Nota:
Este artículo enumera los eventos que pueden aparecer en el registro de auditoría de una empresa. Para los eventos que pueden aparecer en el registro de seguridad de una cuenta de usuario o en el registro de auditoría de una organización, consulta Eventos de registro de seguridad y Eventos de registro de auditoría de la organización.
En este artículo se enumeran los eventos que aparecen en la configuración de empresa. El panel de administración del sitio puede contener otros eventos que no aparecen aquí.
Audit log events
account
account.plan_change- The account's plan changed.
- Campos
actor,operation_type,_document_id,user_agent,created_at,actor_id,request_id,@timestamp,user,action,user_id,programmatic_access_type- Referencia
- /billing/managing-the-plan-for-your-github-account/about-billing-for-plans
actions_cache
actions_cache.delete- A GitHub Actions cache was deleted using the REST API.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,user_id,user,repo_id,repo,org,org_id,actions_cache_id,actions_cache_key,actions_cache_version,actions_cache_scope,action,_document_id,@timestamp,created_at,operation_type,token_scopes,programmatic_access_type,request_access_security_header
api
api.request- An API request was made to an endpoint for the enterprise, or an enterprise owned resource. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.
- Campos
user_agent,request_id,request_method,query_string,hashed_token,programmatic_access_type,actor,actor_id,token_id,token_scopes,request_body,status_code,url_path,business,business_id,org,org_id,repo,repo_id,public_repo,user,user_id,action,_document_id,@timestamp,created_at,operation_type,route,rate_limit_remaining,actor_is_bot- Referencia
- Streaming the audit log for your enterprise
artifact
artifact.destroy- A workflow run artifact was manually deleted.
- Campos
action,actor,user_agent,actor_id,repo,repo_id,request_id,@timestamp,created_at,_document_id,operation_type,programmatic_access_type
audit_log_streaming
audit_log_streaming.check- A manual check of the endpoint configured for audit log streaming was performed.
- Campos
user_agent,request_id,actor,actor_id,audit_log_stream_result,business_id,business,action,_document_id,@timestamp,created_at,operation_type,audit_log_stream_sink_details,request_access_security_header
audit_log_streaming.create- An endpoint was added for audit log streaming.
- Campos
user_agent,request_id,actor,actor_id,business_id,business,audit_log_stream_sink,action,_document_id,@timestamp,created_at,operation_type,audit_log_stream_id
audit_log_streaming.destroy- An audit log streaming endpoint was deleted.
- Campos
user_agent,request_id,actor,actor_id,business_id,business,action,_document_id,@timestamp,created_at,operation_type,audit_log_stream_id,audit_log_stream_sink_details
audit_log_streaming.update- An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.
- Campos
user_agent,request_id,actor,actor_id,audit_log_stream_enabled,business_id,business,audit_log_stream_sink,action,_document_id,@timestamp,created_at,operation_type,new_s3_bucket,old_s3_bucket,secrets_updated,new_s3_arn_role,old_s3_arn_role,new_azure_blob_container,old_azure_blob_container,new_event_hub_instance,old_event_hub_instance,new_splunk_domain,old_splunk_domain,ssl_verify,old_gc_bucket
billing
billing.change_billing_type- The way the account pays for GitHub was changed.
- Campos
actor_id,user,@timestamp,actor,user_id,action,created_at,operation_type,_document_id,user_agent,request_id- Referencia
- Managing your payment and billing information
billing.change_email- The billing email address changed.
- Campos
actor,operation_type,actor_id,org_id,@timestamp,user_agent,request_id,created_at,_document_id,org,email,action,request_access_security_header- Referencia
- Managing your payment and billing information
business
business.add_admin- An enterprise owner was added to an enterprise.
- Campos
name,business,user,user_id,@timestamp,created_at,actor,actor_id,action,operation_type,request_id,business_id,_document_id,user_agent,programmatic_access_type,request_access_security_header- Referencia
- Inviting people to manage your enterprise
business.add_organization- An organization was added to an enterprise.
- Campos
org_id,operation_type,@timestamp,actor,business_id,org,action,user_agent,actor_id,name,created_at,request_id,_document_id,business,organization_upgrade,request_access_security_header
business.advanced_security_policy_update- An enterprise owner created, updated, or removed a policy for GitHub Advanced Security.
- Campos
user_agent,request_id,actor,actor_id,name,new_policy,business,business_id,action,operation_type,@timestamp,created_at,_document_id,request_access_security_header- Referencia
- Enforcing policies for code security and analysis for your enterprise
business.clear_actions_settings- An enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise.
- Campos
user_agent,request_id,actor,actor_id,name,business,business_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- Enforcing policies for GitHub Actions in your enterprise
business.clear_default_repository_permission- An enterprise owner cleared the base repository permission policy setting for an enterprise.
- Campos
name,operation_type,business_id,user_agent,actor_id,request_id,actor,_document_id,business,action,@timestamp,created_at- Referencia
- Enforcing repository management policies in your enterprise
business.clear_members_can_create_repos- An enterprise owner cleared a restriction on repository creation in organizations in the enterprise.
- Campos
user_agent,actor_id,business_id,action,_document_id,request_id,name,business,visibility,created_at,actor,operation_type,@timestamp- Referencia
- Enforcing repository management policies in your enterprise
business.code_scanning_autofix_policy_update- The policy for Code scanning autofix was updated for an enterprise.
- Campos
actor,actor_id,user_agent,request_id,name,new_policy,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header
business.code_scanning_autofix_third_party_tools_policy_update- The policy for Code scanning autofix third party tools was updated for an enterprise.
- Campos
actor,actor_id,user_agent,request_id,name,new_policy,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header- Referencia
- /code-security/getting-started/github-security-features#available-with-github-code-security
business.code_security_enablement_policy_update- The policy for Code Security enablement was updated for an enterprise.
- Campos
actor,actor_id,user_agent,request_id,request_access_security_header,name,new_policy,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot- Referencia
- /code-security/getting-started/github-security-features#available-with-github-code-security
business.create- An enterprise was created.
- Campos
actor_id,_document_id,action,@timestamp,request_id,name,business,business_id,operation_type,actor,created_at,user_agent,request_access_security_header
business.disable_open_scim- SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.
- Campos
actor,actor_id,user_agent,request_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
business.disable_source_ip_disclosure- Display of IP addresses within audit log events for the enterprise was disabled.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Displaying IP addresses in the audit log for your enterprise
business.disable_two_factor_requirement- The requirement for members to have two-factor authentication enabled to access an enterprise was disabled.
- Campos
action,@timestamp,actor,business,operation_type,created_at,user_agent,business_id,actor_id,name,_document_id,request_id
business.enable_open_scim- SCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.
- Campos
actor,actor_id,user_agent,request_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type
business.enable_source_ip_disclosure- Display of IP addresses within audit log events for the enterprise was enabled.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Displaying IP addresses in the audit log for your enterprise
business.enable_two_factor_requirement- The requirement for members to have two-factor authentication enabled to access an enterprise was enabled.
- Campos
actor_id,action,user_agent,actor,operation_type,created_at,business,business_id,name,_document_id,request_id,@timestamp
business.members_can_update_protected_branches.clear- An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.
- Campos
user_id,action,created_at,actor,actor_id,@timestamp,request_id,business,name,operation_type,user,user_agent,business_id,_document_id
business.members_can_update_protected_branches.disable- The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.
- Campos
user_agent,request_id,actor,actor_id,name,business,business_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id
business.members_can_update_protected_branches.enable- The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.
