Skip to content

Overview

Splunk Add-on for GitHub
Version 3.1.0
Vendor Products GitHub Enterprise v3.2, v3.13, GitHub Cloud
Add-on has a Web UI Yes.

The Splunk Add-on for GitHub lets you collect audit logs from the GitHub Enterprise Server (GHES) using the Log Forwarding mechanism of GitHub and extracts useful information out of it. It can also fetch the audit logs for organization and enterprise account types and user metadata events of an organization from the GitHub Cloud. The add-on also fetches Code Scanning Alerts from GitHub Cloud, which enables users to collect those alerts from organization or enterprise account types in Splunk and normalize them using CIM data models

Download the Splunk Add-on for GitHub at Splunkbase.

For a summary of new features, fixed issues, and known issues, see Release notes for the Splunk Add-on for GitHub.

For information about installing and configuring the Splunk Add-on for GitHub, see Installation overview for the Splunk Add-on for GitHub.

Hardware and software requirements for the Splunk Add-on for GitHub

Prerequisites:

GitHub Enterprise Server (GHES) installed on a system with log monitoring/forwarding enabled. Splunk connect for Syslog (SC4S) installed and configured with default settings.

Splunk Add-on for GitHub uses KVStore Service in data collection from GitHub Cloud, so KVStore must be up and running

Splunk admin requirements

To install and configure the Splunk Add-on for GitHub, you must be a member of the admin or sc_admin role.

Splunk platform requirements

Because this add-on runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this add-on.

  • For Splunk Enterprise system requirements: see System Requirements in the Splunk Enterprise Installation Manual.
  • If you are managing on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.

Installation overview for the Splunk Add-on for GitHub

Install the Splunk Add-on for GitHub.

  1. Install the add-on.
  2. Upgrade the add-on.
  3. Set up GitHub so that the Splunk platform can collect data from them.
  4. Configure the inputs for the add-on.

Ended: Overview

Installation, Configuration and Upgrade

Install the Splunk Add-on for GitHub

  1. Get the Splunk Add-on for GitHub by downloading it from Splunkbase or browsing to it using the app browser within Splunk Web.
  2. Determine where and how to install this add-on in your deployment using the tables on this page.
  3. Perform any prerequisite steps before installing as required and specified in the following tables.
  4. Complete your installation.

For step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthroughs section for links to installation instructions specific to a single-instance deployment, distributed deployment, or Splunk Cloud.

Distributed deployments

Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise.

Where to install this add-on

This table provides a quick reference for installing this add-on to a distributed deployment of Splunk Enterprise.

Splunk instance type Supported Required Comments
Search Heads Yes Yes Install this add-on to all search heads that require GitHub knowledge management.
Indexers Yes No Not required, because the parsing operations occur on the heavy forwarders.
Heavy Forwarders Yes Yes Install this add-on on heavy forwarders to perform data collection via modular inputs.
Universal Forwarders No No Install this add-on on a heavy forwarder for data collection

Distributed deployment feature compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes You can install this add-on on a search head cluster for all search-time functionality.
Indexer Clusters Yes Supported for deploying the Add-on.
Deployment Server Yes Supported for deploying the Add-on.

Installation walkthroughs

The Splunk Add-Ons manual includes an Installing add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform.

For a walkthrough of the installation procedure, follow the link that matches your deployment scenario:

Configure your GitHub Enterprise server to send data to the Splunk Add-on for GitHub

To let the Splunk Add-on for GitHub collect data from your GitHub Enterprise server, configure your GitHub Enterprise server to forward logs and push it to your Splunk platform installation. For more detailed information, see the GitHub log forwarding documentation.

  1. On the Management Console page, click Monitoring.
  2. Select Enable log forwarding.
  3. For Server address, type the address of the server to which you want to forward logs. You can specify multiple addresses in a comma-separated list.
  4. In the Protocol menu, select the protocol to use to communicate with the log server, we recommend TCP. The protocol will apply to all specified log destinations.

Collect data in the add-on using GitHub Enterprise

Splunk Connect for Syslog

All production deployments should utilize Splunk Connect For Syslog to forward syslog data into the Splunk platform for GitHub Enterprise data. This solution provides improved simplicity and scalability, among other benefits. For more information, see the Splunk Connect for Syslog manual.

Validate data collection

Once you have configured the input, run this search to check that you are ingesting the correct expected data.

sourcetype=github:enterprise:audit

Configure GitHub Cloud to send data to the Splunk Add-on for GitHub

You can collect the data from your GitHub Cloud using the following approaches:

  • Utilize GitHub Cloud Log Streaming to collect the data
    • To collect the data using this approach, refer to “Configure your GitHub Cloud Audit Log Streaming to send data to Splunk Add-on for GitHub” page for configuring the Splunk Cloud and GitHub Cloud Audit Log Streaming
  • Utilize Add-on inputs to collect the data
    • To collect the data using this approach, see the following to configure Account and Inputs

Collect data using the add-on inputs

Before you follow the instructions on this page to set up the Splunk Add-on for Github, obtain your Personal Access Token from Github Cloud. See your GitHub Documentation for more information.

Behavior of Audit logs API

  • Audit logs list events triggered by the activities that affect your enterprise.
  • By Default, APIs will collect audit data from the past three months. The APIs retain Git events such as cloning, fetching, and pushing data for seven days.

Steps to configure an Account in Github

  • In Splunk Web, go to the Splunk Add-on for Github, by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Github.
  • Click the Configuration tab.
  • Click the Github Account tab.

In the Add dialogue box, fill in the required fields:

Field Description
Account Name A unique name for your Github account.
Personal Access Token The token you generated on Github Cloud. Next, configure your inputs.

(Optional) Change logging level

You can change the default log level () to see more granular logs such as debug or more generic logs such as only error logs. The logging level can be configured using the steps below.

  • On Splunk Web, go to the Splunk Add-on for Github, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Github.
  • Click the Configuration tab.
  • Click the Logging tab.
  • Select a new logging level from the drop-down menu.
  • Click Save to save your configurations.

(Optional) Proxy setup

If you have proxy set up for data collection, the proxy settings can be configured by providing the details so that the data will be collected via the configured proxy.

  • On Splunk Web, go to the Splunk Add-on for Github, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Github.
  • Click the Configuration tab.
  • Click the Proxy tab.
  • Check Enable and fill in the required fields.

Github Audit Input

Data will be collected in github:cloud:audit source type. The fields present in the Input are as below:

Field Type Description
Name Textbox Unique Input Name
Event Type Dropdown Specifies the type of events to be collected: web - web (non-Git) events, git - Git events, all - both web and Git events
Account Type Dropdown The type of account for which you want to collect the data, i.e., Organization or Enterprise. This field becomes uneditable once you save the input successfully, to change this you can create a new input with the correct account type.
Organization /Enterprise Name Textbox Enter a valid name of Organization or Enterprise
Github Account Dropdown Select the account from the created Accounts in Configuration
Interval Textbox Enter the interval for consecutive invocations in seconds
Index Textbox Enter the index name in which you want to collect the data
Start Date Textbox Date to start the data collection from. Accepted in specified format - YYYY-MM-DDTHH:MM:SS

To collect the audit-logs, the user should have the admin access of the organization/enterprise and read:audit_log scope for the Personal Access Token.

