud:audit | github_alert | Alert |
github_all_changes | Change | |
github_account_changes | Change Account Management | |
github_audit_changes | Change Auditing Changes | |
github:cloud:user | github_cloud_user | User |
github:cloud:code:scanning:alerts | github_code_scanning_alerts | Alert |
github:cloud:dependabot:scanning:alerts | github_dependabot_scanning_alerts | Alert |
github:cloud:secret:scanning:alerts | github_secret_scanning_alerts | Alert |
CIM Compatibility for GitHub Cloud Audit Logs¶
The following data models are mapped in the sourcetype github:cloud:audit of the add-on corresponding to the vendor_action.
Datamodel mapped | vendor_action |
---|---|
Change:All_Changes | org.rename, org.update_terms_of_service, org.create, org.update_actions_secret, org.create_actions_secret, org.set_actions_fork_pr_approvals_policy, org.set_actions_retention_limit, org.set_workflow_permission_can_approve_pr, org.set_default_workflow_permissions, org.update_actions_settings, org.secret_scanning_push_protection_disable, org.secret_scanning_push_protection_enable, org.secret_scanning_push_protection_custom_message_enabled, org.secret_scanning_push_protection_custom_message_disabled, org.secret_scanning_push_protection_new_repos_enable, org.secret_scanning_custom_pattern_push_protection_disabled, org.secret_scanning_custom_pattern_push_protection_enabled, repo.access, org.runner_group_updated, org.runner_group_created, org.runner_group_removed, org.config.disable_collaborators_only, org.config.enable_collaborators_only, org.update_member_repository_invitation_permission, org.enable_two_factor_requirement, org.remove_integration_secret, org.remove_actions_secret, repo.self_hosted_runner_offline, repo.self_hosted_runner_online, org.oauth_app_access_denied, org.enable_oauth_app_restrictions, org.disable_oauth_app_restrictions, org.oauth_app_access_approved, org.allow_third_party_access_requests_from_outside_collaborators_enabled, org.allow_third_party_access_requests_from_outside_collaborators_disabled, org.enable_reader_discussion_creation_permission, org.disable_reader_discussion_creation_permission, org.enable_member_team_creation_permission, org.disable_member_team_creation_permission, org.display_commenter_full_name_disabled, org.display_commenter_full_name_enabled, org.disable_two_factor_requirement, org.update_integration_secret, org.create_integration_secret, org.confirm_business_invitation, org.accept_business_invitation, org.config.disable_contributors_only, org.config.enable_contributors_only, org.config.disable_sockpuppet_disallowed, org.config.enable_sockpuppet_disallowed, org.update_new_repository_default_branch_setting, org.update_member_repository_creation_permission, org.update_default_repository_permission, org.cancel_invitation, org.cancel_business_invitation, org.advanced_security_policy_selected_member_enabled, org.advanced_security_policy_selected_member_disabled, repo.advanced_security_disabled, org.advanced_security_disabled_on_all_repos, repo.advanced_security_enabled, org.advanced_security_enabled_on_all_repos, org.advanced_security_disabled_for_new_repos, org.advanced_security_enabled_for_new_repos, repo.update_default_branch, repo.update_integration_secret, repo.update_actions_secret, repo.create_actions_secret, repo.transfer, team.add_repository, repo.actions_enabled, repo.transfer_outgoing, team.remove_repository, repo.register_self_hosted_runner, repo.set_actions_retention_limit, repo.set_actions_fork_pr_approvals_policy, repo.pages_public, repo.update_actions_settings, repo.rename, repo.remove_topic, repo.remove_integration_secret, repo.remove_actions_secret, repo.remove_self_hosted_runner, repo.pages_private, repo.pages_cname, repo.pages_https_redirect_enabled, repo.pages_https_redirect_disabled, repo.pages_source, repo.pages_create, repo.pages_destroy, repo.create, repo.change_merge_setting, repo.destroy, repo.create_integration_secret, repo.config.disable_sockpuppet_disallowed, repo.config.enable_sockpuppet_disallowed, repo.config.disable_collaborators_only, repo.config.enable_collaborators_only, repo.config.disable_contributors_only, repo.config.enable_contributors_only, repo.code_scanning_configuration_for_branch_deleted, repo.code_scanning_analysis_deleted, repo.codeql_enabled, repo.add_topic, team.update_repository_permission, team.create, team.destroy, repo.unarchived, repo.archived, team.change_privacy, team.rename, team.change_parent_team, org.update_saml_provider_settings, org.enable_saml, org.disable_saml, business.disable_two_factor_requirement, business.enable_two_factor_requirement, business.remove_member, pull_request.ready_for_review, business_secret_scanning_custom_pattern.delete, business_secret_scanning_custom_pattern.update, business_secret_scanning_custom_pattern.create, business.advanced_security_policy_update, members_can_view_dependency_insights.clear, members_can_view_dependency_insights.disable, members_can_view_dependency_insights.enable, team_discussions.clear, team_discussions.disable, team_discussions.enable, repository_projects_change.clear, repository_projects_change.disable, repository_projects_change.enable, organization_projects_change.clear, organization_projects_change.disable, organization_projects_change.enable, pull_request.create_review_request, business.set_actions_fork_pr_approvals_policy, business.update_actions_settings, issues.deletes_disabled, issues.deletes_enabled, members_can_delete_repos.clear, members_can_delete_repos.disable, members_can_delete_repos.enable, repository_visibility_change.clear, repository_visibility_change.disable, repository_visibility_change.enable, business.update_member_repository_invitation_permission, private_repository_forking.clear, private_repository_forking.disable, private_repository_forking.enable, business.clear_members_can_create_repos, business.update_member_repository_creation_permission, git.fetch, pull_request.merge, git.push, git.clone, pull_request.create, pull_request.close, hook.create, repository_dependency_graph.enable, repository_secret_scanning.enable, pull_request.reopen, org_credential_authorization.deauthorize, org_credential_authorization.grant, workflows.enable_workflow, integration_installation.repositories_added, repository_secret_scanning_push_protection.disable, business.set_fork_pr_workflows_policy, business.set_actions_retention_limit, issues.deletes_policy_cleared, workflows.completed_workflow_run, workflows.prepared_workflow_job, workflows.created_workflow_run, repository_vulnerability_alerts.enable |
Change:Account_Management | org.add_member, org.remove_outside_collaborator, repo.remove_member, team.remove_member, org.remove_member, org.integration_manager_removed, org.integration_manager_added, org.update_member, org.restore_member, repo.add_member, team.add_member, org.invite_member, org.unblock_user, org.block_user, repo.update_member, team.demote_maintainer, team.promote_maintainer |
Alerts | repository_vulnerability_alert.create, repository_vulnerability_alert.reopen |
Ended: Reference
Release Notes ↵
Release notes for the Splunk Add-on for GitHub¶
Version 3.1.0 of the Splunk Add-on for GitHub was released on Oct 25, 2024.