- Campos
name,actor,operation_type,_document_id,business_id,user,@timestamp,business,actor_id,created_at,action,user_agent,request_id,user_id
business.remove_admin- An enterprise owner was removed from an enterprise.
- Campos
actor,operation_type,user_agent,business,business_id,@timestamp,created_at,request_id,action,name,actor_id,user_id,_document_id,user- Referencia
- Inviting people to manage your enterprise
business.remove_organization- An organization was removed from an enterprise.
- Campos
org_id,action,business,actor,actor_id,request_id,created_at,user_agent,business_id,operation_type,@timestamp,_document_id,name,org
business.rename_slug- The slug for the enterprise URL was renamed.
- Campos
request_id,name,business_id,user_agent,action,actor_id,operation_type,actor,@timestamp,created_at,business,_document_id
business.revoke_sso_session- The SAML single sign-on session for a member in an enterprise was revoked.
- Campos
business_id,user_agent,request_id,user,operation_type,actor,_document_id,actor_id,name,@timestamp,user_id,action,created_at,business
business.security_center_export_code_scanning_metrics- A CSV export was requested on the "CodeQL pull request alerts" page.
- Campos
actor,actor_id,user_agent,request_id,business,business_id,user,user_id,query,filename,requested_at,start_date,end_date,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header
business.security_center_export_coverage- A CSV export was requested on the "Coverage" page.
- Campos
actor,actor_id,user_agent,request_id,business,business_id,user,user_id,query,filename,requested_at,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header
business.security_center_export_overview_dashboard- A CSV export was requested on the "Overview Dashboard" page.
- Campos
actor,actor_id,user_agent,request_id,business,business_id,user,user_id,query,filename,requested_at,start_date,end_date,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header
business.security_center_export_risk- A CSV export was requested on the "Risk" page.
- Campos
actor,actor_id,user_agent,request_id,business,business_id,user,user_id,query,filename,requested_at,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot
business.set_actions_fork_pr_approvals_policy- The policy for requiring approvals for workflows from public forks was changed for an enterprise.
- Campos
user_agent,request_id,actor,actor_id,name,policy,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Enforcing policies for GitHub Actions in your enterprise
business.set_actions_private_fork_pr_approvals_policy- The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.
- Campos
actor,actor_id,user_agent,request_id,name,policy,business,business_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- Enforcing policies for GitHub Actions in your enterprise
business.set_actions_retention_limit- The retention period for GitHub Actions artifacts and logs was changed for an enterprise.
- Campos
user_agent,request_id,actor,actor_id,name,limit,business,business_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- Enforcing policies for GitHub Actions in your enterprise
business.set_default_workflow_permissions- The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.
- Campos
actor,actor_id,user_agent,request_id,name,business,business_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- Enforcing policies for GitHub Actions in your enterprise
business.set_fork_pr_workflows_policy- The policy for fork pull request workflows was changed for an enterprise.
- Campos
user_agent,request_id,actor,actor_id,name,policy,business,business_id,action,operation_type,@timestamp,created_at,_document_id,request_access_security_header- Referencia
- Enforcing policies for GitHub Actions in your enterprise
business.set_workflow_permission_can_approve_pr- The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.
- Campos
actor,actor_id,user_agent,request_id,name,business,business_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- Enforcing policies for GitHub Actions in your enterprise
business.sso_response- A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
- Campos
issuer,name,user_agent,action,@timestamp,_document_id,actor,business,business_id,actor_id,created_at,request_id,operation_type,request_access_security_header
business.update_actions_settings- An enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise.
- Campos
user_agent,request_id,actor,actor_id,name,business,business_id,action,operation_type,@timestamp,created_at,_document_id,updated_github_owned_allowed,updated_verified_allowed,updated_patterns,new_policy,old_policy,updated_access_policy- Referencia
- Enforcing policies for GitHub Actions in your enterprise
business.update_default_repository_permission- The base repository permission setting was updated for all organizations in an enterprise.
- Campos
business_id,operation_type,user_agent,actor,actor_id,permission,action,created_at,@timestamp,request_id,name,_document_id,old_permission,business- Referencia
- Enforcing repository management policies in your enterprise
business.update_member_repository_creation_permission- The repository creation setting was updated for an enterprise.
- Campos
created_at,_document_id,request_id,name,business_id,actor,actor_id,@timestamp,operation_type,permission,action,business,user_agent,visibility- Referencia
- Enforcing repository management policies in your enterprise
business.update_member_repository_invitation_permission- The policy setting for enterprise members inviting outside collaborators to repositories was updated.
- Campos
business_id,created_at,action,operation_type,@timestamp,request_id,permission,actor,actor_id,name,_document_id,user_agent,business- Referencia
- Enforcing repository management policies in your enterprise
business_advanced_security
business_advanced_security.disabled- GitHub Advanced Security was disabled for your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_advanced_security.disabled_for_new_repos- GitHub Advanced Security was disabled for new repositories in your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_advanced_security.disabled_for_new_user_namespace_repos- GitHub Advanced Security was disabled for new user namespace repositories in your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_advanced_security.enabled- GitHub Advanced Security was enabled for your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_advanced_security.enabled_for_new_repos- GitHub Advanced Security was enabled for new repositories in your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_advanced_security.enabled_for_new_user_namespace_repos- GitHub Advanced Security was enabled for new user namespace repositories in your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_advanced_security.user_namespace_repos_disabled- GitHub Advanced Security was disabled for user namespace repositories in your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_advanced_security.user_namespace_repos_enabled- GitHub Advanced Security was enabled for user namespace repositories in your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_dependabot_alerts_new_repos
business_dependabot_alerts_new_repos.disable- Dependabot alerts were disabled for new repositories in your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type
business_dependabot_alerts_new_repos.enable- Dependabot alerts were enabled for new repositories in your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type
business_secret_scanning_automatic_validity_checks
business_secret_scanning_automatic_validity_checks.disabled- Automatic partner validation checks have been disabled at the business level
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_automatic_validity_checks.enabled- Automatic partner validation checks have been enabled at the business level
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_custom_pattern
business_secret_scanning_custom_pattern.create- An enterprise-level custom pattern was created for secret scanning.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- Defining custom patterns for secret scanning
business_secret_scanning_custom_pattern.delete- An enterprise-level custom pattern was removed from secret scanning.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type
business_secret_scanning_custom_pattern.publish- An enterprise-level custom pattern was published for secret scanning.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
business_secret_scanning_custom_pattern.update- Changes to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type
business_secret_scanning_custom_pattern_push_protection
business_secret_scanning_custom_pattern_push_protection.disabled- Push protection for a custom pattern for secret scanning was disabled for your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Defining custom patterns for secret scanning
business_secret_scanning_custom_pattern_push_protection.enabled- Push protection for a custom pattern for secret scanning was enabled for your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- Defining custom patterns for secret scanning
business_secret_scanning
business_secret_scanning.disable- Secret scanning was disabled for your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning.disabled_for_new_repos- Secret scanning was disabled for new repositories in your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning.enable- Secret scanning was enabled for your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning.enabled_for_new_repos- Secret scanning was enabled for new repositories in your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_non_provider_patterns
business_secret_scanning_non_provider_patterns.disabled- Secret scanning for non-provider patterns was disabled at the enterprise level.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot- Referencia
- Supported secret scanning patterns
business_secret_scanning_non_provider_patterns.enabled- Secret scanning for non-provider patterns was enabled at the enterprise level.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot- Referencia
- Supported secret scanning patterns
business_secret_scanning_push_protection_custom_message
business_secret_scanning_push_protection_custom_message.disable- The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection_custom_message.enable- The custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection_custom_message.update- The custom message triggered by an attempted push to a push-protected repository was updated for your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection
business_secret_scanning_push_protection.disable- Push protection for secret scanning was disabled for your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection.disabled_for_new_repos- Push protection for secret scanning was disabled for new repositories in your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection.enable- Push protection for secret scanning was enabled for your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection.enabled_for_new_repos- Push protection for secret scanning was enabled for new repositories in your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection_pattern_configuration
business_secret_scanning_push_protection_pattern_configuration.push_protection_setting_changed- The push protection setting was changed for a secret type for your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,secret_type,secret_type_display_name,push_protection_setting- Referencia
- Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection_pattern_configuration.updated- The push protection pattern configuration was updated for your enterprise.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,business,business_id,action,_document_id,@timestamp- Referencia
- Managing GitHub Advanced Security features for your enterprise
checks
checks.auto_trigger_disabled- Automatic creation of check suites was disabled on a repository in the organization or enterprise.