Github User Input

Data will be collected in github:cloud:user source type. The fields present in the Input are as below:

Field Type Description
Name Textbox Unique Input Name
Github Account Dropdown Select the account from the created Accounts in Configuration
Organization /Enterprise Name Textbox Enter a valid name of Organization or Enterprise
Interval Textbox Enter the interval for consecutive invocations in seconds
Index Textbox Enter the index name in which you want to collect the data

To collect the user data, the user should be a member of the organization and read:org scope for the Personal Access Token

Github Alerts Input

Data is collected specifcally using these sourcetypes:

  • Code Scanning Alert: github:cloud:code:scanning:alerts
  • Dependabot Scanning Alert: github:cloud:dependabot:scanning:alerts
  • Secret Scanning Alert github:cloud:secret:scanning:alerts

The fields in the Input are as follows:

Field Type Description
Name Textbox Unique Input Name
Account Type Dropdown The type of account for which you want to collect the data, i.e., Organization or Enterprise. This field becomes uneditable once you save the input successfully, and to change this you can create a new input with the correct account type.
Organization /Enterprise Name Textbox Enter a valid name of the Organization or Enterprise.
Github Account Dropdown Select the account from the created Accounts in Configuration
Alert Type Dropdown Select the appropriate alert type for the events you want to ingest, such as: Code Scanning Alerts, Dependabot Scanning Alerts, Secret Scanning Alerts Splunk selects the “Code Scanning Alerts” by default. This field becomes uneditable once you successfully save the input. You must create a new input with the correct Alert type to change this field.
State Dropdown The state in which you want to collect Code Scanning Alerts. Select Open, Closed, Dismissed, Fixed, or All from the list. By default, the “All” option will be considered
Severity Dropdown Visible only when the user selects “Organization” Account Type. The severity in which you want to collect Code Scanning Alerts. Select Critical, High, Medium, Low, Note, Error, or All from the list. By default, the All option will be considered.
Interval Textbox Enter the interval for consecutive invocations in seconds
Index Textbox Enter the index name in which you want to collect the data
Dependabot Alert Severity Multi Select Dropdown The severity in which you want to collect Dependabot Scanning Alerts. Visible only when the user selects “Dependabot Scanning Alert” from Alert Type dropdown. Select Critical, High, Medium, Low, and All from the list. By default, the All option will be considered.
Dependabot Alert State Multi Select Dropdown The state in which you want to collect Dependabot Scanning Alerts. Visible only when the user selects “Dependabot Scanning Alert” from Alert Type dropdown. Select auto_dismissed, open, dismissed, fixed, or All from the list. By default, the All option will be considered.
Dependaboth Alert Ecosystem Multi Select Dropdown The Ecosystem for which you want to collect Dependabot Scanning Alerts. Visible only when the user selects “Dependabot Scanning Alert” from Alert Type dropdown. Select rust, rubygems, pip, pub, nuget, maven, composer, go, npm, or All from the list. By default, the “All” option will be considered.
Dependabot Alert Scope Dropdown Select scope of the alerts to be ingested. Visible only when the user selects “Dependabot Scanning Alert” from Alert Type dropdown. Select development or runtime or All from the list. By default, the “All” option will be considered.
Secret Scanning Alerts Resolution Multi Select Dropdown The resolution in which you want to collect Secret Scanning Alerts. Visible only when the user selects “Secret Scanning Alert” from Alert Type dropdown. Select false_positive, wont_fix, revoked, pattern_edited, pattern_deleted, used_in_tests and All from the list. By default, the “All” option will be considered.
Secret Scanning Alerts Validity Multi Select Dropdown The Secret Scanning Alerts Validity in which you want to collect Secret Scanning Alerts. Visible only when the user selects “Secret Scanning Alert” from Alert Type dropdown. Select active, inactive ,unknown or All from the list. By default, the All option will be considered.
Secret Scanning State Dropdown The Secret Scanning Alerts state in which you want to collect Secret Scanning Alerts. Visible only when the user selects “Secret Scanning Alert” from Alert Type dropdown. Select Open or Resolved from the list. By default, the Open option will be considered.

The fields that will be uneditable in the modinput are:

  • Input Name
  • Account Name
  • Account Type
  • Organization/Enterprise name
  • State
  • Severity
  • Alert Type
  • Dependabot Alert Severity
  • Dependabot Alert State
  • Ecosystem
  • Dependabot Alert Scope
  • Secret Scanning Alerts Resolution
  • Secret Scanning Alerts and Validity
  • Secret Scanning State

To collect code scanning alerts, the user should have admin access to the organization/enterprise and security_events or repo (for private or public repositories) or public_repo (for public repositories) scope for the Personal Access Token.

To collect Dependabot and secret scanning alerts, the user must be a member of Enterprise and an authenticated user of an organization owner. OAuth app tokens and personal access tokens (classic) need the security_events or repo to use this endpoint.

Validate data collection

Once you have configured the input, run this search to check that you are ingesting the correct expected data.

sourcetype=github:cloud:audit OR sourcetype=github:cloud:user OR souretype=github:cloud:code:scanning:alertsORgithub:cloud:dependabot:scanning:alerts OR github:cloud:secret:scanning:alerts

Configure GitHub Cloud Audit Log Streaming to send data to Splunk Add-on for GitHub

This section provides the steps to configure the GitHub Cloud Audit Log Streaming to send the audit logs data from GitHub Cloud to Splunk Cloud

The Splunk Cloud instance on which you want to receive Log Streaming data must be a Public Splunk Cloud

Splunk Configuration

Create a HEC token:

  • Click Settings > Add Data.
  • Click Monitor.
  • Click HTTP Event Collector
  • Enter a Name for the token.
  • (Optional) For Source name override, enter a name for a source to be assigned to events that this endpoint generates.
  • (Optional) For Description, enter a description for the input.
  • (Optional) To enable indexer acknowledgment for the token, check Enable indexer acknowledgment.
  • Click Next.
  • Make edits to source type and confirm the index where you want HEC events to be stored. Make the sourcetype github:cloud:audit.
  • Click Review.
  • Confirm the settings for your endpoint, then click Submit.
  • Copy the token value that Splunk Web displays, this token will be used to configure audit log streaming in GitHub

GitHub Cloud Configuration

  1. In the top-right corner, click on your profile photo, then click Your enterprises.

  2. Select the enterprise you want to view.

  3. In the Enterprise Account sidebar, click Settings.
  4. In Settings, select Audit log.
  5. Under “Audit log”, click Log streaming.

  6. In the Configure stream menu select Splunk.

    • On the configuration page, enter the following details:
    • The domain on which the application you want to stream to is hosted.

    If you’re using Splunk Cloud, the domain should be http-inputs-, where host is the domain you use in Splunk Cloud. For example, http-inputs-mycompany.splunkcloud.com. If you’re using the free trial version of Splunk Cloud, the domain should be inputs., where host is the domain you use in Splunk Cloud. For example, inputs.mycompany.splunkcloud.com.

    • The port on which the application accepts data.

    If you’re using Splunk Cloud and haven’t changed the port configuration, Port should be 443. If you’re using the free trial version of Splunk Cloud, Port should be 8088.

  7. Make sure that Enable SSL verification selected.

  8. Click Check endpoint to verify that GitHub can connect and write to the Splunk endpoint.
  9. After you have successfully verified the endpoint, click Save.

Upgrade the Splunk Add-on for GitHub

Upgrade from version 2.0.0 to version 2.1.0 or later of the Splunk Add-on GitHub

There are no additional steps required for this version upgrade. See the Install the Splunk Add-on for GitHub topic in this manual.

Ended: Installation, Configuration and Upgrade

Troubleshooting

Troubleshoot the Splunk Add-on for GitHub

For helpful troubleshooting tips that you can apply to all add-ons, see Troubleshoot add-ons in Splunk Add-ons. For additional resources, see Support and resource links for add-ons in Splunk Add-ons.

If the add-on fails to collect data, check whether the ‘gitops’ index is created. Then check whether the log monitoring/forwarding is enabled on the GitHub Enterprise Server with the correct splunk instance IP/host and port information.

If the fields are not extracted check whether SC4S and the Splunk add-on for GitHub are installed correctly.

Issues with Data Collection or Configuration via Modinputs

If you experience issues with data collection or addon configuration via mod inputs, you might be setting permissions incorrectly for the Personal Access Token used to collect data. Refer to Configure inputs using Splunk Add-on for GitHub for instructions to set required permissions for Personal Access Token to collect data.

Rate Limit for GitHub Cloud Audit Log API

The GitHub Cloud Audit Log API allows 1750 API calls in an hour and each API call allows 100 records to be fetched If the limit is exhausted, the user would have to wait till the API limit resets

Ended: Troubleshooting

Reference

Lookups for the Splunk Add-on for GitHub

The Splunk Add-on for GitHub has the following lookups. The lookups files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_github/lookups

File name Description
github_action_related_info_300.csv Outputs action, status, change_type, and event_group based on action in the event.
github_cloud_action_lookup_300.csv Oututs event_group, action, change_type, and object_category based on action in the event

Source types for the Splunk Add-on for GitHub

The Splunk Add-on for GitHub has the following sourcetypes.