Compatibility¶
Version 3.1.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 9.0.x 9.1.x, 9.2.x, 9.3.x |
---|---|
CIM | 5.3.2 |
Platforms | Platform independent |
Vendor Products | GitHub Enterprise v3.2, v3.13, Github Enterprise Cloud |
New Features¶
- Introduced two new modular inputs for collecting alerts from GitHub Cloud:
- Dependabot Scanning Alerts
- Secret Scanning Alerts
- Added support for two new event types in sourcetypes:
- github:cloud:dependabot:scanning:alerts
- github:cloud:secret:scanning:alerts
- The events from both inputs are mapped to CIM data models, and the relevant CIM fields are now properly extracted.
- Support for UCC Dashboard
Fixed issues¶
Version 3.1.0 of the Splunk Add-on for GitHub has the following fixed issues:
Known issues¶
Version 3.1.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party libraries¶
The Splunk Add-on for GitHub version 3.1.0 uses the following third-party libraries:
Third-party libraries for Splunk Add-on for GitHub version 3.1.0
Release history for the Splunk Add-on for Github¶
The latest version of the Splunk Add-on for Github is version 3.1.0. See Release notes for the Splunk Add-on for Github for the release notes of this latest version.
Version 3.0.0¶
Version 3.0.0 of the Splunk Add-on for GitHub was released on July 23, 2024.
Compatibility¶
Version 3.0.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 9.0.x 9.1.x, 9.2.x |
---|---|
CIM | 5.3.2 |
Platforms | Platform independent |
Vendor Products | GitHub Enterprise v3.2, v3.13, Github Enterprise Cloud |
New Features¶
- Added a new modinput to collect Code Scanning Alerts from GitHub Cloud.
- The events collected via new modinput will fall under new sourcetype github:cloud:code:scanning:alerts and is tagged with Alerts CIM data model
- Added support for the “Start Date” field in GitHub Audit Input
- This will enable the user to start the data collection of Audit logs from a specific date
- Added support for the latest version of GitHub Enterprise Server - v3.13
- Added support of 68 new events in the sourcetype
github:enterprise:audit
by providing CIM tagging to the events - The new events are mapped with CIM data models and appropriate CIM fields are extracted
- Added support of 68 new events in the sourcetype
- Updated the data model mapping and CIM fields for many of the events in both the sourcetypes -
github:cloud:audit
&github:enterprise:audit
- All the events that were earlier mapped to the Change:Auditing_Changes data model are now mapped with Change:All_Changes as the events were better fit with the Change:All_Changes dataset
- The values of the CIM fields like object_category, object_attrs, command, src, src_user, and object are added or updated in the events across the sourcetype
- Verified IPv6 compliance checks for the add-on and enhanced TA functionality accordingly
- Added support of latest CIM version - v5.3.2
- Fixed the security vulnerability found in the urllib3 and certifi libraries by upgrading the libraries to their version from 1.26.18 to 1.26.19 and from 2023.11.17 to 2024.7.4 respectively
Breaking changes¶
Sourcetype | vendor_action | Fields | v1 | v2 | ||
Added Fields | Modified Fields | Removed Fields | ||||
[‘github:enterprise:audit’] | business.add_admin | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | src_user, user | null, null | github-admin, github-admin | |
[‘github:enterprise:audit’] | org.async_delete, business.add_organization | object_category, event_group, eventtype, tag, tag::eventtype | organization, change_audit, github_audit_changes, audit, audit | Group Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | business.update_member_repository_creation_permission, business.advanced_security_policy_update | event_group, eventtype, tag, tag::eventtype | change_audit, github_audit_changes, audit, audit | change_all, github_all_changes | ||
[‘github:enterprise:audit’] | business.clear_members_can_create_repos | object_category, event_group, eventtype, tag, tag::eventtype | Policy Management, change_audit, github_audit_changes, audit, audit | Group Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | business.referrer_override_enable, business.referrer_override_disable | object_category, event_group, eventtype, tag, tag::eventtype | Policy Management, change_audit, github_audit_changes, audit, audit | Other, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | business.remove_organization, private_repository_forking.disable, private_repository_forking.enable, org.delete, org.create | object_category, event_group, eventtype, tag, tag::eventtype | organization, change_audit, github_audit_changes, audit, audit | Resource Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | business.update_default_repository_permission | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | business.update_terms_of_service | object, eventtype, dvc, change_type, action, tag::eventtype, event_group, dest, src, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | config_entry.destroy, config_entry.create, config_entry.update | object_category, event_group, eventtype, tag, tag::eventtype | business, change_audit, github_audit_changes, audit, audit | Other, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | discussion_post.destroy | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | oauth_access.destroy, enterprise.config.disable_anonymous_git_access, email_role.create, enterprise.config.lock_anonymous_git_access, oauth_access.create | object_category, event_group, eventtype, tag, tag::eventtype | user, change_audit, github_audit_changes, audit, audit | Other, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | enterprise_domain.approve | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | enterprise_domain.create | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | enterprise_domain.destroy | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | hook.active_changed | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | hook.config_changed | object_category, event_group, eventtype, tag, tag::eventtype | hook, change_audit, github_audit_changes, audit, audit | Policy Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | hook.create, hook.destroy, hook.events_changed | object_category, event_group, eventtype, tag, tag::eventtype | hook, change_audit, github_audit_changes, audit, audit | Resource Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | integration.create | object, eventtype, dvc, change_type, action, tag::eventtype, event_group, command, src, dest, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | issue.update, issue.destroy | object_category, event_group, eventtype, tag, tag::eventtype | issue, change_audit, github_audit_changes, audit, audit | Resource Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | issue_comment.update | object, object_category, event_group, eventtype, tag, tag::eventtype | 1, issue, change_audit, github_audit_changes, audit, audit | https://1.2.3.4/GitHub-Admin/test/issue_comments/1, Resource Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | lockout.remove | object_category | user | Other | ||
[‘github:enterprise:audit’] | management_console.save_settings | object, eventtype, dvc, change_type, action, tag::eventtype, event_group, command, object_path, dest, object_id, user, status, object_category, tag | ||||
[‘github:enterprise:audit’] | management_console.user_sign_in | eventtype, dvc, tag::eventtype, action, src_user, event_group, dest, user, object_category, tag | ||||