- Campos
visibility,user_agent,user,@timestamp,repo,actor_id,user_id,action,created_at,actor,operation_type,request_id,repo_id,_document_id- Referencia
- /rest/checks#update-repository-preferences-for-check-suites
checks.auto_trigger_enabled- Automatic creation of check suites was enabled on a repository in the organization or enterprise.
- Campos
user_agent,request_id,actor,actor_id,visibility,repo,repo_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id,public_repo- Referencia
- /rest/checks#update-repository-preferences-for-check-suites
checks.delete_logs- Logs in a check suite were deleted.
- Campos
@timestamp,actor,actor_id,operation_type,repo_id,action,created_at,_document_id,user_agent,request_id,repo,programmatic_access_type
code_scanning
code_scanning.alert_appeared_in_branch- Existing code scanning alerts appeared in a branch.
- Campos
repo_id,alert_number,commit_oid,ref,request_id,org_id,org,business_id,business,alert_numbers- Referencia
- /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_closed_became_fixed- Code scanning alerts were fixed.
- Campos
repo_id,alert_number,commit_oid,ref,request_id,org_id,org,business_id,business,alert_numbers- Referencia
- /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_closed_became_outdated- Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).
- Campos
repo_id,alert_numbers,commit_oid,ref,request_id,org_id,org,business_id,business- Referencia
- /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_closed_by_user- Code scanning alerts were manually dismissed.
- Campos
repo_id,alert_number,actor_id,request_id,actor,org_id,org,business_id,business,alert_numbers,dismissal_approver_id- Referencia
- /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_closure_approved- Dismissal of code scanning alerts was approved.
- Campos
actor,actor_id,user_agent,request_id,request_access_security_header,dismissal_request_id,alert_number,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type- Referencia
- /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_closure_denied- Dismissal of code scanning alerts was denied.
- Campos
actor,actor_id,user_agent,request_id,request_access_security_header,dismissal_request_id,alert_number,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type- Referencia
- /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_closure_requested- Dismissal of code scanning alerts was requested.
- Campos
actor,actor_id,user_agent,request_id,request_access_security_header,dismissal_request_id,alert_number,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type- Referencia
- /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_created- Code scanning alerts were seen for the first time.
- Campos
repo_id,alert_number,commit_oid,ref,request_id,org_id,org,alert_numbers- Referencia
- /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_reappeared- Code scanning alerts that were previously fixed reappeared.
- Campos
repo_id,alert_number,commit_oid,ref,request_id,org_id,org,business_id,business,alert_numbers- Referencia
- /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_reopened_by_user- Code scanning alerts that were previously dismissed were reopened.
- Campos
repo_id,alert_number,actor_id,request_id,actor,org_id,org,business_id,business,alert_numbers- Referencia
- /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code
code.search- A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
- Campos
@timestamp,action,actor_id,business_id,query,org_id,user_id,_document_id,search_string- Referencia
- /search-github/github-code-search
codespaces
codespaces.allow_permissions- A codespace using custom permissions from its devcontainer.json file was launched.
- Campos
user_agent,request_id,actor,actor_id,origin_repository,action,_document_id,@timestamp,created_at,operation_type
codespaces.connect- Credentials for a codespace were refreshed.
- Campos
user_agent,request_id,actor,actor_id,repository_id,repository,pull_request_id,user_id,org_id,owner,name,action,operation_type,@timestamp,created_at,_document_id,public_repo,token_scopes,programmatic_access_type,actor_is_bot,machine_type,devcontainer_path
codespaces.create- A codespace was created
- Campos
user_agent,request_id,actor,actor_id,repository_id,repository,pull_request_id,owner,name,action,operation_type,@timestamp,created_at,_document_id,token_scopes,programmatic_access_type,actor_is_bot,machine_type,devcontainer_path- Referencia
- Creating a codespace for a repository
codespaces.destroy- A user deleted a codespace.
- Campos
user_agent,request_id,actor,actor_id,repository_id,repository,pull_request_id,owner,name,action,operation_type,@timestamp,created_at,_document_id,token_scopes,programmatic_access_type- Referencia
- Deleting a codespace
codespaces.export_environment- A codespace was exported to a branch on GitHub.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,owner,action,_document_id,@timestamp,created_at,operation_type,public_repo
codespaces.restore- A codespace was restored.
- Campos
user_agent,request_id,actor,actor_id,owner,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type
codespaces.start_environment- A codespace was started.
- Campos
actor,actor_id,user_agent,request_id,name,org,owner,pull_request_id,machine_type,user_id,user,devcontainer_path,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
codespaces.suspend_environment- A codespace was stopped.
- Campos
user_agent,request_id,actor,actor_id,owner,action,operation_type,@timestamp,created_at,_document_id,public_repo,token_scopes,programmatic_access_type
codespaces.trusted_repositories_access_update- A personal account's access and security setting for Codespaces were updated.
- Campos
user_agent,request_id,actor,actor_id,business,org,org_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- Managing access to other repositories within your codespace
copilot
copilot.cfb_seat_added- A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.
- Campos
user_agent,request_id,token_id,hashed_token,programmatic_access_type,actor,actor_id,user,user_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,request_access_security_header
copilot.cfb_seat_assignment_created- A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.
- Campos
actor,actor_id,user_agent,request_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- What is GitHub Copilot?
copilot.cfb_seat_assignment_refreshed- A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.
- Campos
user_agent,request_id,hashed_token,programmatic_access_type,actor,actor_id,token_id,token_scopes,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,request_access_security_header
copilot.cfb_seat_assignment_reused- A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.
- Campos
actor,actor_id,user_agent,request_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type
copilot.cfb_seat_assignment_unassigned- A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.
- Campos
actor,actor_id,user_agent,request_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,request_access_security_header
copilot.cfb_seat_cancelled- A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,action,_document_id,@timestamp,created_at,operation_type,seat_assignment,request_access_security_header
copilot.cfb_seat_cancelled_by_staff- A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.
- Campos
actor,actor_id,user_agent,request_id,user_id,user,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id
custom_property_definition
custom_property_definition.create- A new custom property definition was created.
- Campos
actor,actor_id,user_agent,request_id,property_name,action,_document_id,@timestamp,created_at,operation_type,business,business_id,value_type,required,default_value,definition_id- Referencia
- /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization
custom_property_definition.destroy- A custom property definition was deleted.
- Campos
actor,actor_id,user_agent,request_id,property_name,action,_document_id,@timestamp,created_at,operation_type,business,business_id,value_type,required,default_value,definition_id,allowed_values- Referencia
- /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization
custom_property_definition.update- A custom property definition was updated.