Source type Event type CIM data models
github:enterprise:audit github_authentication Authentication
github_all_changes Change
github_account_changes Change Account Management
github_audit_changes Change Auditing Changes
github:cloud:audit github_alert Alert
github_all_changes Change
github_account_changes Change Account Management
github_audit_changes Change Auditing Changes
github:cloud:user github_cloud_user User
github:cloud:code:scanning:alerts github_code_scanning_alerts Alert
github:cloud:dependabot:scanning:alerts github_dependabot_scanning_alerts Alert
github:cloud:secret:scanning:alerts github_secret_scanning_alerts Alert

CIM Compatibility for GitHub Cloud Audit Logs

The following data models are mapped in the sourcetype github:cloud:audit of the add-on corresponding to the vendor_action.

Datamodel mapped vendor_action
Change:All_Changes org.rename, org.update_terms_of_service, org.create, org.update_actions_secret, org.create_actions_secret, org.set_actions_fork_pr_approvals_policy, org.set_actions_retention_limit, org.set_workflow_permission_can_approve_pr, org.set_default_workflow_permissions, org.update_actions_settings, org.secret_scanning_push_protection_disable, org.secret_scanning_push_protection_enable, org.secret_scanning_push_protection_custom_message_enabled, org.secret_scanning_push_protection_custom_message_disabled, org.secret_scanning_push_protection_new_repos_enable, org.secret_scanning_custom_pattern_push_protection_disabled, org.secret_scanning_custom_pattern_push_protection_enabled, repo.access, org.runner_group_updated, org.runner_group_created, org.runner_group_removed, org.config.disable_collaborators_only, org.config.enable_collaborators_only, org.update_member_repository_invitation_permission, org.enable_two_factor_requirement, org.remove_integration_secret, org.remove_actions_secret, repo.self_hosted_runner_offline, repo.self_hosted_runner_online, org.oauth_app_access_denied, org.enable_oauth_app_restrictions, org.disable_oauth_app_restrictions, org.oauth_app_access_approved, org.allow_third_party_access_requests_from_outside_collaborators_enabled, org.allow_third_party_access_requests_from_outside_collaborators_disabled, org.enable_reader_discussion_creation_permission, org.disable_reader_discussion_creation_permission, org.enable_member_team_creation_permission, org.disable_member_team_creation_permission, org.display_commenter_full_name_disabled, org.display_commenter_full_name_enabled, org.disable_two_factor_requirement, org.update_integration_secret, org.create_integration_secret, org.confirm_business_invitation, org.accept_business_invitation, org.config.disable_contributors_only, org.config.enable_contributors_only, org.config.disable_sockpuppet_disallowed, org.config.enable_sockpuppet_disallowed, org.update_new_repository_default_branch_setting, org.update_member_repository_creation_permission, org.update_default_repository_permission, org.cancel_invitation, org.cancel_business_invitation, org.advanced_security_policy_selected_member_enabled, org.advanced_security_policy_selected_member_disabled, repo.advanced_security_disabled, org.advanced_security_disabled_on_all_repos, repo.advanced_security_enabled, org.advanced_security_enabled_on_all_repos, org.advanced_security_disabled_for_new_repos, org.advanced_security_enabled_for_new_repos, repo.update_default_branch, repo.update_integration_secret, repo.update_actions_secret, repo.create_actions_secret, repo.transfer, team.add_repository, repo.actions_enabled, repo.transfer_outgoing, team.remove_repository, repo.register_self_hosted_runner, repo.set_actions_retention_limit, repo.set_actions_fork_pr_approvals_policy, repo.pages_public, repo.update_actions_settings, repo.rename, repo.remove_topic, repo.remove_integration_secret, repo.remove_actions_secret, repo.remove_self_hosted_runner, repo.pages_private, repo.pages_cname, repo.pages_https_redirect_enabled, repo.pages_https_redirect_disabled, repo.pages_source, repo.pages_create, repo.pages_destroy, repo.create, repo.change_merge_setting, repo.destroy, repo.create_integration_secret, repo.config.disable_sockpuppet_disallowed, repo.config.enable_sockpuppet_disallowed, repo.config.disable_collaborators_only, repo.config.enable_collaborators_only, repo.config.disable_contributors_only, repo.config.enable_contributors_only, repo.code_scanning_configuration_for_branch_deleted, repo.code_scanning_analysis_deleted, repo.codeql_enabled, repo.add_topic, team.update_repository_permission, team.create, team.destroy, repo.unarchived, repo.archived, team.change_privacy, team.rename, team.change_parent_team, org.update_saml_provider_settings, org.enable_saml, org.disable_saml, business.disable_two_factor_requirement, business.enable_two_factor_requirement, business.remove_member, pull_request.ready_for_review, business_secret_scanning_custom_pattern.delete, business_secret_scanning_custom_pattern.update, business_secret_scanning_custom_pattern.create, business.advanced_security_policy_update, members_can_view_dependency_insights.clear, members_can_view_dependency_insights.disable, members_can_view_dependency_insights.enable, team_discussions.clear, team_discussions.disable, team_discussions.enable, repository_projects_change.clear, repository_projects_change.disable, repository_projects_change.enable, organization_projects_change.clear, organization_projects_change.disable, organization_projects_change.enable, pull_request.create_review_request, business.set_actions_fork_pr_approvals_policy, business.update_actions_settings, issues.deletes_disabled, issues.deletes_enabled, members_can_delete_repos.clear, members_can_delete_repos.disable, members_can_delete_repos.enable, repository_visibility_change.clear, repository_visibility_change.disable, repository_visibility_change.enable, business.update_member_repository_invitation_permission, private_repository_forking.clear, private_repository_forking.disable, private_repository_forking.enable, business.clear_members_can_create_repos, business.update_member_repository_creation_permission, git.fetch, pull_request.merge, git.push, git.clone, pull_request.create, pull_request.close, hook.create, repository_dependency_graph.enable, repository_secret_scanning.enable, pull_request.reopen, org_credential_authorization.deauthorize, org_credential_authorization.grant, workflows.enable_workflow, integration_installation.repositories_added, repository_secret_scanning_push_protection.disable, business.set_fork_pr_workflows_policy, business.set_actions_retention_limit, issues.deletes_policy_cleared, workflows.completed_workflow_run, workflows.prepared_workflow_job, workflows.created_workflow_run, repository_vulnerability_alerts.enable
Change:Account_Management org.add_member, org.remove_outside_collaborator, repo.remove_member, team.remove_member, org.remove_member, org.integration_manager_removed, org.integration_manager_added, org.update_member, org.restore_member, repo.add_member, team.add_member, org.invite_member, org.unblock_user, org.block_user, repo.update_member, team.demote_maintainer, team.promote_maintainer
Alerts repository_vulnerability_alert.create, repository_vulnerability_alert.reopen

Ended: Reference

Release Notes

Release notes for the Splunk Add-on for GitHub

Version 3.1.0 of the Splunk Add-on for GitHub was released on Oct 25, 2024.

Compatibility

Version 3.1.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 9.0.x 9.1.x, 9.2.x, 9.3.x
CIM 5.3.2
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, v3.13, Github Enterprise Cloud

New Features

  • Introduced two new modular inputs for collecting alerts from GitHub Cloud:
    • Dependabot Scanning Alerts
    • Secret Scanning Alerts
  • Added support for two new event types in sourcetypes:
    • github:cloud:dependabot:scanning:alerts
    • github:cloud:secret:scanning:alerts
  • The events from both inputs are mapped to CIM data models, and the relevant CIM fields are now properly extracted.
  • Support for UCC Dashboard

Fixed issues

Version 3.1.0 of the Splunk Add-on for GitHub has the following fixed issues:

Known issues

Version 3.1.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Third-party libraries

The Splunk Add-on for GitHub version 3.1.0 uses the following third-party libraries:

Third-party libraries for Splunk Add-on for GitHub version 3.1.0

Release history for the Splunk Add-on for Github

The latest version of the Splunk Add-on for Github is version 3.1.0. See Release notes for the Splunk Add-on for Github for the release notes of this latest version.

Version 3.0.0

Version 3.0.0 of the Splunk Add-on for GitHub was released on July 23, 2024.