[‘github:enterprise:audit’] | newsletter_preference.create | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | oauth_application.create, oauth_application.transfer, oauth_application.destroy | object_category, event_group, eventtype, tag, tag::eventtype | oauth_application, change_audit, github_audit_changes, audit, audit | Application Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | oauth_application.remove_client_secret, oauth_application.revoke_all_tokens, oauth_application.generate_client_secret | object_category, event_group, eventtype, tag, tag::eventtype | oauth_application, change_audit, github_audit_changes, audit, audit | Password Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | oauth_application.revoke_tokens | object_category | oauth_application | Password Management | ||
[‘github:enterprise:audit’] | oauth_authorization.destroy, oauth_authorization.create | object_category, event_group, eventtype, tag, tag::eventtype | oauth_application, change_audit, github_audit_changes, audit, audit | Authorization, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | org.add_member | object_category | organization | Group Management | ||
[‘github:enterprise:audit’] | org.advanced_security_policy_selected_member_enabled, org.enable_member_team_creation_permission, org.update_member_repository_creation_permission | object_category, event_group, eventtype, tag, tag::eventtype | organization, change_audit, github_audit_changes, audit, audit | Policy Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | org.display_commenter_full_name_enabled | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | org.set_workflow_permission_can_approve_pr | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | organization_default_label.create | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | personal_access_token.access_granted | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | personal_access_token.access_revoked | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | personal_access_token.create | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | personal_access_token.credential_regenerated | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | personal_access_token.destroy | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | personal_access_token.request_created | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | project.close, project.update | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | project_view.create, project.create | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | project_field.create | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | protected_branch.create | object_category, event_group, eventtype, tag, tag::eventtype | branch, change_audit, github_audit_changes, audit, audit | Resource Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | protected_branch.dismiss_stale_reviews | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | protected_branch.update_admin_enforced, protected_branch.update_linear_history_requirement_enforcement_level, protected_branch.update_signature_requirement_enforcement_level, protected_branch.update_required_status_checks_enforcement_level, protected_branch.update_pull_request_reviews_enforcement_level | object_category, event_group, eventtype, tag, tag::eventtype | branch, change_audit, github_audit_changes, audit, audit | Policy Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | protected_branch.update_allow_deletions_enforcement_level, protected_branch.update_require_code_owner_review, protected_branch.update_allow_force_pushes_enforcement_level | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | public_key.delete, public_key.create | object_category, event_group, eventtype, tag, tag::eventtype | public_key, change_audit, github_audit_changes, audit, audit | Key Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | public_key.verify | object_category | ||||
[‘github:enterprise:audit’] | pull_request.close, pull_request.reopen, pull_request.merge | object, object_category, event_group, eventtype, tag, tag::eventtype | 2, pull_request, change_audit, github_audit_changes, audit, audit | https://1.2.3.4/GitHub-Admin/test/pull/2, Resource Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | pull_request.converted_to_draft, pull_request.ready_for_review | object, object_category, event_group, eventtype, tag, tag::eventtype | 5, pull_request, change_audit, github_audit_changes, audit, audit | https://1.2.3.4/GitHub-Admin/test/pull/5, Resource Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | pull_request.create | object, object_category, event_group, eventtype, tag, tag::eventtype | 1, pull_request, change_audit, github_audit_changes, audit, audit | https://1.2.3.4/GitHub-Admin/test/compare/test2?expand=1, Resource Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | pull_request_review.submit | object, object_category, event_group, eventtype, tag, tag::eventtype | 2, pull_request, change_audit, github_audit_changes, audit, audit | https://1.2.3.4/GitHub-Admin/test/pull/2/files, Resource Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | pull_request_review.update | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | pull_request_review_comment.create | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | pull_request_review_comment.delete | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | pull_request_review_comment.update | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | pull_request_review_thread.create | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | release.destroy | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | repo.access | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | repo.update_member, repo.add_member | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | repo.archived, repo.unarchived | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | repo.change_merge_setting | object_category, event_group, eventtype, tag, tag::eventtype | repo, change_audit, github_audit_changes, audit, audit | Policy Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | repo.create, repository_secret_scanning.disable, repo.destroy, repo.disk_archive | object_category, event_group, eventtype, tag, tag::eventtype | repo, change_audit, github_audit_changes, audit, audit | Resource Management, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | repo.remove_member | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | repo.update_default_branch, repo.rename_branch | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | repo.transfer | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | repo.transfer_outgoing | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | repository_branch_protection_evaluation.disable | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | repository_projects_change.disable, repository_projects_change.enable | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | repository_ruleset.create | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | repository_ruleset.destroy | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | repository_ruleset.update | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | role.create | object, eventtype, dvc, change_type, action, tag::eventtype, event_group, command, dest, status, object_category, tag | ||||
[‘github:enterprise:audit’] | staff.minimize_comment | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | staff.repo_lock, staff.repo_unlock | object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag | ||||
[‘github:enterprise:audit’] | staff.view_audit_log | object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag | ||||
[‘github:enterprise:audit’] | staff.view_site_admins | object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag | ||||