- Campos
actor,actor_id,user_agent,request_id,property_name,action,_document_id,@timestamp,created_at,operation_type,value_type,required,default_value,old_allowed_values,allowed_values,definition_id,old_required,old_default_value,old_value_type,old_values_editable_by,values_editable_by,request_access_security_header- Referencia
- /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization
custom_property_value
custom_property_value.create- A repository's custom property value was manually set for the first time.
- Campos
actor,actor_id,user_agent,request_id,definition_id,property_name,value,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization
custom_property_value.destroy- A repository's custom property value was deleted.
- Campos
actor,actor_id,user_agent,request_id,repository,repository_id,public_repo,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization
custom_property_value.update- A repository's custom property value was updated.
- Campos
actor,actor_id,user_agent,request_id,repository,repository_id,public_repo,action,_document_id,@timestamp,created_at,operation_type,definition_id- Referencia
- /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization
dependabot_alerts
dependabot_alerts.disable- Dependabot alerts were disabled for all existing repositories.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories
dependabot_alerts.enable- Dependabot alerts were enabled for all existing repositories.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,org,org_id,action,operation_type,@timestamp,_document_id- Referencia
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories
dependabot_alerts_new_repos
dependabot_alerts_new_repos.disable- Dependabot alerts were disabled for all new repositories.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,org,org_id,action,operation_type,@timestamp,_document_id- Referencia
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added
dependabot_alerts_new_repos.enable- Dependabot alerts were enabled for all new repositories.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added
dependabot_repository_access
dependabot_repository_access.repositories_updated- The repositories that Dependabot can access were updated.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id
dependabot_security_updates
dependabot_security_updates.disable- Dependabot security updates were disabled for all existing repositories.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependabot_security_updates.enable- Dependabot security updates were enabled for all existing repositories.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,org,org_id,action,operation_type,@timestamp,_document_id
dependabot_security_updates_new_repos
dependabot_security_updates_new_repos.disable- Dependabot security updates were disabled for all new repositories.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,org,org_id,action,operation_type,@timestamp,_document_id- Referencia
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependabot_security_updates_new_repos.enable- Dependabot security updates were enabled for all new repositories.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id
dependency_graph
dependency_graph.disable- The dependency graph was disabled for all existing repositories.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,org,org_id,action,operation_type,@timestamp,_document_id- Referencia
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependency_graph.enable- The dependency graph was enabled for all existing repositories.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,org,org_id,action,operation_type,@timestamp,_document_id
dependency_graph_new_repos
dependency_graph_new_repos.disable- The dependency graph was disabled for all new repositories.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,org,org_id,action,operation_type,@timestamp,_document_id- Referencia
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependency_graph_new_repos.enable- The dependency graph was enabled for all new repositories.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,org,org_id,action,operation_type,@timestamp,_document_id,request_access_security_header
discussion_post
discussion_post.destroy- Triggered when a team discussion post is deleted.
- Campos
request_id,team,created_at,user_id,@timestamp,number,org,title,actor,actor_id,user,action,user_agent,operation_type,_document_id- Referencia
- /communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment
discussion_post.update- Triggered when a team discussion post is edited.
- Campos
created_at,_document_id,title,user,user_agent,org,operation_type,actor_id,@timestamp,actor,team,action,org_id,request_id,user_id,number- Referencia
- /communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment
discussion_post_reply
discussion_post_reply.destroy- Triggered when a reply to a team discussion post is deleted.
- Campos
actor_id,action,@timestamp,user_agent,operation_type,user_id,actor,number,user,created_at,request_id,_document_id- Referencia
- /communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment
discussion_post_reply.update- Triggered when a reply to a team discussion post is edited.
- Campos
action,_document_id,request_id,org,@timestamp,actor_id,operation_type,user,user_id,org_id,user_agent,actor,number,team,created_at- Referencia
- /communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment
enterprise_announcement
enterprise_announcement.create- A global announcement banner was created for the enterprise.
- Campos
actor,actor_id,user_agent,request_id,owner,owner_type,business_id,message,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Customizing user messages for your enterprise
enterprise_announcement.destroy- A global announcement banner was removed from the enterprise.
- Campos
actor,actor_id,user_agent,request_id,owner,owner_type,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Customizing user messages for your enterprise
enterprise_announcement.update- A global announcement banner was updated for the enterprise.
- Campos
actor,actor_id,user_agent,request_id,owner,owner_type,business_id,message,old_message,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Customizing user messages for your enterprise
enterprise_domain
enterprise_domain.approve- A domain was approved for an enterprise.
- Campos
user_agent,request_id,actor,actor_id,owner_type,domain_name,business_id,owner,action,operation_type,@timestamp,created_at,_document_id- Referencia
- Verifying or approving a domain for your enterprise
enterprise_domain.create- A domain was added to an enterprise.
- Campos
user_agent,request_id,actor,actor_id,created_at,owner_type,domain_name,owner,action,operation_type,@timestamp,_document_id- Referencia
- Verifying or approving a domain for your enterprise
enterprise_domain.destroy- A domain was removed from an enterprise.
- Campos
user_agent,request_id,actor,actor_id,created_at,owner_type,domain_name,owner,action,operation_type,@timestamp,_document_id- Referencia
- Verifying or approving a domain for your enterprise
enterprise_domain.verify- A domain was verified for an enterprise.
- Campos
user_agent,request_id,actor,actor_id,owner_type,domain_name,owner,action,operation_type,@timestamp,created_at,_document_id- Referencia
- Verifying or approving a domain for your enterprise
enterprise
enterprise.register_self_hosted_runner- A new GitHub Actions self-hosted runner was registered.
- Campos
user_agent,request_id,actor,actor_id,business,business_id,action,operation_type,@timestamp,created_at,_document_id,request_access_security_header- Referencia
- Adding self-hosted runners
enterprise.remove_self_hosted_runner- A GitHub Actions self-hosted runner was removed.
- Campos
user_agent,request_id,actor,actor_id,business,business_id,action,operation_type,@timestamp,created_at,_document_id,token_scopes,programmatic_access_type,request_access_security_header- Referencia
- Removing self-hosted runners
enterprise.runner_group_created- A GitHub Actions self-hosted runner group was created.
- Campos
user_agent,request_id,actor,actor_id,runner_group_id,business,business_id,action,operation_type,@timestamp,created_at,_document_id,runner_group_restricted_to_workflows- Referencia
- Removing self-hosted runners
enterprise.runner_group_removed- A GitHub Actions self-hosted runner group was removed.
- Campos
user_agent,request_id,actor,actor_id,runner_group_id,business,business_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- Managing access to self-hosted runners using groups
enterprise.runner_group_runner_removed- The REST API was used to remove a GitHub Actions self-hosted runner from a group.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,runner_group_id,runner_id,business,business_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization
enterprise.runner_group_runners_added- A GitHub Actions self-hosted runner was added to a group.
- Campos
user_agent,request_id,actor,actor_id,runner_group_id,business,business_id,action,operation_type,@timestamp,created_at,_document_id,request_access_security_header- Referencia
- Managing access to self-hosted runners using groups
enterprise.runner_group_runners_updated- A GitHub Actions runner group's list of members was updated.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,runner_group_id,business,business_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /rest/actions#set-self-hosted-runners-in-a-group-for-an-organization
enterprise.runner_group_updated- The configuration of a GitHub Actions self-hosted runner group was changed.