Compatibility

Version 3.0.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 9.0.x 9.1.x, 9.2.x
CIM 5.3.2
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, v3.13, Github Enterprise Cloud

New Features

  • Added a new modinput to collect Code Scanning Alerts from GitHub Cloud.
    • The events collected via new modinput will fall under new sourcetype github:cloud:code:scanning:alerts and is tagged with Alerts CIM data model
  • Added support for the “Start Date” field in GitHub Audit Input
    • This will enable the user to start the data collection of Audit logs from a specific date
  • Added support for the latest version of GitHub Enterprise Server - v3.13
    • Added support of 68 new events in the sourcetype github:enterprise:audit by providing CIM tagging to the events
    • The new events are mapped with CIM data models and appropriate CIM fields are extracted
  • Updated the data model mapping and CIM fields for many of the events in both the sourcetypes - github:cloud:audit & github:enterprise:audit
    • All the events that were earlier mapped to the Change:Auditing_Changes data model are now mapped with Change:All_Changes as the events were better fit with the Change:All_Changes dataset
    • The values of the CIM fields like object_category, object_attrs, command, src, src_user, and object are added or updated in the events across the sourcetype
  • Verified IPv6 compliance checks for the add-on and enhanced TA functionality accordingly
  • Added support of latest CIM version - v5.3.2
  • Fixed the security vulnerability found in the urllib3 and certifi libraries by upgrading the libraries to their version from 1.26.18 to 1.26.19 and from 2023.11.17 to 2024.7.4 respectively