[‘github:enterprise:audit’] | team.add_member | object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | team.remove_repository, team.update_repository_permission, team.add_repository | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | team.create | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | team_discussions.enable, team_discussions.disable | object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag | ||||
[‘github:enterprise:audit’] | user.delete, user.async_delete, user.create | object_category | user | User Management | ||
[‘github:enterprise:audit’] | user.failed_login | object_category | ||||
[‘github:enterprise:audit’] | user.login | object_category | ||||
[‘github:enterprise:audit’] | user.mandatory_message_viewed | object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag | ||||
[‘github:enterprise:audit’] | user.minimize_comment | object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag | ||||
[‘github:enterprise:audit’] | user.reset_password | object_category, event_group, eventtype, tag, tag::eventtype | user, change_all, github_all_changes, , | Password Management, change_account, github_account_changes, account, account | ||
[‘github:enterprise:audit’] | user_default_label.destroy | object_category, event_group, eventtype, tag, tag::eventtype | user_default_label, change_audit, github_audit_changes, audit, audit | Other, change_all, github_all_changes | ||
[‘github:enterprise:audit’] | vulnerability_alert_rule.create | object, eventtype, dvc, change_type, action, tag::eventtype, event_group, command, dest, object_id, status, object_category, tag |
Sourcetype | vendor_action | Fields | v1 | v2 | ||
---|---|---|---|---|---|---|
Added Fields | Modified Fields | Removed Fields | ||||
[‘github:cloud:audit’] | business.advanced_security_policy_update | src_user | object_attrs | advanced_security_policy_update | business.advanced_security_policy_update | |
[‘github:cloud:audit’] | business.clear_members_can_create_repos | src_user | object_attrs | clear_members_can_create_repos | business.clear_members_can_create_repos | |
[‘github:cloud:audit’] | business.disable_two_factor_requirement | src_user | object_attrs | disable_two_factor_requirement | business.disable_two_factor_requirement | |
[‘github:cloud:audit’] | business.enable_two_factor_requirement | src_user | object_attrs | enable_two_factor_requirement | business.enable_two_factor_requirement | |
[‘github:cloud:audit’] | business.remove_member | src_user | object_attrs | remove_member | business.remove_member | |
[‘github:cloud:audit’] | business.set_actions_fork_pr_approvals_policy | src_user | object_attrs | set_actions_fork_pr_approvals_policy | business.set_actions_fork_pr_approvals_policy | |
[‘github:cloud:audit’] | business.set_actions_retention_limit | src_user | event_group, object_attrs, eventtype, tag, tag::eventtype | change_audit, set_actions_retention_limit, github_audit_changes, audit, audit | change_all, business.set_actions_retention_limit, github_all_changes | |
[‘github:cloud:audit’] | business.set_fork_pr_workflows_policy | src_user | event_group, object_attrs, eventtype, tag, tag::eventtype | change_audit, set_fork_pr_workflows_policy, github_audit_changes, audit, audit | change_all, business.set_fork_pr_workflows_policy, github_all_changes | |
[‘github:cloud:audit’] | business.update_actions_settings | src_user | object_attrs | update_actions_settings | business.update_actions_settings | |
[‘github:cloud:audit’] | business.update_member_repository_creation_permission | src_user | object_attrs | update_member_repository_creation_permission | business.update_member_repository_creation_permission | |
[‘github:cloud:audit’] | business.update_member_repository_invitation_permission | src_user | object_attrs | update_member_repository_invitation_permission | business.update_member_repository_invitation_permission | |
[‘github:cloud:audit’] | business_secret_scanning_custom_pattern.create | src_user | object_attrs | business_secret_scanning_custom_pattern | business_secret_scanning_custom_pattern.create | |
[‘github:cloud:audit’] | business_secret_scanning_custom_pattern.delete | src_user | object_attrs | business_secret_scanning_custom_pattern | business_secret_scanning_custom_pattern.delete | |
[‘github:cloud:audit’] | business_secret_scanning_custom_pattern.update | src_user | object_attrs | business_secret_scanning_custom_pattern | business_secret_scanning_custom_pattern.update | |
[‘github:cloud:audit’] | git.clone | object_attrs | ||||
[‘github:cloud:audit’] | git.fetch | object_attrs, src_user | ||||
[‘github:cloud:audit’] | git.push | object_attrs, src_user | ||||
[‘github:cloud:audit’] | hook.create | object_attrs, src_user | ||||
[‘github:cloud:audit’] | integration_installation.repositories_added | src_user | object_attrs | integration_installation | integration_installation.repositories_added | |
[‘github:cloud:audit’] | issues.deletes_disabled | src_user | object_attrs | deletes_disabled | issues.deletes_disabled | |
[‘github:cloud:audit’] | issues.deletes_enabled | src_user | object_attrs | deletes_enabled | issues.deletes_enabled | |
[‘github:cloud:audit’] | issues.deletes_policy_cleared | src_user | event_group, object_attrs, eventtype, tag, tag::eventtype | change_audit, deletes_policy_cleared, github_audit_changes, audit, audit | change_all, issues.deletes_policy_cleared, github_all_changes | |
[‘github:cloud:audit’] | members_can_delete_repos.clear | src_user | object_attrs | members_can_delete_repos | members_can_delete_repos.clear | |
[‘github:cloud:audit’] | members_can_delete_repos.disable | src_user | object_attrs | members_can_delete_repos | members_can_delete_repos.disable | |
[‘github:cloud:audit’] | members_can_delete_repos.enable | src_user | object_attrs | members_can_delete_repos | members_can_delete_repos.enable | |
[‘github:cloud:audit’] | members_can_view_dependency_insights.clear | src_user | object_attrs | members_can_view_dependency_insights | members_can_view_dependency_insights.clear | |
[‘github:cloud:audit’] | members_can_view_dependency_insights.disable | src_user | object_attrs | members_can_view_dependency_insights | members_can_view_dependency_insights.disable | |
[‘github:cloud:audit’] | members_can_view_dependency_insights.enable | src_user | object_attrs | members_can_view_dependency_insights | members_can_view_dependency_insights.enable | |
[‘github:cloud:audit’] | org.accept_business_invitation | src, src_user | object_attrs | accept_business_invitation | org.accept_business_invitation | |
[‘github:cloud:audit’] | org.add_member | src | object_attrs | add_member | org.add_member | |
[‘github:cloud:audit’] | org.advanced_security_disabled_for_new_repos | src, src_user | object_attrs | advanced_security_disabled_for_new_repos | org.advanced_security_disabled_for_new_repos | |
[‘github:cloud:audit’] | org.advanced_security_disabled_on_all_repos | src, src_user | object_attrs | advanced_security_disabled_on_all_repos | org.advanced_security_disabled_on_all_repos | |
[‘github:cloud:audit’] | org.advanced_security_enabled_for_new_repos | src, src_user | object_attrs | advanced_security_enabled_for_new_repos | org.advanced_security_enabled_for_new_repos | |
[‘github:cloud:audit’] | org.advanced_security_enabled_on_all_repos | src, src_user | object_attrs | advanced_security_enabled_on_all_repos | org.advanced_security_enabled_on_all_repos | |
[‘github:cloud:audit’] | org.advanced_security_policy_selected_member_disabled | src, src_user | object_attrs | advanced_security_policy_selected_member_disabled | org.advanced_security_policy_selected_member_disabled | |
[‘github:cloud:audit’] | org.advanced_security_policy_selected_member_enabled | src, src_user | object_attrs | advanced_security_policy_selected_member_enabled | org.advanced_security_policy_selected_member_enabled | |