- Campos
user_agent,request_id,actor,actor_id,runner_group_id,runner_group_name,runner_group_allow_public,business,business_id,action,operation_type,@timestamp,created_at,_document_id,runner_group_restricted_to_workflows,runner_group_selected_workflow_refs,network_configuration_id,request_access_security_header- Referencia
- Managing access to self-hosted runners using groups
enterprise.self_hosted_runner_offline- The GitHub Actions runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
- Campos
business_id,runner_id,runner_name,action,_document_id,operation_type,created_at,@timestamp- Referencia
- Monitoring and troubleshooting self-hosted runners
enterprise.self_hosted_runner_online- The GitHub Actions runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
- Campos
business_id,runner_id,runner_name,action,_document_id,operation_type,created_at,@timestamp- Referencia
- Monitoring and troubleshooting self-hosted runners
enterprise.self_hosted_runner_updated- The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.
- Campos
business_id,runner_id,runner_name,source_version,target_version,runner_group_id,runner_group_name,action,_document_id,operation_type,created_at,@timestamp- Referencia
- Self-hosted runners
enterprise_team
enterprise_team.add_member- A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.
- Campos
actor,actor_id,user_agent,request_id,user_id,business_id,enterprise_team_id,enterprise_team,user,business,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
enterprise_team.copilot_assignment- A license for GitHub Copilot was assigned to an enterprise team.
- Campos
actor,actor_id,user_agent,request_id,business_id,enterprise_team_id,enterprise_team,business,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header
enterprise_team.copilot_unassignment- A license for GitHub Copilot was unassigned from an enterprise team.
- Campos
actor,actor_id,user_agent,request_id,business_id,enterprise_team_id,enterprise_team,business,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot
enterprise_team.create- A new enterprise team was created.
- Campos
actor,actor_id,user_agent,request_id,business_id,enterprise_team_id,enterprise_team,business,action,_document_id,@timestamp,created_at,operation_type
enterprise_team.destroy- An enterprise team was deleted.
- Campos
actor,actor_id,user_agent,request_id,business_id,enterprise_team_id,enterprise_team,business,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot
enterprise_team.remove_member- A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.
- Campos
actor,actor_id,user_agent,request_id,user_id,business_id,enterprise_team_id,enterprise_team,user,business,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
enterprise_team.rename- The name of an enterprise team was changed.
- Campos
actor,actor_id,user_agent,request_id,name,business_id,enterprise_team_id,enterprise_team,business,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot
environment
environment.add_protection_rule- A GitHub Actions deployment protection rule was created via the API.
- Campos
user_agent,request_id,actor,actor_id,name,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,programmatic_access_type,request_access_security_header- Referencia
- Managing environments for deployment
environment.create_actions_secret- A secret was created for a GitHub Actions environment.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,key,visibility,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id,public_repo,token_scopes,programmatic_access_type,request_access_security_header- Referencia
- Managing environments for deployment
environment.create_actions_variable- A variable was created for a GitHub Actions environment.
- Campos
actor,actor_id,user_agent,request_id,key,visibility,environment_name,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- Store information in variables
environment.delete- An environment was deleted.
- Campos
user_agent,request_id,actor,actor_id,name,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,public_repo,token_scopes,programmatic_access_type,actor_is_bot,request_access_security_header- Referencia
- Managing environments for deployment
environment.remove_actions_secret- A secret was deleted for a GitHub Actions environment.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,key,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id,public_repo,token_scopes,request_access_security_header- Referencia
- Managing environments for deployment
environment.remove_actions_variable- A variable was deleted for a GitHub Actions environment.
- Campos
actor,actor_id,user_agent,request_id,key,environment_name,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- Store information in variables
environment.remove_protection_rule- A GitHub Actions deployment protection rule was deleted via the API.
- Campos
user_agent,request_id,actor,actor_id,name,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,public_repo,request_access_security_header- Referencia
- Managing environments for deployment
environment.update_actions_secret- A secret was updated for a GitHub Actions environment.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,key,visibility,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,public_repo,programmatic_access_type,request_access_security_header- Referencia
- Managing environments for deployment
environment.update_actions_variable- A variable was updated for a GitHub Actions environment.
- Campos
actor,actor_id,user_agent,request_id,key,visibility,environment_name,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- Store information in variables
environment.update_protection_rule- A GitHub Actions deployment protection rule was updated via the API.
- Campos
user_agent,request_id,actor,actor_id,repo,repo_id,org,org_id,action,@timestamp,_document_id,new_value,approvers_was,approvers,programmatic_access_type,can_admins_bypass,prevent_self_review- Referencia
- Managing environments for deployment
external_group
external_group.add_member- A user was added to an external group.
- Campos
user_agent,request_id,hashed_token,programmatic_access_type,actor,actor_id,token_id,token_scopes,external_group,external_group_id,user,user_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,scim_group_id,request_access_security_header
external_group.delete- An external group was deleted.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id,token_scopes,scim_group_id
external_group.link- An external group was linked to a GitHub team.
- Campos
user_agent,request_id,actor,actor_id,external_group_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id,external_group,programmatic_access_type,scim_group_id,request_access_security_header
external_group.provision- An external group was created.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id,token_scopes,programmatic_access_type,request_access_security_header
external_group.remove_member- A user was removed from an external group.
- Campos
user_agent,request_id,hashed_token,programmatic_access_type,actor,actor_id,token_id,token_scopes,external_group,external_group_id,user,user_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,request_access_security_header
external_group.scim_api_failure- Failed external group SCIM API request.
- Campos
user_agent,request_id,request_method,hashed_token,programmatic_access_type,actor,actor_id,token_id,token_scopes,query_string,api_request_body,route,status_code,url_path,scim_group_id,message,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- REST API endpoints for SCIM
external_group.scim_api_success- Successful external group SCIM API request. Excludes GET API requests.
- Campos
user_agent,request_id,request_method,hashed_token,programmatic_access_type,actor,actor_id,token_id,token_scopes,query_string,api_request_body,route,status_code,url_path,scim_group_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- REST API endpoints for SCIM
external_group.unlink- An external group was unlinked to a GitHub team.
- Campos
user_agent,request_id,actor,actor_id,external_group_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id,external_group
external_group.update- An external group was updated.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id,token_scopes,programmatic_access_type,scim_group_id,request_access_security_header
external_group.update_display_name- An external group's display name was updated.
- Campos
user_agent,request_id,hashed_token,programmatic_access_type,actor,actor_id,token_id,token_scopes,external_group_id,external_group,action,_document_id,@timestamp,created_at,operation_type,business,business_id,scim_group_id,request_access_security_header
external_identity
external_identity.deprovision- An external identity was deprovisioned, suspending the linked GitHub user.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,action,user_id,operation_type,@timestamp,created_at,_document_id,token_scopes,programmatic_access_type,request_access_security_header
external_identity.provision- An external identity was created and linked to a GitHub user.
- Campos
user_agent,request_id,action,user_id,operation_type,@timestamp,created_at,_document_id,programmatic_access_type,scim_user_id,request_access_security_header
external_identity.scim_api_failure- Failed external identity SCIM API request.
- Campos
user_agent,request_id,request_method,hashed_token,programmatic_access_type,actor,actor_id,token_id,token_scopes,query_string,api_request_body,route,status_code,url_path,scim_user_id,message,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- REST API endpoints for SCIM
external_identity.scim_api_success- Successful external identity SCIM API request. Excludes GET API requests.
- Campos
user_agent,request_id,request_method,hashed_token,programmatic_access_type,actor,actor_id,token_id,token_scopes,query_string,api_request_body,route,status_code,url_path,scim_user_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- REST API endpoints for SCIM
external_identity.update- An external identity was updated.
- Campos
user_agent,request_id,action,user_id,operation_type,@timestamp,created_at,_document_id,token_scopes,programmatic_access_type,scim_user_id,request_access_security_header
gist
gist.create- A gist was created.