Breaking changes
Sourcetype vendor_action Fields v1 v2
Added Fields Modified Fields Removed Fields
[‘github:enterprise:audit’] business.add_admin object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag src_user, user null, null github-admin, github-admin
[‘github:enterprise:audit’] org.async_delete, business.add_organization object_category, event_group, eventtype, tag, tag::eventtype organization, change_audit, github_audit_changes, audit, audit Group Management, change_all, github_all_changes
[‘github:enterprise:audit’] business.update_member_repository_creation_permission, business.advanced_security_policy_update event_group, eventtype, tag, tag::eventtype change_audit, github_audit_changes, audit, audit change_all, github_all_changes
[‘github:enterprise:audit’] business.clear_members_can_create_repos object_category, event_group, eventtype, tag, tag::eventtype Policy Management, change_audit, github_audit_changes, audit, audit Group Management, change_all, github_all_changes
[‘github:enterprise:audit’] business.referrer_override_enable, business.referrer_override_disable object_category, event_group, eventtype, tag, tag::eventtype Policy Management, change_audit, github_audit_changes, audit, audit Other, change_all, github_all_changes
[‘github:enterprise:audit’] business.remove_organization, private_repository_forking.disable, private_repository_forking.enable, org.delete, org.create object_category, event_group, eventtype, tag, tag::eventtype organization, change_audit, github_audit_changes, audit, audit Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] business.update_default_repository_permission object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] business.update_terms_of_service object, eventtype, dvc, change_type, action, tag::eventtype, event_group, dest, src, object_id, status, object_category, tag
[‘github:enterprise:audit’] config_entry.destroy, config_entry.create, config_entry.update object_category, event_group, eventtype, tag, tag::eventtype business, change_audit, github_audit_changes, audit, audit Other, change_all, github_all_changes
[‘github:enterprise:audit’] discussion_post.destroy object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] oauth_access.destroy, enterprise.config.disable_anonymous_git_access, email_role.create, enterprise.config.lock_anonymous_git_access, oauth_access.create object_category, event_group, eventtype, tag, tag::eventtype user, change_audit, github_audit_changes, audit, audit Other, change_all, github_all_changes
[‘github:enterprise:audit’] enterprise_domain.approve object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] enterprise_domain.create object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] enterprise_domain.destroy object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] hook.active_changed object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] hook.config_changed object_category, event_group, eventtype, tag, tag::eventtype hook, change_audit, github_audit_changes, audit, audit Policy Management, change_all, github_all_changes
[‘github:enterprise:audit’] hook.create, hook.destroy, hook.events_changed object_category, event_group, eventtype, tag, tag::eventtype hook, change_audit, github_audit_changes, audit, audit Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] integration.create object, eventtype, dvc, change_type, action, tag::eventtype, event_group, command, src, dest, object_id, status, object_category, tag
[‘github:enterprise:audit’] issue.update, issue.destroy object_category, event_group, eventtype, tag, tag::eventtype issue, change_audit, github_audit_changes, audit, audit Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] issue_comment.update object, object_category, event_group, eventtype, tag, tag::eventtype 1, issue, change_audit, github_audit_changes, audit, audit https://1.2.3.4/GitHub-Admin/test/issue_comments/1, Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] lockout.remove object_category user Other
[‘github:enterprise:audit’] management_console.save_settings object, eventtype, dvc, change_type, action, tag::eventtype, event_group, command, object_path, dest, object_id, user, status, object_category, tag
[‘github:enterprise:audit’] management_console.user_sign_in eventtype, dvc, tag::eventtype, action, src_user, event_group, dest, user, object_category, tag
[‘github:enterprise:audit’] newsletter_preference.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] oauth_application.create, oauth_application.transfer, oauth_application.destroy object_category, event_group, eventtype, tag, tag::eventtype oauth_application, change_audit, github_audit_changes, audit, audit Application Management, change_all, github_all_changes
[‘github:enterprise:audit’] oauth_application.remove_client_secret, oauth_application.revoke_all_tokens, oauth_application.generate_client_secret object_category, event_group, eventtype, tag, tag::eventtype oauth_application, change_audit, github_audit_changes, audit, audit Password Management, change_all, github_all_changes
[‘github:enterprise:audit’] oauth_application.revoke_tokens object_category oauth_application Password Management
[‘github:enterprise:audit’] oauth_authorization.destroy, oauth_authorization.create object_category, event_group, eventtype, tag, tag::eventtype oauth_application, change_audit, github_audit_changes, audit, audit Authorization, change_all, github_all_changes
[‘github:enterprise:audit’] org.add_member object_category organization Group Management
[‘github:enterprise:audit’] org.advanced_security_policy_selected_member_enabled, org.enable_member_team_creation_permission, org.update_member_repository_creation_permission object_category, event_group, eventtype, tag, tag::eventtype organization, change_audit, github_audit_changes, audit, audit Policy Management, change_all, github_all_changes
[‘github:enterprise:audit’] org.display_commenter_full_name_enabled object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] org.set_workflow_permission_can_approve_pr object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] organization_default_label.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] personal_access_token.access_granted object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] personal_access_token.access_revoked object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] personal_access_token.create object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] personal_access_token.credential_regenerated object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] personal_access_token.destroy object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] personal_access_token.request_created object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] project.close, project.update object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] project_view.create, project.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] project_field.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] protected_branch.create object_category, event_group, eventtype, tag, tag::eventtype branch, change_audit, github_audit_changes, audit, audit Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] protected_branch.dismiss_stale_reviews object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] protected_branch.update_admin_enforced, protected_branch.update_linear_history_requirement_enforcement_level, protected_branch.update_signature_requirement_enforcement_level, protected_branch.update_required_status_checks_enforcement_level, protected_branch.update_pull_request_reviews_enforcement_level object_category, event_group, eventtype, tag, tag::eventtype branch, change_audit, github_audit_changes, audit, audit Policy Management, change_all, github_all_changes
[‘github:enterprise:audit’] protected_branch.update_allow_deletions_enforcement_level, protected_branch.update_require_code_owner_review, protected_branch.update_allow_force_pushes_enforcement_level object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] public_key.delete, public_key.create object_category, event_group, eventtype, tag, tag::eventtype public_key, change_audit, github_audit_changes, audit, audit Key Management, change_all, github_all_changes
[‘github:enterprise:audit’] public_key.verify object_category
[‘github:enterprise:audit’] pull_request.close, pull_request.reopen, pull_request.merge object, object_category, event_group, eventtype, tag, tag::eventtype 2, pull_request, change_audit, github_audit_changes, audit, audit https://1.2.3.4/GitHub-Admin/test/pull/2, Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] pull_request.converted_to_draft, pull_request.ready_for_review object, object_category, event_group, eventtype, tag, tag::eventtype 5, pull_request, change_audit, github_audit_changes, audit, audit https://1.2.3.4/GitHub-Admin/test/pull/5, Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] pull_request.create object, object_category, event_group, eventtype, tag, tag::eventtype 1, pull_request, change_audit, github_audit_changes, audit, audit https://1.2.3.4/GitHub-Admin/test/compare/test2?expand=1, Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] pull_request_review.submit object, object_category, event_group, eventtype, tag, tag::eventtype 2, pull_request, change_audit, github_audit_changes, audit, audit https://1.2.3.4/GitHub-Admin/test/pull/2/files, Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] pull_request_review.update object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] pull_request_review_comment.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] pull_request_review_comment.delete object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] pull_request_review_comment.update object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] pull_request_review_thread.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] release.destroy object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.access object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.update_member, repo.add_member object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.archived, repo.unarchived object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.change_merge_setting object_category, event_group, eventtype, tag, tag::eventtype repo, change_audit, github_audit_changes, audit, audit Policy Management, change_all, github_all_changes
[‘github:enterprise:audit’] repo.create, repository_secret_scanning.disable, repo.destroy, repo.disk_archive object_category, event_group, eventtype, tag, tag::eventtype repo, change_audit, github_audit_changes, audit, audit Resource Management, change_all, github_all_changes
[‘github:enterprise:audit’] repo.remove_member object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.update_default_branch, repo.rename_branch object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.transfer object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] repo.transfer_outgoing object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repository_branch_protection_evaluation.disable object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repository_projects_change.disable, repository_projects_change.enable object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] repository_ruleset.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repository_ruleset.destroy object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] repository_ruleset.update object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] role.create object, eventtype, dvc, change_type, action, tag::eventtype, event_group, command, dest, status, object_category, tag
[‘github:enterprise:audit’] staff.minimize_comment object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] staff.repo_lock, staff.repo_unlock object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag
[‘github:enterprise:audit’] staff.view_audit_log object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag
[‘github:enterprise:audit’] staff.view_site_admins object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag
[‘github:enterprise:audit’] team.add_member object, eventtype, change_type, action, tag::eventtype, event_group, object_path, object_id, status, object_category, tag
[‘github:enterprise:audit’] team.remove_repository, team.update_repository_permission, team.add_repository object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] team.create object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] team_discussions.enable, team_discussions.disable object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag
[‘github:enterprise:audit’] user.delete, user.async_delete, user.create object_category user User Management
[‘github:enterprise:audit’] user.failed_login object_category
[‘github:enterprise:audit’] user.login object_category
[‘github:enterprise:audit’] user.mandatory_message_viewed object, eventtype, change_type, action, tag::eventtype, event_group, status, object_category, tag
[‘github:enterprise:audit’] user.minimize_comment object, eventtype, change_type, action, tag::eventtype, event_group, object_id, status, object_category, tag
[‘github:enterprise:audit’] user.reset_password object_category, event_group, eventtype, tag, tag::eventtype user, change_all, github_all_changes, , Password Management, change_account, github_account_changes, account, account