[‘github:cloud:audit’] | org.allow_third_party_access_requests_from_outside_collaborators_disabled | src_user | object_attrs | allow_third_party_access_requests_from_outside_collaborators_disabled | org.allow_third_party_access_requests_from_outside_collaborators_disabled | |
[‘github:cloud:audit’] | org.allow_third_party_access_requests_from_outside_collaborators_enabled | src_user | object_attrs | allow_third_party_access_requests_from_outside_collaborators_enabled | org.allow_third_party_access_requests_from_outside_collaborators_enabled | |
[‘github:cloud:audit’] | org.block_user | src | object_attrs | block_user | org.block_user | |
[‘github:cloud:audit’] | org.cancel_business_invitation | src, src_user | object_attrs | cancel_business_invitation | org.cancel_business_invitation | |
[‘github:cloud:audit’] | org.cancel_invitation | src, src_user | object_attrs | cancel_invitation | org.cancel_invitation | |
[‘github:cloud:audit’] | org.config.disable_collaborators_only | src, src_user | object_attrs | config.disable_collaborators_only | org.config.disable_collaborators_only | |
[‘github:cloud:audit’] | org.config.disable_contributors_only | src, src_user | object_attrs | config.disable_contributors_only | org.config.disable_contributors_only | |
[‘github:cloud:audit’] | org.config.disable_sockpuppet_disallowed | src, src_user | object_attrs | config.disable_sockpuppet_disallowed | org.config.disable_sockpuppet_disallowed | |
[‘github:cloud:audit’] | org.config.enable_collaborators_only | src, src_user | object_attrs | config.enable_collaborators_only | org.config.enable_collaborators_only | |
[‘github:cloud:audit’] | org.config.enable_contributors_only | src, src_user | object_attrs | config.enable_contributors_only | org.config.enable_contributors_only | |
[‘github:cloud:audit’] | org.config.enable_sockpuppet_disallowed | src, src_user | object_attrs | config.enable_sockpuppet_disallowed | org.config.enable_sockpuppet_disallowed | |
[‘github:cloud:audit’] | org.confirm_business_invitation | src, src_user | object_attrs | confirm_business_invitation | org.confirm_business_invitation | |
[‘github:cloud:audit’] | org.create | src, object_attrs, src_user | ||||
[‘github:cloud:audit’] | org.create_actions_secret | src, src_user | object_attrs | create_actions_secret | org.create_actions_secret | |
[‘github:cloud:audit’] | org.create_integration_secret | src, src_user | object_attrs | create_integration_secret | org.create_integration_secret | |
[‘github:cloud:audit’] | org.disable_member_team_creation_permission | src, src_user | object_attrs | disable_member_team_creation_permission | org.disable_member_team_creation_permission | |
[‘github:cloud:audit’] | org.disable_oauth_app_restrictions | src, src_user | object_attrs | disable_oauth_app_restrictions | org.disable_oauth_app_restrictions | |
[‘github:cloud:audit’] | org.disable_reader_discussion_creation_permission | src, src_user | object_attrs | disable_reader_discussion_creation_permission | org.disable_reader_discussion_creation_permission | |
[‘github:cloud:audit’] | org.disable_saml | src_user | object_attrs | disable_saml | org.disable_saml | |
[‘github:cloud:audit’] | org.disable_two_factor_requirement | src, src_user | object_attrs | disable_two_factor_requirement | org.disable_two_factor_requirement | |
[‘github:cloud:audit’] | org.display_commenter_full_name_disabled | src, src_user | object_attrs | display_commenter_full_name_disabled | org.display_commenter_full_name_disabled | |
[‘github:cloud:audit’] | org.display_commenter_full_name_enabled | src, src_user | object_attrs | display_commenter_full_name_enabled | org.display_commenter_full_name_enabled | |
[‘github:cloud:audit’] | org.enable_member_team_creation_permission | src, src_user | object_attrs | enable_member_team_creation_permission | org.enable_member_team_creation_permission | |
[‘github:cloud:audit’] | org.enable_oauth_app_restrictions | src, src_user | object_attrs | enable_oauth_app_restrictions | org.enable_oauth_app_restrictions | |
[‘github:cloud:audit’] | org.enable_reader_discussion_creation_permission | src, src_user | object_attrs | enable_reader_discussion_creation_permission | org.enable_reader_discussion_creation_permission | |
[‘github:cloud:audit’] | org.enable_saml | src_user | object_attrs | enable_saml | org.enable_saml | |
[‘github:cloud:audit’] | org.enable_two_factor_requirement | src, src_user | object_attrs | enable_two_factor_requirement | org.enable_two_factor_requirement | |
[‘github:cloud:audit’] | org.integration_manager_added | src | object_attrs | integration_manager_added | org.integration_manager_added | |
[‘github:cloud:audit’] | org.integration_manager_removed | src | object_attrs | integration_manager_removed | org.integration_manager_removed | |
[‘github:cloud:audit’] | org.invite_member | src | object_attrs | invite_member | org.invite_member | |
[‘github:cloud:audit’] | org.oauth_app_access_approved | src | object_attrs | oauth_app_access_approved | org.oauth_app_access_approved | |
[‘github:cloud:audit’] | org.oauth_app_access_denied | src, src_user | object_attrs | oauth_app_access_denied | org.oauth_app_access_denied | |
[‘github:cloud:audit’] | org.remove_actions_secret | src, src_user | object_attrs | remove_actions_secret | org.remove_actions_secret | |
[‘github:cloud:audit’] | org.remove_integration_secret | src, src_user | object_attrs | remove_integration_secret | org.remove_integration_secret | |
[‘github:cloud:audit’] | org.remove_member | src | object_attrs | remove_member | org.remove_member | |
[‘github:cloud:audit’] | org.remove_outside_collaborator | src | object_attrs | remove_outside_collaborator | org.remove_outside_collaborator | |
[‘github:cloud:audit’] | org.rename | src, object_attrs, src_user | ||||
[‘github:cloud:audit’] | org.restore_member | object_attrs | restore_member | org.restore_member | ||
[‘github:cloud:audit’] | org.runner_group_created | src, src_user | object_attrs | runner_group_created | org.runner_group_created | |
[‘github:cloud:audit’] | org.runner_group_removed | src, src_user | object_attrs | runner_group_removed | org.runner_group_removed | |
[‘github:cloud:audit’] | org.runner_group_updated | src, src_user | object_attrs | runner_group_updated | org.runner_group_updated | |
[‘github:cloud:audit’] | org.secret_scanning_custom_pattern_push_protection_disabled | src, src_user | object_attrs | secret_scanning_custom_pattern_push_protection_disabled | org.secret_scanning_custom_pattern_push_protection_disabled | |
[‘github:cloud:audit’] | org.secret_scanning_custom_pattern_push_protection_enabled | src, src_user | object_attrs | secret_scanning_custom_pattern_push_protection_enabled | org.secret_scanning_custom_pattern_push_protection_enabled | |
[‘github:cloud:audit’] | org.secret_scanning_push_protection_custom_message_disabled | src, src_user | object_attrs | secret_scanning_push_protection_custom_message_disabled | org.secret_scanning_push_protection_custom_message_disabled | |
[‘github:cloud:audit’] | org.secret_scanning_push_protection_custom_message_enabled | src, src_user | object_attrs | secret_scanning_push_protection_custom_message_enabled | org.secret_scanning_push_protection_custom_message_enabled | |
[‘github:cloud:audit’] | org.secret_scanning_push_protection_disable | src, src_user | object_attrs | secret_scanning_push_protection_disable | org.secret_scanning_push_protection_disable | |
[‘github:cloud:audit’] | org.secret_scanning_push_protection_enable | src, src_user | object_attrs | secret_scanning_push_protection_enable | org.secret_scanning_push_protection_enable | |
[‘github:cloud:audit’] | org.secret_scanning_push_protection_new_repos_enable | src, src_user | object_attrs | secret_scanning_push_protection_new_repos_enable | org.secret_scanning_push_protection_new_repos_enable | |
