🚫 [Deprecated] GitHub Enterprise Audit Log
🚫 Deprecated: This connector has been deprecated and may be removed in future versions.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Connector ID | GitHubEcAuditLogPolling |
| Publisher | GitHub |
| Used in Solutions | GitHub |
| Collection Method | CCF |
| Connector Definition Files | azuredeploy_GitHub_native_poller_connector.json |
| CCF Capabilities | APIKey, Paging |
| Microsoft Learn | View on Learn |
The GitHub audit log connector provides the capability to ingest GitHub logs into Microsoft Sentinel. By connecting GitHub audit logs into Microsoft Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.
Note: If you intended to ingest GitHub subscribed events into Microsoft Sentinel, please refer to GitHub (using Webhooks) Connector from "Data Connectors" gallery.
NOTE: This data connector has been deprecated, consider moving to the CCF data connector available in the solution which replaces ingestion via the deprecated HTTP Data Collector API.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
GitHubAuditLogPolling_CL |
✓ | ✓ | ✓ |
GitHubAuditLogsV2_CL |
✓ | ✓ | ✓ |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions:
- Workspace (Workspace): read and write permissions are required.
Custom Permissions:
- GitHub API personal access token: You need a GitHub personal access token to enable polling for the organization audit log. You may use either a classic token with 'read:org' scope OR a fine-grained token with 'Administration: Read-only' scope.
- GitHub Enterprise type: This connector will only function with GitHub Enterprise Cloud; it will not support GitHub Enterprise Server.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Connect the GitHub Enterprise Organization-level Audit Log to Microsoft Sentinel
Enable GitHub audit logs. Follow this guide to create or find your personal access token.
📋 Additional Configuration Step: This connector includes a configuration step of type
APIKey. Please refer to the Microsoft Sentinel portal for detailed configuration options for this step.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