[‘github:enterprise:audit’] user_default_label.destroy object_category, event_group, eventtype, tag, tag::eventtype user_default_label, change_audit, github_audit_changes, audit, audit Other, change_all, github_all_changes
[‘github:enterprise:audit’] vulnerability_alert_rule.create object, eventtype, dvc, change_type, action, tag::eventtype, event_group, command, dest, object_id, status, object_category, tag
Sourcetype vendor_action Fields v1 v2
Added Fields Modified Fields Removed Fields
[‘github:cloud:audit’] business.advanced_security_policy_update src_user object_attrs advanced_security_policy_update business.advanced_security_policy_update
[‘github:cloud:audit’] business.clear_members_can_create_repos src_user object_attrs clear_members_can_create_repos business.clear_members_can_create_repos
[‘github:cloud:audit’] business.disable_two_factor_requirement src_user object_attrs disable_two_factor_requirement business.disable_two_factor_requirement
[‘github:cloud:audit’] business.enable_two_factor_requirement src_user object_attrs enable_two_factor_requirement business.enable_two_factor_requirement
[‘github:cloud:audit’] business.remove_member src_user object_attrs remove_member business.remove_member
[‘github:cloud:audit’] business.set_actions_fork_pr_approvals_policy src_user object_attrs set_actions_fork_pr_approvals_policy business.set_actions_fork_pr_approvals_policy
[‘github:cloud:audit’] business.set_actions_retention_limit src_user event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, set_actions_retention_limit, github_audit_changes, audit, audit change_all, business.set_actions_retention_limit, github_all_changes
[‘github:cloud:audit’] business.set_fork_pr_workflows_policy src_user event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, set_fork_pr_workflows_policy, github_audit_changes, audit, audit change_all, business.set_fork_pr_workflows_policy, github_all_changes
[‘github:cloud:audit’] business.update_actions_settings src_user object_attrs update_actions_settings business.update_actions_settings
[‘github:cloud:audit’] business.update_member_repository_creation_permission src_user object_attrs update_member_repository_creation_permission business.update_member_repository_creation_permission
[‘github:cloud:audit’] business.update_member_repository_invitation_permission src_user object_attrs update_member_repository_invitation_permission business.update_member_repository_invitation_permission
[‘github:cloud:audit’] business_secret_scanning_custom_pattern.create src_user object_attrs business_secret_scanning_custom_pattern business_secret_scanning_custom_pattern.create
[‘github:cloud:audit’] business_secret_scanning_custom_pattern.delete src_user object_attrs business_secret_scanning_custom_pattern business_secret_scanning_custom_pattern.delete
[‘github:cloud:audit’] business_secret_scanning_custom_pattern.update src_user object_attrs business_secret_scanning_custom_pattern business_secret_scanning_custom_pattern.update
[‘github:cloud:audit’] git.clone object_attrs
[‘github:cloud:audit’] git.fetch object_attrs, src_user
[‘github:cloud:audit’] git.push object_attrs, src_user
[‘github:cloud:audit’] hook.create object_attrs, src_user
[‘github:cloud:audit’] integration_installation.repositories_added src_user object_attrs integration_installation integration_installation.repositories_added
[‘github:cloud:audit’] issues.deletes_disabled src_user object_attrs deletes_disabled issues.deletes_disabled
[‘github:cloud:audit’] issues.deletes_enabled src_user object_attrs deletes_enabled issues.deletes_enabled
[‘github:cloud:audit’] issues.deletes_policy_cleared src_user event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, deletes_policy_cleared, github_audit_changes, audit, audit change_all, issues.deletes_policy_cleared, github_all_changes
[‘github:cloud:audit’] members_can_delete_repos.clear src_user object_attrs members_can_delete_repos members_can_delete_repos.clear
[‘github:cloud:audit’] members_can_delete_repos.disable src_user object_attrs members_can_delete_repos members_can_delete_repos.disable
[‘github:cloud:audit’] members_can_delete_repos.enable src_user object_attrs members_can_delete_repos members_can_delete_repos.enable
[‘github:cloud:audit’] members_can_view_dependency_insights.clear src_user object_attrs members_can_view_dependency_insights members_can_view_dependency_insights.clear
[‘github:cloud:audit’] members_can_view_dependency_insights.disable src_user object_attrs members_can_view_dependency_insights members_can_view_dependency_insights.disable
[‘github:cloud:audit’] members_can_view_dependency_insights.enable src_user object_attrs members_can_view_dependency_insights members_can_view_dependency_insights.enable
[‘github:cloud:audit’] org.accept_business_invitation src, src_user object_attrs accept_business_invitation org.accept_business_invitation
[‘github:cloud:audit’] org.add_member src object_attrs add_member org.add_member
[‘github:cloud:audit’] org.advanced_security_disabled_for_new_repos src, src_user object_attrs advanced_security_disabled_for_new_repos org.advanced_security_disabled_for_new_repos
[‘github:cloud:audit’] org.advanced_security_disabled_on_all_repos src, src_user object_attrs advanced_security_disabled_on_all_repos org.advanced_security_disabled_on_all_repos
[‘github:cloud:audit’] org.advanced_security_enabled_for_new_repos src, src_user object_attrs advanced_security_enabled_for_new_repos org.advanced_security_enabled_for_new_repos
[‘github:cloud:audit’] org.advanced_security_enabled_on_all_repos src, src_user object_attrs advanced_security_enabled_on_all_repos org.advanced_security_enabled_on_all_repos
[‘github:cloud:audit’] org.advanced_security_policy_selected_member_disabled src, src_user object_attrs advanced_security_policy_selected_member_disabled org.advanced_security_policy_selected_member_disabled
[‘github:cloud:audit’] org.advanced_security_policy_selected_member_enabled src, src_user object_attrs advanced_security_policy_selected_member_enabled org.advanced_security_policy_selected_member_enabled
[‘github:cloud:audit’] org.allow_third_party_access_requests_from_outside_collaborators_disabled src_user object_attrs allow_third_party_access_requests_from_outside_collaborators_disabled org.allow_third_party_access_requests_from_outside_collaborators_disabled
[‘github:cloud:audit’] org.allow_third_party_access_requests_from_outside_collaborators_enabled src_user object_attrs allow_third_party_access_requests_from_outside_collaborators_enabled org.allow_third_party_access_requests_from_outside_collaborators_enabled
[‘github:cloud:audit’] org.block_user src object_attrs block_user org.block_user
[‘github:cloud:audit’] org.cancel_business_invitation src, src_user object_attrs cancel_business_invitation org.cancel_business_invitation
[‘github:cloud:audit’] org.cancel_invitation src, src_user object_attrs cancel_invitation org.cancel_invitation
[‘github:cloud:audit’] org.config.disable_collaborators_only src, src_user object_attrs config.disable_collaborators_only org.config.disable_collaborators_only
[‘github:cloud:audit’] org.config.disable_contributors_only src, src_user object_attrs config.disable_contributors_only org.config.disable_contributors_only
[‘github:cloud:audit’] org.config.disable_sockpuppet_disallowed src, src_user object_attrs config.disable_sockpuppet_disallowed org.config.disable_sockpuppet_disallowed
[‘github:cloud:audit’] org.config.enable_collaborators_only src, src_user object_attrs config.enable_collaborators_only org.config.enable_collaborators_only
[‘github:cloud:audit’] org.config.enable_contributors_only src, src_user object_attrs config.enable_contributors_only org.config.enable_contributors_only
[‘github:cloud:audit’] org.config.enable_sockpuppet_disallowed src, src_user object_attrs config.enable_sockpuppet_disallowed org.config.enable_sockpuppet_disallowed
[‘github:cloud:audit’] org.confirm_business_invitation src, src_user object_attrs confirm_business_invitation org.confirm_business_invitation
[‘github:cloud:audit’] org.create src, object_attrs, src_user
[‘github:cloud:audit’] org.create_actions_secret src, src_user object_attrs create_actions_secret org.create_actions_secret
[‘github:cloud:audit’] org.create_integration_secret src, src_user object_attrs create_integration_secret org.create_integration_secret
[‘github:cloud:audit’] org.disable_member_team_creation_permission src, src_user object_attrs disable_member_team_creation_permission org.disable_member_team_creation_permission
[‘github:cloud:audit’] org.disable_oauth_app_restrictions src, src_user object_attrs disable_oauth_app_restrictions org.disable_oauth_app_restrictions
[‘github:cloud:audit’] org.disable_reader_discussion_creation_permission src, src_user object_attrs disable_reader_discussion_creation_permission org.disable_reader_discussion_creation_permission
[‘github:cloud:audit’] org.disable_saml src_user object_attrs disable_saml org.disable_saml
[‘github:cloud:audit’] org.disable_two_factor_requirement src, src_user object_attrs disable_two_factor_requirement org.disable_two_factor_requirement
[‘github:cloud:audit’] org.display_commenter_full_name_disabled src, src_user object_attrs display_commenter_full_name_disabled org.display_commenter_full_name_disabled
[‘github:cloud:audit’] org.display_commenter_full_name_enabled src, src_user object_attrs display_commenter_full_name_enabled org.display_commenter_full_name_enabled
[‘github:cloud:audit’] org.enable_member_team_creation_permission src, src_user object_attrs enable_member_team_creation_permission org.enable_member_team_creation_permission
[‘github:cloud:audit’] org.enable_oauth_app_restrictions src, src_user object_attrs enable_oauth_app_restrictions org.enable_oauth_app_restrictions
[‘github:cloud:audit’] org.enable_reader_discussion_creation_permission src, src_user object_attrs enable_reader_discussion_creation_permission org.enable_reader_discussion_creation_permission
[‘github:cloud:audit’] org.enable_saml src_user object_attrs enable_saml org.enable_saml
[‘github:cloud:audit’] org.enable_two_factor_requirement src, src_user object_attrs enable_two_factor_requirement org.enable_two_factor_requirement
[‘github:cloud:audit’] org.integration_manager_added src object_attrs integration_manager_added org.integration_manager_added
[‘github:cloud:audit’] org.integration_manager_removed src object_attrs integration_manager_removed org.integration_manager_removed
[‘github:cloud:audit’] org.invite_member src object_attrs invite_member org.invite_member
[‘github:cloud:audit’] org.oauth_app_access_approved src object_attrs oauth_app_access_approved org.oauth_app_access_approved
[‘github:cloud:audit’] org.oauth_app_access_denied src, src_user object_attrs oauth_app_access_denied org.oauth_app_access_denied
[‘github:cloud:audit’] org.remove_actions_secret src, src_user object_attrs remove_actions_secret org.remove_actions_secret
[‘github:cloud:audit’] org.remove_integration_secret src, src_user object_attrs remove_integration_secret org.remove_integration_secret
[‘github:cloud:audit’] org.remove_member src object_attrs remove_member org.remove_member
[‘github:cloud:audit’] org.remove_outside_collaborator src object_attrs remove_outside_collaborator org.remove_outside_collaborator
[‘github:cloud:audit’] org.rename src, object_attrs, src_user
[‘github:cloud:audit’] org.restore_member object_attrs restore_member org.restore_member
[‘github:cloud:audit’] org.runner_group_created src, src_user object_attrs runner_group_created org.runner_group_created
[‘github:cloud:audit’] org.runner_group_removed src, src_user object_attrs runner_group_removed org.runner_group_removed
[‘github:cloud:audit’] org.runner_group_updated src, src_user object_attrs runner_group_updated org.runner_group_updated
[‘github:cloud:audit’] org.secret_scanning_custom_pattern_push_protection_disabled src, src_user object_attrs secret_scanning_custom_pattern_push_protection_disabled org.secret_scanning_custom_pattern_push_protection_disabled
[‘github:cloud:audit’] org.secret_scanning_custom_pattern_push_protection_enabled src, src_user object_attrs secret_scanning_custom_pattern_push_protection_enabled org.secret_scanning_custom_pattern_push_protection_enabled
[‘github:cloud:audit’] org.secret_scanning_push_protection_custom_message_disabled src, src_user object_attrs secret_scanning_push_protection_custom_message_disabled org.secret_scanning_push_protection_custom_message_disabled
[‘github:cloud:audit’] org.secret_scanning_push_protection_custom_message_enabled src, src_user object_attrs secret_scanning_push_protection_custom_message_enabled org.secret_scanning_push_protection_custom_message_enabled
[‘github:cloud:audit’] org.secret_scanning_push_protection_disable src, src_user object_attrs secret_scanning_push_protection_disable org.secret_scanning_push_protection_disable
[‘github:cloud:audit’] org.secret_scanning_push_protection_enable src, src_user object_attrs secret_scanning_push_protection_enable org.secret_scanning_push_protection_enable
[‘github:cloud:audit’] org.secret_scanning_push_protection_new_repos_enable src, src_user object_attrs secret_scanning_push_protection_new_repos_enable org.secret_scanning_push_protection_new_repos_enable
[‘github:cloud:audit’] org.set_actions_fork_pr_approvals_policy src, src_user object_attrs set_actions_fork_pr_approvals_policy org.set_actions_fork_pr_approvals_policy
