Skip to main content
Splunk Lantern

GitHub

GitHub is a cloud-based service that helps developers store and manage their code, as well as track and control changes to their code. Audit logs in GitHub allow administrators to track important events and quickly review the actions performed by members of thier organization. These actions include:

  • The organization an action was performed in
  • The user (actor) who performed the action
  • The user affected by the action
  • Which repository an action was performed in
  • The action that was performed
  • Which country the action took place in
  • The date and time the action occurred

In the Common Information Model, GitHub data can be mapped to the Authentication and Change data models.

Configuration

Guidance for onboarding data can be found in the Spunk Documentation: 

Refer to the documentation, and note the following:

Application

When your Splunk deployment is ingesting GitHub data, you can use it to accomplish security use cases.