[‘github:cloud:audit’] | org.set_actions_fork_pr_approvals_policy | src, src_user | object_attrs | set_actions_fork_pr_approvals_policy | org.set_actions_fork_pr_approvals_policy | |
[‘github:cloud:audit’] | org.set_actions_retention_limit | src, src_user | object_attrs | set_actions_retention_limit | org.set_actions_retention_limit | |
[‘github:cloud:audit’] | org.set_default_workflow_permissions | src, src_user | object_attrs | set_default_workflow_permissions | org.set_default_workflow_permissions | |
[‘github:cloud:audit’] | org.set_workflow_permission_can_approve_pr | src, src_user | object_attrs | set_workflow_permission_can_approve_pr | org.set_workflow_permission_can_approve_pr | |
[‘github:cloud:audit’] | org.unblock_user | src | object_attrs | unblock_user | org.unblock_user | |
[‘github:cloud:audit’] | org.update_actions_secret | src, src_user | object_attrs | update_actions_secret | org.update_actions_secret | |
[‘github:cloud:audit’] | org.update_actions_settings | src, src_user | object_attrs | update_actions_settings | org.update_actions_settings | |
[‘github:cloud:audit’] | org.update_default_repository_permission | src, src_user | object_attrs | update_default_repository_permission | org.update_default_repository_permission | |
[‘github:cloud:audit’] | org.update_integration_secret | src, src_user | object_attrs | update_integration_secret | org.update_integration_secret | |
[‘github:cloud:audit’] | org.update_member | src | object_attrs | update_member | org.update_member | |
[‘github:cloud:audit’] | org.update_member_repository_creation_permission | src, src_user | object_attrs | update_member_repository_creation_permission | org.update_member_repository_creation_permission | |
[‘github:cloud:audit’] | org.update_member_repository_invitation_permission | src, src_user | object_attrs | update_member_repository_invitation_permission | org.update_member_repository_invitation_permission | |
[‘github:cloud:audit’] | org.update_new_repository_default_branch_setting | src, src_user | object_attrs | update_new_repository_default_branch_setting | org.update_new_repository_default_branch_setting | |
[‘github:cloud:audit’] | org.update_saml_provider_settings | src_user | object_attrs | update_saml_provider_settings | org.update_saml_provider_settings | |
[‘github:cloud:audit’] | org.update_terms_of_service | src, src_user | object_attrs | update_terms_of_service | org.update_terms_of_service | |
[‘github:cloud:audit’] | org_credential_authorization.deauthorize | src_user | object_attrs | org_credential_authorization | org_credential_authorization.deauthorize | |
[‘github:cloud:audit’] | org_credential_authorization.grant | src_user | object_attrs | org_credential_authorization | org_credential_authorization.grant | |
[‘github:cloud:audit’] | organization_projects_change.clear | src_user | object_attrs | organization_projects_change | organization_projects_change.clear | |
[‘github:cloud:audit’] | organization_projects_change.disable | src_user | object_attrs | organization_projects_change | organization_projects_change.disable | |
[‘github:cloud:audit’] | organization_projects_change.enable | src_user | object_attrs | organization_projects_change | organization_projects_change.enable | |
[‘github:cloud:audit’] | private_repository_forking.clear | src_user | object_attrs | private_repository_forking | private_repository_forking.clear | |
[‘github:cloud:audit’] | private_repository_forking.disable | src_user | object_attrs | private_repository_forking | private_repository_forking.disable | |
[‘github:cloud:audit’] | private_repository_forking.enable | src_user | object_attrs | private_repository_forking | private_repository_forking.enable | |
[‘github:cloud:audit’] | pull_request.close | object_attrs, src_user | ||||
[‘github:cloud:audit’] | pull_request.create | object_attrs, src_user | ||||
[‘github:cloud:audit’] | pull_request.create_review_request | object_attrs, src_user | ||||
[‘github:cloud:audit’] | pull_request.merge | object_attrs, src_user | ||||
[‘github:cloud:audit’] | pull_request.ready_for_review | object_attrs, src_user | ||||
[‘github:cloud:audit’] | pull_request.reopen | object_attrs, src_user | ||||
[‘github:cloud:audit’] | repo.access | object_attrs, src_user | ||||
[‘github:cloud:audit’] | repo.actions_enabled | src_user | object_attrs | actions_enabled | repo.actions_enabled | |
[‘github:cloud:audit’] | repo.add_member | object_attrs | add_member | repo.add_member | ||
[‘github:cloud:audit’] | repo.add_topic | src, src_user | object_attrs | add_topic | repo.add_topic | |
[‘github:cloud:audit’] | repo.advanced_security_disabled | src, src_user | object_attrs | advanced_security_disabled | repo.advanced_security_disabled | |
[‘github:cloud:audit’] | repo.advanced_security_enabled | src, src_user | object_attrs | advanced_security_enabled | repo.advanced_security_enabled | |
[‘github:cloud:audit’] | repo.archived | src, object_attrs, src_user | ||||
[‘github:cloud:audit’] | repo.change_merge_setting | src_user | object_attrs | change_merge_setting | repo.change_merge_setting | |
[‘github:cloud:audit’] | repo.code_scanning_analysis_deleted | src, src_user | object_attrs | code_scanning_analysis_deleted | repo.code_scanning_analysis_deleted | |
[‘github:cloud:audit’] | repo.code_scanning_configuration_for_branch_deleted | src, src_user | object_attrs | code_scanning_configuration_for_branch_deleted | repo.code_scanning_configuration_for_branch_deleted | |
[‘github:cloud:audit’] | repo.codeql_enabled | src, src_user | object_attrs | codeql_enabled | repo.codeql_enabled | |
[‘github:cloud:audit’] | repo.config.disable_collaborators_only | src_user | object_attrs | config.disable_collaborators_only | repo.config.disable_collaborators_only | |
[‘github:cloud:audit’] | repo.config.disable_contributors_only | src_user | object_attrs | config.disable_contributors_only | repo.config.disable_contributors_only | |
[‘github:cloud:audit’] | repo.config.disable_sockpuppet_disallowed | src_user | object_attrs | config.disable_sockpuppet_disallowed | repo.config.disable_sockpuppet_disallowed | |
[‘github:cloud:audit’] | repo.config.enable_collaborators_only | src_user | object_attrs | config.enable_collaborators_only | repo.config.enable_collaborators_only | |
[‘github:cloud:audit’] | repo.config.enable_contributors_only | src_user | object_attrs | config.enable_contributors_only | repo.config.enable_contributors_only | |
[‘github:cloud:audit’] | repo.config.enable_sockpuppet_disallowed | src_user | object_attrs | config.enable_sockpuppet_disallowed | repo.config.enable_sockpuppet_disallowed | |
[‘github:cloud:audit’] | repo.create | object_attrs, src_user | ||||
[‘github:cloud:audit’] | repo.create_actions_secret | src_user | object_attrs | create_actions_secret | repo.create_actions_secret | |
[‘github:cloud:audit’] | repo.create_integration_secret | src_user | object_attrs | create_integration_secret | repo.create_integration_secret | |
[‘github:cloud:audit’] | repo.destroy | object_attrs, src_user | ||||
[‘github:cloud:audit’] | repo.pages_cname | src_user | object_attrs | pages_cname | repo.pages_cname | |
[‘github:cloud:audit’] | repo.pages_create | src_user | object_attrs | pages_create | repo.pages_create | |
[‘github:cloud:audit’] | repo.pages_destroy | src_user | object_attrs | pages_destroy | repo.pages_destroy | |
[‘github:cloud:audit’] | repo.pages_https_redirect_disabled | src_user | object_attrs | pages_https_redirect_disabled | repo.pages_https_redirect_disabled | |
[‘github:cloud:audit’] | repo.pages_https_redirect_enabled | src_user | object_attrs | pages_https_redirect_enabled | repo.pages_https_redirect_enabled | |