[‘github:cloud:audit’] org.set_actions_retention_limit src, src_user object_attrs set_actions_retention_limit org.set_actions_retention_limit
[‘github:cloud:audit’] org.set_default_workflow_permissions src, src_user object_attrs set_default_workflow_permissions org.set_default_workflow_permissions
[‘github:cloud:audit’] org.set_workflow_permission_can_approve_pr src, src_user object_attrs set_workflow_permission_can_approve_pr org.set_workflow_permission_can_approve_pr
[‘github:cloud:audit’] org.unblock_user src object_attrs unblock_user org.unblock_user
[‘github:cloud:audit’] org.update_actions_secret src, src_user object_attrs update_actions_secret org.update_actions_secret
[‘github:cloud:audit’] org.update_actions_settings src, src_user object_attrs update_actions_settings org.update_actions_settings
[‘github:cloud:audit’] org.update_default_repository_permission src, src_user object_attrs update_default_repository_permission org.update_default_repository_permission
[‘github:cloud:audit’] org.update_integration_secret src, src_user object_attrs update_integration_secret org.update_integration_secret
[‘github:cloud:audit’] org.update_member src object_attrs update_member org.update_member
[‘github:cloud:audit’] org.update_member_repository_creation_permission src, src_user object_attrs update_member_repository_creation_permission org.update_member_repository_creation_permission
[‘github:cloud:audit’] org.update_member_repository_invitation_permission src, src_user object_attrs update_member_repository_invitation_permission org.update_member_repository_invitation_permission
[‘github:cloud:audit’] org.update_new_repository_default_branch_setting src, src_user object_attrs update_new_repository_default_branch_setting org.update_new_repository_default_branch_setting
[‘github:cloud:audit’] org.update_saml_provider_settings src_user object_attrs update_saml_provider_settings org.update_saml_provider_settings
[‘github:cloud:audit’] org.update_terms_of_service src, src_user object_attrs update_terms_of_service org.update_terms_of_service
[‘github:cloud:audit’] org_credential_authorization.deauthorize src_user object_attrs org_credential_authorization org_credential_authorization.deauthorize
[‘github:cloud:audit’] org_credential_authorization.grant src_user object_attrs org_credential_authorization org_credential_authorization.grant
[‘github:cloud:audit’] organization_projects_change.clear src_user object_attrs organization_projects_change organization_projects_change.clear
[‘github:cloud:audit’] organization_projects_change.disable src_user object_attrs organization_projects_change organization_projects_change.disable
[‘github:cloud:audit’] organization_projects_change.enable src_user object_attrs organization_projects_change organization_projects_change.enable
[‘github:cloud:audit’] private_repository_forking.clear src_user object_attrs private_repository_forking private_repository_forking.clear
[‘github:cloud:audit’] private_repository_forking.disable src_user object_attrs private_repository_forking private_repository_forking.disable
[‘github:cloud:audit’] private_repository_forking.enable src_user object_attrs private_repository_forking private_repository_forking.enable
[‘github:cloud:audit’] pull_request.close object_attrs, src_user
[‘github:cloud:audit’] pull_request.create object_attrs, src_user
[‘github:cloud:audit’] pull_request.create_review_request object_attrs, src_user
[‘github:cloud:audit’] pull_request.merge object_attrs, src_user
[‘github:cloud:audit’] pull_request.ready_for_review object_attrs, src_user
[‘github:cloud:audit’] pull_request.reopen object_attrs, src_user
[‘github:cloud:audit’] repo.access object_attrs, src_user
[‘github:cloud:audit’] repo.actions_enabled src_user object_attrs actions_enabled repo.actions_enabled
[‘github:cloud:audit’] repo.add_member object_attrs add_member repo.add_member
[‘github:cloud:audit’] repo.add_topic src, src_user object_attrs add_topic repo.add_topic
[‘github:cloud:audit’] repo.advanced_security_disabled src, src_user object_attrs advanced_security_disabled repo.advanced_security_disabled
[‘github:cloud:audit’] repo.advanced_security_enabled src, src_user object_attrs advanced_security_enabled repo.advanced_security_enabled
[‘github:cloud:audit’] repo.archived src, object_attrs, src_user
[‘github:cloud:audit’] repo.change_merge_setting src_user object_attrs change_merge_setting repo.change_merge_setting
[‘github:cloud:audit’] repo.code_scanning_analysis_deleted src, src_user object_attrs code_scanning_analysis_deleted repo.code_scanning_analysis_deleted
[‘github:cloud:audit’] repo.code_scanning_configuration_for_branch_deleted src, src_user object_attrs code_scanning_configuration_for_branch_deleted repo.code_scanning_configuration_for_branch_deleted
[‘github:cloud:audit’] repo.codeql_enabled src, src_user object_attrs codeql_enabled repo.codeql_enabled
[‘github:cloud:audit’] repo.config.disable_collaborators_only src_user object_attrs config.disable_collaborators_only repo.config.disable_collaborators_only
[‘github:cloud:audit’] repo.config.disable_contributors_only src_user object_attrs config.disable_contributors_only repo.config.disable_contributors_only
[‘github:cloud:audit’] repo.config.disable_sockpuppet_disallowed src_user object_attrs config.disable_sockpuppet_disallowed repo.config.disable_sockpuppet_disallowed
[‘github:cloud:audit’] repo.config.enable_collaborators_only src_user object_attrs config.enable_collaborators_only repo.config.enable_collaborators_only
[‘github:cloud:audit’] repo.config.enable_contributors_only src_user object_attrs config.enable_contributors_only repo.config.enable_contributors_only
[‘github:cloud:audit’] repo.config.enable_sockpuppet_disallowed src_user object_attrs config.enable_sockpuppet_disallowed repo.config.enable_sockpuppet_disallowed
[‘github:cloud:audit’] repo.create object_attrs, src_user
[‘github:cloud:audit’] repo.create_actions_secret src_user object_attrs create_actions_secret repo.create_actions_secret
[‘github:cloud:audit’] repo.create_integration_secret src_user object_attrs create_integration_secret repo.create_integration_secret
[‘github:cloud:audit’] repo.destroy object_attrs, src_user
[‘github:cloud:audit’] repo.pages_cname src_user object_attrs pages_cname repo.pages_cname
[‘github:cloud:audit’] repo.pages_create src_user object_attrs pages_create repo.pages_create
[‘github:cloud:audit’] repo.pages_destroy src_user object_attrs pages_destroy repo.pages_destroy
[‘github:cloud:audit’] repo.pages_https_redirect_disabled src_user object_attrs pages_https_redirect_disabled repo.pages_https_redirect_disabled
[‘github:cloud:audit’] repo.pages_https_redirect_enabled src_user object_attrs pages_https_redirect_enabled repo.pages_https_redirect_enabled
[‘github:cloud:audit’] repo.pages_private src, src_user object_attrs pages_private repo.pages_private
[‘github:cloud:audit’] repo.pages_public src_user object_attrs pages_public repo.pages_public
[‘github:cloud:audit’] repo.pages_source src_user object_attrs pages_source repo.pages_source
[‘github:cloud:audit’] repo.register_self_hosted_runner src_user object_attrs register_self_hosted_runner repo.register_self_hosted_runner
[‘github:cloud:audit’] repo.remove_actions_secret src, src_user object_attrs remove_actions_secret repo.remove_actions_secret
[‘github:cloud:audit’] repo.remove_integration_secret src, src_user object_attrs remove_integration_secret repo.remove_integration_secret
[‘github:cloud:audit’] repo.remove_member src object_attrs remove_member repo.remove_member
[‘github:cloud:audit’] repo.remove_self_hosted_runner src, src_user object_attrs remove_self_hosted_runner repo.remove_self_hosted_runner
[‘github:cloud:audit’] repo.remove_topic src, src_user object_attrs remove_topic repo.remove_topic
[‘github:cloud:audit’] repo.rename src, object_attrs, src_user
[‘github:cloud:audit’] repo.self_hosted_runner_offline object_attrs self_hosted_runner_offline repo.self_hosted_runner_offline
[‘github:cloud:audit’] repo.self_hosted_runner_online object_attrs self_hosted_runner_online repo.self_hosted_runner_online
[‘github:cloud:audit’] repo.set_actions_fork_pr_approvals_policy src_user object_attrs set_actions_fork_pr_approvals_policy repo.set_actions_fork_pr_approvals_policy
[‘github:cloud:audit’] repo.set_actions_retention_limit src_user object_attrs set_actions_retention_limit repo.set_actions_retention_limit
[‘github:cloud:audit’] repo.transfer object_attrs, src_user
[‘github:cloud:audit’] repo.transfer_outgoing src_user object_attrs transfer_outgoing repo.transfer_outgoing
[‘github:cloud:audit’] repo.unarchived src, object_attrs, src_user
[‘github:cloud:audit’] repo.update_actions_secret src_user object_attrs update_actions_secret repo.update_actions_secret
[‘github:cloud:audit’] repo.update_actions_settings src, src_user object_attrs update_actions_settings repo.update_actions_settings
[‘github:cloud:audit’] repo.update_default_branch src_user object_attrs update_default_branch repo.update_default_branch
[‘github:cloud:audit’] repo.update_integration_secret src_user object_attrs update_integration_secret repo.update_integration_secret
[‘github:cloud:audit’] repo.update_member src object_attrs update_member repo.update_member
[‘github:cloud:audit’] repository_dependency_graph.enable src_user object_attrs repository_dependency_graph repository_dependency_graph.enable
[‘github:cloud:audit’] repository_projects_change.clear src_user object_attrs repository_projects_change repository_projects_change.clear
[‘github:cloud:audit’] repository_projects_change.disable src_user object_attrs repository_projects_change repository_projects_change.disable
[‘github:cloud:audit’] repository_projects_change.enable src_user object_attrs repository_projects_change repository_projects_change.enable
[‘github:cloud:audit’] repository_secret_scanning.enable src_user object_attrs repository_secret_scanning repository_secret_scanning.enable
[‘github:cloud:audit’] repository_secret_scanning_push_protection.disable src_user object_attrs repository_secret_scanning_push_protection repository_secret_scanning_push_protection.disable
[‘github:cloud:audit’] repository_visibility_change.clear src_user object_attrs repository_visibility_change repository_visibility_change.clear
[‘github:cloud:audit’] repository_visibility_change.disable src_user object_attrs repository_visibility_change repository_visibility_change.disable
[‘github:cloud:audit’] repository_visibility_change.enable src_user object_attrs repository_visibility_change repository_visibility_change.enable
[‘github:cloud:audit’] repository_vulnerability_alert.create object_attrs, src_user
[‘github:cloud:audit’] repository_vulnerability_alert.reopen object_attrs, src_user
[‘github:cloud:audit’] repository_vulnerability_alerts.enable src_user event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, repository_vulnerability_alerts, github_audit_changes, audit, audit change_all, repository_vulnerability_alerts.enable, github_all_changes
[‘github:cloud:audit’] team.add_member object_attrs add_member team.add_member
[‘github:cloud:audit’] team.add_repository src_user object_attrs add_repository team.add_repository
[‘github:cloud:audit’] team.change_parent_team src, src_user object_attrs change_parent_team team.change_parent_team
[‘github:cloud:audit’] team.change_privacy src, src_user object_attrs change_privacy team.change_privacy
[‘github:cloud:audit’] team.create src, object_attrs, src_user
[‘github:cloud:audit’] team.demote_maintainer src object_attrs demote_maintainer team.demote_maintainer
[‘github:cloud:audit’] team.destroy src, object_attrs, src_user
[‘github:cloud:audit’] team.promote_maintainer src object_attrs promote_maintainer team.promote_maintainer
[‘github:cloud:audit’] team.remove_member src object_attrs remove_member team.remove_member
[‘github:cloud:audit’] team.remove_repository src_user object_attrs remove_repository team.remove_repository
[‘github:cloud:audit’] team.rename src, object_attrs, src_user
[‘github:cloud:audit’] team.update_repository_permission src, src_user object_attrs update_repository_permission team.update_repository_permission
[‘github:cloud:audit’] team_discussions.clear src_user object_attrs team_discussions team_discussions.clear
[‘github:cloud:audit’] team_discussions.disable src_user object_attrs team_discussions team_discussions.disable
[‘github:cloud:audit’] team_discussions.enable src_user object_attrs team_discussions team_discussions.enable
[‘github:cloud:audit’] workflows.completed_workflow_run src_user event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, workflow_run, github_audit_changes, audit, audit change_all, workflows.completed_workflow_run, github_all_changes
[‘github:cloud:audit’] workflows.created_workflow_run src_user event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, workflow_run, github_audit_changes, audit, audit change_all, workflows.created_workflow_run, github_all_changes
[‘github:cloud:audit’] workflows.enable_workflow src_user object_attrs enable_workflow workflows.enable_workflow
[‘github:cloud:audit’] workflows.prepared_workflow_job event_group, object_attrs, eventtype, tag, tag::eventtype change_audit, workflow_job, github_audit_changes, audit, audit change_all, workflows.prepared_workflow_job, github_all_changes