- Campos
request_id,user_id,user,gist_id,@timestamp,created_at,operation_type,user_agent,actor,actor_id,visibility,action,_document_id,token_scopes,programmatic_access_type
gist.destroy- A gist was deleted.
- Campos
user_id,gist_id,visibility,created_at,_document_id,user,request_id,operation_type,actor,actor_id,action,user_agent,@timestamp,programmatic_access_type
gist.visibility_change- The visibility of a gist was updated.
- Campos
action,operation_type,@timestamp,user_agent,actor,user,gist_id,actor_id,request_id,visibility,user_id,created_at,_document_id,token_scopes,programmatic_access_type
git
Note: Git events have special access requirements and retention policies that differ from other audit log events. For GitHub Enterprise Cloud, access Git events via the REST API only with 7-day retention. For GitHub Enterprise Server, Git events must be enabled in audit log configuration and are not included in search results.
git.clone- A repository was cloned.
- Campos
transport_protocol,request_id,repository,repository_id,repository_public,actor,actor_id,org,org_id,business,business_id,user,user_id,transport_protocol_name
git.fetch- Changes were fetched from a repository.
- Campos
action,transport_protocol,request_id,repository,repository_id,repository_public,actor,actor_id,org,org_id,business,business_id,user,user_id,transport_protocol_name
git.push- Changes were pushed to a repository.
- Campos
transport_protocol,request_id,repository,repository_id,repository_public,actor,actor_id,org,org_id,business,business_id,user,user_id,transport_protocol_name
git_signing_ssh_public_key
git_signing_ssh_public_key.create- An SSH key was added to a user account as a Git commit signing key.
- Campos
actor,actor_id,user_agent,request_id,title,key,fingerprint,user_id,user,action,_document_id,@timestamp,created_at,operation_type,token_scopes,request_access_security_header- Referencia
- /authentication/managing-commit-signature-verification/telling-git-about-your-signing-key
git_signing_ssh_public_key.delete- An SSH key was removed from a user account as a Git commit signing key.
- Campos
actor,actor_id,user_agent,request_id,title,key,fingerprint,user_id,explanation,user,action,_document_id,@timestamp,created_at,operation_type,token_scopes,request_access_security_header- Referencia
- /authentication/managing-commit-signature-verification/telling-git-about-your-signing-key
hook
hook.active_changed- A hook's active status was updated.
- Campos
user_agent,request_id,actor,actor_id,created_at,name,events,active,active_was,hook_id,repo,repo_id,org,org_id,action,operation_type,@timestamp,_document_id,programmatic_access_type
hook.config_changed- A hook's configuration was changed.
- Campos
actor_id,operation_type,@timestamp,_document_id,actor,name,org,user_agent,request_id,hook_id,repo,repo_id,created_at,oauth_application_id,action,events,org_id,token_scopes,programmatic_access_type
hook.create- A new hook was added.
- Campos
oauth_application,_document_id,user_agent,actor,actor_id,oauth_application_id,repo_id,request_id,hook_id,events,repo,@timestamp,operation_type,name,action,created_at,org_id,org,token_scopes,programmatic_access_type- Referencia
- About webhooks
hook.destroy- A hook was deleted.
- Campos
actor,events,repo,created_at,org,name,request_id,actor_id,repo_id,org_id,action,operation_type,oauth_application_id,user_agent,hook_id,@timestamp,_document_id,token_scopes,programmatic_access_type
hook.events_changed- A hook's configured events were changed.
- Campos
actor,events,repo,operation_type,action,_document_id,actor_id,name,events_were,@timestamp,created_at,hook_id,repo_id,org_id,org,user_agent,request_id,oauth_application_id,token_scopes,programmatic_access_type
integration
integration.create- A GitHub App was created.
- Campos
user,action,operation_type,@timestamp,actor,user_agent,actor_id,request_id,name,user_id,_document_id,integration,created_at,programmatic_access_type,request_access_security_header,application_client_id
integration.destroy- A GitHub App was deleted.
- Campos
actor,user_id,actor_id,request_id,@timestamp,name,integration,user,_document_id,action,operation_type,created_at,user_agent
integration.manager_added- A member of an enterprise or organization was added as a GitHub App manager.
- Campos
created_at,action,_document_id,name,org_id,manager,operation_type,actor,integration,org,@timestamp,actor_id,request_id,user_agent- Referencia
- /organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization
integration.manager_removed- A member of an enterprise or organization was removed from being a GitHub App manager.
- Campos
user_agent,request_id,actor_id,org,operation_type,integration,org_id,_document_id,action,actor,name,created_at,manager,@timestamp- Referencia
- /organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization
integration.remove_client_secret- A client secret for a GitHub App was removed.
- Campos
user_agent,request_id,actor,actor_id,name,integration,user,user_id,action,operation_type,@timestamp,created_at,_document_id,request_access_security_header
integration.revoke_all_tokens- All user tokens for a GitHub App were requested to be revoked.
- Campos
user_agent,request_id,actor,actor_id,name,integration,user,user_id,action,operation_type,@timestamp,created_at,_document_id,application_client_id
integration.revoke_tokens- Token(s) for a GitHub App were revoked.
- Campos
user_agent,request_id,actor,actor_id,name,integration,user,user_id,action,operation_type,@timestamp,created_at,_document_id,application_client_id
integration.suspend- A GitHub App was suspended.
- Campos
actor,actor_id,user_agent,request_id,name,integration,user,user_id,action,_document_id,@timestamp,created_at,operation_type,application_client_id- Referencia
- /apps/maintaining-github-apps/suspending-a-github-app-installation
integration.transfer- Ownership of a GitHub App was transferred to another user or organization.
- Campos
@timestamp,user_id,name,transfer_to_id,user,requester,action,requester_id,actor_id,created_at,_document_id,user_agent,transfer_to,operation_type,request_id,actor,integration,transfer_from,transfer_from_id,transfer_from_type,transfer_to_type- Referencia
- /apps/maintaining-github-apps/transferring-ownership-of-a-github-app
integration.unsuspend- A GitHub App was unsuspended.
- Campos
actor,actor_id,user_agent,request_id,name,integration,user,user_id,action,_document_id,@timestamp,created_at,operation_type,application_client_id- Referencia
- /apps/maintaining-github-apps/suspending-a-github-app-installation
integration_installation
integration_installation.create- A GitHub App was installed.
- Campos
operation_type,@timestamp,name,request_id,repository_selection,user_id,action,user_agent,user,created_at,integration,_document_id,programmatic_access_type,application_client_id- Referencia
- /apps/using-github-apps/authorizing-github-apps
integration_installation.destroy- A GitHub App was uninstalled.
- Campos
@timestamp,request_id,actor,created_at,_document_id,repository_selection,integration,user_id,user,action,operation_type,name,actor_id,user_agent,programmatic_access_type,application_client_id- Referencia
- /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access
integration_installation.repositories_added- Repositories were added to a GitHub App.
- Campos
user_id,repository_selection,name,user,request_id,integration,operation_type,actor_id,action,repositories_added,created_at,_document_id,@timestamp,actor,user_agent,token_scopes,repositories_added_names,programmatic_access_type,actor_is_bot,application_client_id- Referencia
- /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access
integration_installation.repositories_removed- Repositories were removed from a GitHub App.
- Campos
user,operation_type,user_agent,actor,repository_selection,repositories_removed,integration,user_id,created_at,_document_id,request_id,@timestamp,name,action,actor_id,repositories_removed_names,programmatic_access_type,actor_is_bot,application_client_id- Referencia
- /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access
integration_installation.suspend- A GitHub App was suspended.