[‘github:cloud:audit’] | repo.pages_private | src, src_user | object_attrs | pages_private | repo.pages_private | |
[‘github:cloud:audit’] | repo.pages_public | src_user | object_attrs | pages_public | repo.pages_public | |
[‘github:cloud:audit’] | repo.pages_source | src_user | object_attrs | pages_source | repo.pages_source | |
[‘github:cloud:audit’] | repo.register_self_hosted_runner | src_user | object_attrs | register_self_hosted_runner | repo.register_self_hosted_runner | |
[‘github:cloud:audit’] | repo.remove_actions_secret | src, src_user | object_attrs | remove_actions_secret | repo.remove_actions_secret | |
[‘github:cloud:audit’] | repo.remove_integration_secret | src, src_user | object_attrs | remove_integration_secret | repo.remove_integration_secret | |
[‘github:cloud:audit’] | repo.remove_member | src | object_attrs | remove_member | repo.remove_member | |
[‘github:cloud:audit’] | repo.remove_self_hosted_runner | src, src_user | object_attrs | remove_self_hosted_runner | repo.remove_self_hosted_runner | |
[‘github:cloud:audit’] | repo.remove_topic | src, src_user | object_attrs | remove_topic | repo.remove_topic | |
[‘github:cloud:audit’] | repo.rename | src, object_attrs, src_user | ||||
[‘github:cloud:audit’] | repo.self_hosted_runner_offline | object_attrs | self_hosted_runner_offline | repo.self_hosted_runner_offline | ||
[‘github:cloud:audit’] | repo.self_hosted_runner_online | object_attrs | self_hosted_runner_online | repo.self_hosted_runner_online | ||
[‘github:cloud:audit’] | repo.set_actions_fork_pr_approvals_policy | src_user | object_attrs | set_actions_fork_pr_approvals_policy | repo.set_actions_fork_pr_approvals_policy | |
[‘github:cloud:audit’] | repo.set_actions_retention_limit | src_user | object_attrs | set_actions_retention_limit | repo.set_actions_retention_limit | |
[‘github:cloud:audit’] | repo.transfer | object_attrs, src_user | ||||
[‘github:cloud:audit’] | repo.transfer_outgoing | src_user | object_attrs | transfer_outgoing | repo.transfer_outgoing | |
[‘github:cloud:audit’] | repo.unarchived | src, object_attrs, src_user | ||||
[‘github:cloud:audit’] | repo.update_actions_secret | src_user | object_attrs | update_actions_secret | repo.update_actions_secret | |
[‘github:cloud:audit’] | repo.update_actions_settings | src, src_user | object_attrs | update_actions_settings | repo.update_actions_settings | |
[‘github:cloud:audit’] | repo.update_default_branch | src_user | object_attrs | update_default_branch | repo.update_default_branch | |
[‘github:cloud:audit’] | repo.update_integration_secret | src_user | object_attrs | update_integration_secret | repo.update_integration_secret | |
[‘github:cloud:audit’] | repo.update_member | src | object_attrs | update_member | repo.update_member | |
[‘github:cloud:audit’] | repository_dependency_graph.enable | src_user | object_attrs | repository_dependency_graph | repository_dependency_graph.enable | |
[‘github:cloud:audit’] | repository_projects_change.clear | src_user | object_attrs | repository_projects_change | repository_projects_change.clear | |
[‘github:cloud:audit’] | repository_projects_change.disable | src_user | object_attrs | repository_projects_change | repository_projects_change.disable | |
[‘github:cloud:audit’] | repository_projects_change.enable | src_user | object_attrs | repository_projects_change | repository_projects_change.enable | |
[‘github:cloud:audit’] | repository_secret_scanning.enable | src_user | object_attrs | repository_secret_scanning | repository_secret_scanning.enable | |
[‘github:cloud:audit’] | repository_secret_scanning_push_protection.disable | src_user | object_attrs | repository_secret_scanning_push_protection | repository_secret_scanning_push_protection.disable | |
[‘github:cloud:audit’] | repository_visibility_change.clear | src_user | object_attrs | repository_visibility_change | repository_visibility_change.clear | |
[‘github:cloud:audit’] | repository_visibility_change.disable | src_user | object_attrs | repository_visibility_change | repository_visibility_change.disable | |
[‘github:cloud:audit’] | repository_visibility_change.enable | src_user | object_attrs | repository_visibility_change | repository_visibility_change.enable | |
[‘github:cloud:audit’] | repository_vulnerability_alert.create | object_attrs, src_user | ||||
[‘github:cloud:audit’] | repository_vulnerability_alert.reopen | object_attrs, src_user | ||||
[‘github:cloud:audit’] | repository_vulnerability_alerts.enable | src_user | event_group, object_attrs, eventtype, tag, tag::eventtype | change_audit, repository_vulnerability_alerts, github_audit_changes, audit, audit | change_all, repository_vulnerability_alerts.enable, github_all_changes | |
[‘github:cloud:audit’] | team.add_member | object_attrs | add_member | team.add_member | ||
[‘github:cloud:audit’] | team.add_repository | src_user | object_attrs | add_repository | team.add_repository | |
[‘github:cloud:audit’] | team.change_parent_team | src, src_user | object_attrs | change_parent_team | team.change_parent_team | |
[‘github:cloud:audit’] | team.change_privacy | src, src_user | object_attrs | change_privacy | team.change_privacy | |
[‘github:cloud:audit’] | team.create | src, object_attrs, src_user | ||||
[‘github:cloud:audit’] | team.demote_maintainer | src | object_attrs | demote_maintainer | team.demote_maintainer | |
[‘github:cloud:audit’] | team.destroy | src, object_attrs, src_user | ||||
[‘github:cloud:audit’] | team.promote_maintainer | src | object_attrs | promote_maintainer | team.promote_maintainer | |
[‘github:cloud:audit’] | team.remove_member | src | object_attrs | remove_member | team.remove_member | |
[‘github:cloud:audit’] | team.remove_repository | src_user | object_attrs | remove_repository | team.remove_repository | |
[‘github:cloud:audit’] | team.rename | src, object_attrs, src_user | ||||
[‘github:cloud:audit’] | team.update_repository_permission | src, src_user | object_attrs | update_repository_permission | team.update_repository_permission | |
[‘github:cloud:audit’] | team_discussions.clear | src_user | object_attrs | team_discussions | team_discussions.clear | |
[‘github:cloud:audit’] | team_discussions.disable | src_user | object_attrs | team_discussions | team_discussions.disable | |
[‘github:cloud:audit’] | team_discussions.enable | src_user | object_attrs | team_discussions | team_discussions.enable | |
[‘github:cloud:audit’] | workflows.completed_workflow_run | src_user | event_group, object_attrs, eventtype, tag, tag::eventtype | change_audit, workflow_run, github_audit_changes, audit, audit | change_all, workflows.completed_workflow_run, github_all_changes | |
[‘github:cloud:audit’] | workflows.created_workflow_run | src_user | event_group, object_attrs, eventtype, tag, tag::eventtype | change_audit, workflow_run, github_audit_changes, audit, audit | change_all, workflows.created_workflow_run, github_all_changes | |
[‘github:cloud:audit’] | workflows.enable_workflow | src_user | object_attrs | enable_workflow | workflows.enable_workflow | |
[‘github:cloud:audit’] | workflows.prepared_workflow_job | event_group, object_attrs, eventtype, tag, tag::eventtype | change_audit, workflow_job, github_audit_changes, audit, audit | change_all, workflows.prepared_workflow_job, github_all_changes |
Fixed issues¶
Version 3.0.0 of the Splunk Add-on for GitHub has the following fixed issues:
Known issues¶
Version 3.0.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party libraries¶
The Splunk Add-on for GitHub version 3.0.0 uses the following third-party libraries:
Third-party libraries for Splunk Add-on for GitHub version 3.0.0
Version 2.2.1¶
Version 2.2.1 of the Splunk Add-on for GitHub was released on December 11, 2023.