Fixed issues

Version 3.0.0 of the Splunk Add-on for GitHub has the following fixed issues:

Known issues

Version 3.0.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Third-party libraries

The Splunk Add-on for GitHub version 3.0.0 uses the following third-party libraries:

Third-party libraries for Splunk Add-on for GitHub version 3.0.0

Version 2.2.1

Version 2.2.1 of the Splunk Add-on for GitHub was released on December 11, 2023.

Compatibility

Version 2.2.1 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.1.1
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, Github Enterprise Cloud

New Features

Fixed a security vulnerability found in the Splunk Add-on for GitHub library by upgrading its version from 1.37.2 to 1.38.0

Fixed issues

Version 2.2.1 of the Splunk Add-on for GitHub has the following fixed issues:

Known issues

Version 2.2.1 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Third-party libraries

The Splunk Add-on for GitHub version 2.2.1 uses the following third-party libraries:

Third-party libraries for Splunk Add-on for GitHub version 2.2.1

Version 2.2.0

Version 2.2.0 of the Splunk Add-on for GitHub was released on July 5, 2023.

Compatibility

Version 2.2.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.1.1
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, Github Enterprise Cloud

New Features

  • Provided support of GitHub Cloud Audit events with category org, repo, and team in sourcetype github:cloud:audit.
  • Provided support of GitHub Enterprise Cloud Audit log streaming in sourcetype github:cloud:audit of the add-on.
  • Made “Account Type” field uneditable while editing a GitHub Cloud Audit Input to avoid data collection gaps.

Fixed issues

Version 2.2.0 of the Splunk Add-on for GitHub has the following fixed issues:

Known issues

Version 2.2.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Third-party libraries

The Splunk Add-on for GitHub version 2.2.0 uses the following third-party libraries:

Third-party libraries for Splunk Add-on for GitHub version 2.2.1

Version 2.1.1

Version 2.1.1 of the Splunk Add-on for GitHub was released on March 2, 2023.

Compatibility

Version 2.1.1 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.0.1
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, Github Enterprise Cloud

New Features

There are no new features in this release.There are certain bug fixes mentioned in the below section.

Fixed issues

Version 2.1.1 of the Splunk Add-on for GitHub has the following fixed issues:

  • Fixed validation issues for GitHub Cloud Audit Input.
  • Upgraded the third-party certifi library to version 2022.12.7
  • Fixed a security vulnerability found in the certifi library.

Known issues

Version 2.1.1 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Third-party libraries

The Splunk Add-on for GitHub version 2.1.1 uses the following third-party libraries:

Third-party libraries for Splunk Add-on for GitHub version 2.1.1

Version 2.1.0

Version 2.1.0 of the Splunk Add-on for GitHub was released on October 9, 2022.

Compatibility

Version 2.1.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.0.1
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, Github Enterprise Cloud

New Features

There are no new feature in this release.

Fixed issues

Version 2.1.0 of the Splunk Add-on for GitHub has the following fixed issues:

  • Fixed the checkpoint mechanism for both Audit and User inputs.
  • Enhanced input configuration validations for a better user experience.
  • Added a retry mechanism for user data collection in case of server errors.

Known issues

Version 2.1.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Third-party libraries

The Splunk Add-on for GitHub version 2.1.0 uses the following third-party libraries:

Third-party libraries for Splunk Add-on for GitHub version 2.1.0

Version 2.0.0

Version 2.0.0 of the Splunk Add-on for GitHub was released on May 27, 2022.

Compatibility

Version 2.0.0 of the Splunk Add-on for GitHub is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x
CIM 5.0.1
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2, Github Enterprise Cloud

New Features

  • Integrated the support of data collection from the GitHub Enterprise Cloud.
  • Added the add-on UI components for Configuration and Inputs.
  • Added support to fetch audit logs for Organization and Enterprise account types.
  • Added support to fetch user metadata events from GitHub Cloud via modular inputs.
  • Added proxy and logging support in data collection.
  • Added compatibility with the latest CIM version 5.1.0 for the newly collected events from GitHub Cloud.

Fixed issues

Version 2.0.0 of the Splunk Add-on for GitHub has the following fixed issues:

Known issues

Version 2.0.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Version 1.0.0

Version 1.0.0 of the Splunk Add-on for GitHub was released on December 27, 2021.

Splunk platform versions 8.0.x, 8.1.x, 8.2.x
CIM 4.20.2
Platforms Platform independent
Vendor Products GitHub Enterprise v3.2

New Features

  • Provides support for audit logs of GitHub Enterprise Server (GHES) for version v3.2.
  • Collects GitHub Enterprise audited actions logs using GitHub’s Log Forwarding feature on the specified Splunk server with Splunk connect for Syslog (SC4S).
  • SC4S assigns github:enterprise:audit sourcetype to all events and the logs are collected in the gitops index.
  • Added CIM mapping & extractions from scratch for the latest CIM compatible version 4.20.2.

Known issues

Version 1.0.0 of the Splunk Add-on for GitHub has the following reported known issues. If no issues appear below, no issues have yet been reported:

Ended: Release Notes