- Campos
user_agent,request_id,name,repository_selection,actor_id,integration,user,user_id,action,operation_type,@timestamp,created_at,_document_id,request_access_security_header,application_client_id- Referencia
- /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access
integration_installation.unsuspend- A GitHub App was unsuspended.
- Campos
user_agent,request_id,name,repository_selection,actor_id,integration,user,user_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access
integration_installation.version_updated- Permissions for a GitHub App were updated.
- Campos
integration,user_id,user_agent,name,user,operation_type,actor_id,action,_document_id,request_id,created_at,repository_selection,@timestamp,actor,application_client_id- Referencia
- /apps/using-github-apps/approving-updated-permissions-for-a-github-app
integration_installation_request
integration_installation_request.close- A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.
- Campos
url,actor,actor_id,created_at,request_id,operation_type,@timestamp,integration,action,user_agent,reason,_document_id,org,org_id,request_access_security_header,application_client_id- Referencia
- /apps/using-github-apps/requesting-a-github-app-from-your-organization-owner
integration_installation_request.create- A member requested that an owner install a GitHub App.
- Campos
@timestamp,actor_id,org,_document_id,requester,action,user_agent,created_at,url,org_id,request_id,operation_type,actor,integration,request_access_security_header,application_client_id- Referencia
- /apps/using-github-apps/requesting-a-github-app-from-your-organization-owner
ip_allow_list
ip_allow_list.disable- An IP allow list was disabled.
- Campos
operation_type,actor,request_id,org,user_agent,_document_id,user_id,actor_id,created_at,org_id,action,@timestamp,user
ip_allow_list.disable_for_installed_apps- An IP allow list was disabled for installed GitHub Apps.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,business,business_id,action,operation_type,@timestamp,_document_id
ip_allow_list.disable_user_level_enforcement- IP allow list user level enforcement was disabled.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type
ip_allow_list.enable- An IP allow list was enabled.
- Campos
org_id,business,user_id,request_id,actor,user,business_id,_document_id,action,@timestamp,user_agent,actor_id,operation_type,org,created_at
ip_allow_list.enable_for_installed_apps- An IP allow list was enabled for installed GitHub Apps.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,business,business_id,action,operation_type,@timestamp,_document_id
ip_allow_list.enable_user_level_enforcement- IP allow list user level enforcement was enabled.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type
ip_allow_list_entry
ip_allow_list_entry.create- An IP address was added to an IP allow list.
- Campos
active,org,ip_allow_list_entry,@timestamp,_document_id,operation_type,created_at,user_agent,action,request_id,actor_id,business_id,org_id,business,actor,token_scopes,programmatic_access_type,request_access_security_header
ip_allow_list_entry.destroy- An IP address was deleted from an IP allow list.
- Campos
_document_id,request_id,ip_allow_list_entry,org,operation_type,created_at,active,action,@timestamp,business,business_id,user_agent,org_id,actor,actor_id,token_scopes,programmatic_access_type,request_access_security_header
ip_allow_list_entry.update- An IP address or its description was changed.
- Campos
request_id,_document_id,actor,org,action,operation_type,created_at,user_agent,actor_id,ip_allow_list_entry,active,org_id,@timestamp
marketplace_agreement_signature
marketplace_agreement_signature.create- The GitHub Marketplace Developer Agreement was signed.
- Campos
request_id,actor,actor_id,@timestamp,_document_id,user_agent,operation_type,created_at,action,user,user_id,request_access_security_header
marketplace_listing
marketplace_listing.approve- A listing was approved for inclusion in GitHub Marketplace.
- Campos
secondary_category,actor,primary_category,user,@timestamp,_document_id,user_id,user_agent,operation_type,created_at,request_id,actor_id,marketplace_listing,integration,action
marketplace_listing.change_category- A category for a listing for an app in GitHub Marketplace was changed.
- Campos
primary_category,user_agent,request_id,actor,marketplace_listing,@timestamp,integration,org_id,action,org,secondary_category,operation_type,created_at,actor_id,_document_id
marketplace_listing.create- A listing for an app in GitHub Marketplace was created.
- Campos
primary_category,_document_id,user,created_at,user_agent,oauth_application,action,request_id,marketplace_listing,user_id,secondary_category,oauth_application_id,actor,actor_id,operation_type,@timestamp
marketplace_listing.delist- A listing was removed from GitHub Marketplace.
- Campos
org,actor,actor_id,user_agent,request_id,org_id,created_at,secondary_category,operation_type,marketplace_listing,action,@timestamp,_document_id,primary_category,integration
marketplace_listing.redraft- A listing was sent back to draft state.
- Campos
_document_id,secondary_category,oauth_application_id,@timestamp,action,user_agent,user_id,operation_type,oauth_application,actor,created_at,marketplace_listing,request_id,actor_id,primary_category,user
marketplace_listing.reject- A listing was not accepted for inclusion in GitHub Marketplace.
- Campos
user_agent,request_id,actor,actor_id,primary_category,secondary_category,marketplace_listing,oauth_application,oauth_application_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id
migration
migration.create- A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.
- Campos
repo,org_id,_document_id,org,repo_id,action,actor,created_at,operation_type,@timestamp,user_agent,request_id,actor_id,token_scopes,programmatic_access_type,actor_is_bot,request_access_security_header
oauth_access
oauth_access.create- An OAuth access token was generated.
- Campos
_document_id,operation_type,user_agent,actor,@timestamp,user,user_id,created_at,action,actor_id,request_id,token_scopes,programmatic_access_type,request_access_security_header,oauth_application_name- Referencia
- /apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens
oauth_access.destroy- An OAuth access token was deleted.
- Campos
@timestamp,user_agent,action,operation_type,_document_id,actor,created_at,user,user_id,request_id,explanation,hashed_token,actor_id,token_scopes,oauth_application_name- Referencia
- /apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps
oauth_access.regenerate- An OAuth access token was regenerated.
- Campos
user,user_id,_document_id,created_at,@timestamp,operation_type,action,user_agent,request_id,actor,actor_id,token_scopes,programmatic_access_type,oauth_application_name
oauth_access.revoke- An OAuth access token was revoked.
- Campos
request_id,request_access_security_header,hashed_token,token_id,token_scopes,user,user_id,action,_document_id,@timestamp,created_at,operation_type
oauth_access.update- An OAuth access token was updated.
- Campos
request_id,actor_id,actor,operation_type,_document_id,user_id,created_at,action,@timestamp,user,user_agent,request_access_security_header
oauth_application
oauth_application.create- An OAuth application was created.
- Campos
org,created_at,oauth_application_id,operation_type,user_agent,actor_id,org_id,action,actor,oauth_application,@timestamp,_document_id,request_id,request_access_security_header- Referencia
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.destroy- An OAuth application was deleted.
- Campos
created_at,oauth_application_id,user_id,operation_type,@timestamp,user_agent,oauth_application,_document_id,actor,actor_id,request_id,action,user,request_access_security_header- Referencia
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.generate_client_secret- An OAuth application's secret key was generated.
- Campos
user_agent,request_id,actor,actor_id,oauth_application,oauth_application_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id,request_access_security_header- Referencia
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.remove_client_secret- An OAuth application's secret key was deleted.
- Campos
user_agent,request_id,actor,actor_id,oauth_application,oauth_application_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id,request_access_security_header- Referencia
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.reset_secret- The secret key for an OAuth application was reset.