Compatibility¶
Version 2.2.1 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
---|---|
CIM | 5.1.1 |
Platforms | Platform independent |
Vendor Products | GitHub Enterprise v3.2, Github Enterprise Cloud |
New Features¶
Fixed a security vulnerability found in the Splunk Add-on for GitHub library by upgrading its version from 1.37.2 to 1.38.0
Fixed issues¶
Version 2.2.1 of the Splunk Add-on for GitHub has the following fixed issues:
Known issues¶
Version 2.2.1 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party libraries¶
The Splunk Add-on for GitHub version 2.2.1 uses the following third-party libraries:
Third-party libraries for Splunk Add-on for GitHub version 2.2.1
Version 2.2.0¶
Version 2.2.0 of the Splunk Add-on for GitHub was released on July 5, 2023.
Compatibility¶
Version 2.2.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
---|---|
CIM | 5.1.1 |
Platforms | Platform independent |
Vendor Products | GitHub Enterprise v3.2, Github Enterprise Cloud |
New Features¶
- Provided support of GitHub Cloud Audit events with category org, repo, and team in sourcetype
github:cloud:audit
. - Provided support of GitHub Enterprise Cloud Audit log streaming in sourcetype
github:cloud:audit
of the add-on. - Made “Account Type” field uneditable while editing a GitHub Cloud Audit Input to avoid data collection gaps.
Fixed issues¶
Version 2.2.0 of the Splunk Add-on for GitHub has the following fixed issues:
Known issues¶
Version 2.2.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party libraries¶
The Splunk Add-on for GitHub version 2.2.0 uses the following third-party libraries:
Third-party libraries for Splunk Add-on for GitHub version 2.2.1
Version 2.1.1¶
Version 2.1.1 of the Splunk Add-on for GitHub was released on March 2, 2023.
Compatibility¶
Version 2.1.1 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
---|---|
CIM | 5.0.1 |
Platforms | Platform independent |
Vendor Products | GitHub Enterprise v3.2, Github Enterprise Cloud |
New Features¶
There are no new features in this release.There are certain bug fixes mentioned in the below section.
Fixed issues¶
Version 2.1.1 of the Splunk Add-on for GitHub has the following fixed issues:
- Fixed validation issues for GitHub Cloud Audit Input.
- Upgraded the third-party certifi library to version 2022.12.7
- Fixed a security vulnerability found in the certifi library.
Known issues¶
Version 2.1.1 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party libraries¶
The Splunk Add-on for GitHub version 2.1.1 uses the following third-party libraries:
Third-party libraries for Splunk Add-on for GitHub version 2.1.1
Version 2.1.0¶
Version 2.1.0 of the Splunk Add-on for GitHub was released on October 9, 2022.
Compatibility¶
Version 2.1.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
---|---|
CIM | 5.0.1 |
Platforms | Platform independent |
Vendor Products | GitHub Enterprise v3.2, Github Enterprise Cloud |
New Features¶
There are no new feature in this release.
Fixed issues¶
Version 2.1.0 of the Splunk Add-on for GitHub has the following fixed issues:
- Fixed the checkpoint mechanism for both Audit and User inputs.
- Enhanced input configuration validations for a better user experience.
- Added a retry mechanism for user data collection in case of server errors.
Known issues¶
Version 2.1.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party libraries¶
The Splunk Add-on for GitHub version 2.1.0 uses the following third-party libraries:
Third-party libraries for Splunk Add-on for GitHub version 2.1.0
Version 2.0.0¶
Version 2.0.0 of the Splunk Add-on for GitHub was released on May 27, 2022.
Compatibility¶
Version 2.0.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 8.1.x, 8.2.x |
---|---|
CIM | 5.0.1 |
Platforms | Platform independent |
Vendor Products | GitHub Enterprise v3.2, Github Enterprise Cloud |
New Features¶
- Integrated the support of data collection from the GitHub Enterprise Cloud.
- Added the add-on UI components for Configuration and Inputs.
- Added support to fetch audit logs for Organization and Enterprise account types.
- Added support to fetch user metadata events from GitHub Cloud via modular inputs.
- Added proxy and logging support in data collection.
- Added compatibility with the latest CIM version 5.1.0 for the newly collected events from GitHub Cloud.
Fixed issues¶
Version 2.0.0 of the Splunk Add-on for GitHub has the following fixed issues:
Known issues¶
Version 2.0.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:
Version 1.0.0¶
Version 1.0.0 of the Splunk Add-on for GitHub was released on December 27, 2021.
Splunk platform versions | 8.0.x, 8.1.x, 8.2.x |
---|---|
CIM | 4.20.2 |
Platforms | Platform independent |
Vendor Products | GitHub Enterprise v3.2 |
New Features¶
- Provides support for audit logs of GitHub Enterprise Server (GHES) for version v3.2.
- Collects GitHub Enterprise audited actions logs using GitHub’s Log Forwarding feature on the specified Splunk server with Splunk connect for Syslog (SC4S).
- SC4S assigns github:enterprise:audit sourcetype to all events and the logs are collected in the
gitops
index. - Added CIM mapping & extractions from scratch for the latest CIM compatible version 4.20.2.
Known issues¶
Version 1.0.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported: