GitHub
GitHub is a cloud-based service that helps developers store and manage their code, as well as track and control changes to their code. Audit logs in GitHub allow administrators to track important events and quickly review the actions performed by members of thier organization. These actions include:
- The organization an action was performed in
- The user (actor) who performed the action
- The user affected by the action
- Which repository an action was performed in
- The action that was performed
- Which country the action took place in
- The date and time the action occurred
In the Common Information Model, GitHub data can be mapped to the Authentication and Change data models.
Configuration
Guidance for onboarding data can be found in the Spunk Documentation:
- Getting Data In (Splunk Enterprise)
- Getting Data In (Splunk Cloud)
- Get data into Splunk Observability Cloud
Refer to the documentation, and note the following:
- Recommended index: gitops
- Source type: github:enterprise:audit
- Add-on and apps for GitHub:
Application
When your Splunk deployment is ingesting GitHub data, you can use it to accomplish security use cases.