- Campos
user,user_id,action,oauth_application,operation_type,request_id,actor_id,_document_id,created_at,actor,oauth_application_id,@timestamp,user_agent- Referencia
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.revoke_all_tokens- All user tokens for an OAuth application were requested to be revoked.
- Campos
user_agent,request_id,actor,actor_id,oauth_application,oauth_application_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id,request_access_security_header- Referencia
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.revoke_tokens- Token(s) for an OAuth application were revoked.
- Campos
oauth_application_id,oauth_application,actor_id,user_agent,@timestamp,request_id,user_id,action,_document_id,actor,user,created_at,operation_type,request_access_security_header- Referencia
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.transfer- An OAuth application was transferred from one account to another.
- Campos
actor,operation_type,created_at,user_agent,oauth_application,actor_id,oauth_application_id,@timestamp,user_id,_document_id,request_id,user,action- Referencia
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.unsuspend- An OAuth application was unsuspended for a user or organization account.
- Campos
operation_type,org_id,action,oauth_application_id,oauth_application,org,created_at,@timestamp,_document_id- Referencia
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_authorization
oauth_authorization.create- An authorization for an OAuth application was created.
- Campos
operation_type,user_agent,user_id,actor,org_id,_document_id,request_id,action,@timestamp,created_at,actor_id,user,business,business_id,token_scopes,programmatic_access_type,actor_is_bot,request_access_security_header,oauth_application_name- Referencia
- /apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps
oauth_authorization.destroy- An authorization for an OAuth application was deleted.
- Campos
user_agent,_document_id,request_id,operation_type,@timestamp,actor,created_at,explanation,user,user_id,org_id,action,actor_id,token_scopes,actor_is_bot,oauth_application_name- Referencia
- Reviewing and revoking authorization of GitHub Apps
oauth_authorization.update- An authorization for an OAuth application was updated.
- Campos
org_id,request_id,user_id,actor,actor_id,user_agent,@timestamp,operation_type,action,user,created_at,_document_id,actor_is_bot,request_access_security_header,oauth_application_name- Referencia
- /apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps
org
org.accept_business_invitation- An invitation sent to an organization to join an enterprise was accepted.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Adding organizations to your enterprise
org.add_billing_manager- A billing manager was added to an organization.
- Campos
operation_type,_document_id,user_agent,org,user_id,action,created_at,org_id,user,actor,actor_id,@timestamp,request_id,request_access_security_header- Referencia
- /organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization
org.add_member- A user joined an organization.
- Campos
permission,_document_id,org,operation_type,request_id,actor,user,@timestamp,created_at,user_agent,org_id,user_id,actor_id,action,programmatic_access_type,actor_is_bot
org.add_outside_collaborator- An outside collaborator was added to a repository.
- Campos
actor,actor_id,user_agent,request_id,inviter,org,org_id,repo,repo_id,public_repo,permission,invitee,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
org.advanced_security_disabled_for_new_repos- GitHub Advanced Security was disabled for new repositories in an organization.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id,token_scopes
org.advanced_security_disabled_on_all_repos- GitHub Advanced Security was disabled for all repositories in an organization.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,business,business_id,action,operation_type,@timestamp,created_at,_document_id,token_scopes
org.advanced_security_enabled_for_new_repos- GitHub Advanced Security was enabled for new repositories in an organization.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id,token_scopes
org.advanced_security_enabled_on_all_repos- GitHub Advanced Security was enabled for all repositories in an organization.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,business,business_id,action,operation_type,@timestamp,created_at,_document_id,token_scopes
org.advanced_security_entity_policy_update- An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.
- Campos
actor,actor_id,user_agent,request_id,request_access_security_header,new_policy,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot- Referencia
- Enforcing policies for code security and analysis for your enterprise
org.advanced_security_policy_selected_member_disabled- An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id- Referencia
- Enforcing policies for code security and analysis for your enterprise
org.advanced_security_policy_selected_member_enabled- An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id,actor_is_bot- Referencia
- Enforcing policies for code security and analysis for your enterprise
org.async_delete- A user initiated a background job to delete an organization.
- Campos
_document_id,actor,actor_id,action,operation_type,@timestamp,request_id,org,org_id,user_agent,created_at
org.block_user- An organization owner blocked a user from accessing the organization's repositories.
- Campos
actor,user_agent,org_id,created_at,_document_id,blocked_user,action,operation_type,actor_id,org,@timestamp,request_id- Referencia
- /communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization
org.cancel_business_invitation- An invitation for an organization to join an enterprise was revoked
- Campos
user_agent,request_id,actor,actor_id,org,org_id,business,business_id,action,operation_type,@timestamp,created_at,_document_id,initiated_from- Referencia
- Adding organizations to your enterprise
org.cancel_invitation- An invitation sent to a user to join an organization was revoked.
- Campos
actor_id,org_id,request_id,email,@timestamp,actor,action,operation_type,user_agent,org,invitation_id,_document_id,created_at,invitee_email,token_scopes,programmatic_access_type
org.code_scanning_autofix_disabled- Autofix for code scanning alerts was disabled for an organization.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
org.code_scanning_autofix_enabled- Autofix for code scanning alerts was enabled for an organization.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header
org.code_scanning_autofix_third_party_tools_disabled- Autofix for third party tools for code scanning alerts was disabled for an organization.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
org.code_scanning_autofix_third_party_tools_enabled- Autofix for third party tools for code scanning alerts was enabled for an organization.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
org.codeql_disabled- Code scanning using the default setup was disabled for an organization.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id- Referencia
- /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale
org.codeql_enabled- Code scanning using the default setup was enabled for an organization.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id- Referencia
- /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale
org.config.disable_collaborators_only- The interaction limit for collaborators only for an organization was disabled.
- Campos
request_id,org,action,operation_type,_document_id,actor,actor_id,@timestamp,user_agent,org_id,created_at- Referencia
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization
org.config.disable_contributors_only- The interaction limit for prior contributors only for an organization was disabled.
- Campos
operation_type,@timestamp,created_at,user_agent,action,actor_id,org,_document_id,actor,org_id,request_id- Referencia
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization
org.config.disable_sockpuppet_disallowed- The interaction limit for existing users only for an organization was disabled.
- Campos
_document_id,operation_type,actor_id,org_id,action,created_at,actor,org,@timestamp,user_agent,request_id- Referencia
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization
org.config.enable_collaborators_only- The interaction limit for collaborators only for an organization was enabled.
- Campos
@timestamp,created_at,_document_id,actor_id,actor,org,org_id,request_id,operation_type,action,user_agent- Referencia
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization
org.config.enable_contributors_only- The interaction limit for prior contributors only for an organization was enabled.
- Campos
actor,actor_id,org_id,action,operation_type,@timestamp,user_agent,request_id,org,created_at,_document_id- Referencia
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization
org.config.enable_sockpuppet_disallowed- The interaction limit for existing users only for an organization was enabled.
- Campos
actor_id,request_id,action,created_at,user_agent,actor,_document_id,org_id,operation_type,org,@timestamp- Referencia
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization
org.confirm_business_invitation- An invitation for an organization to join an enterprise was confirmed.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Adding organizations to your enterprise
org.create- An organization was created.
- Campos
request_id,org,actor_id,actor,action,@timestamp,_document_id,user_agent,operation_type,org_id,created_at,request_access_security_header- Referencia
- /organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch
org.delete- An organization was deleted by a user or staff.
- Campos
user_agent,@timestamp,_document_id,created_at,actor,org_id,org,action,actor_id,operation_type,request_id,request_access_security_header
org.disable_member_team_creation_permission- Team creation was limited to owners.
- Campos
actor,@timestamp,_document_id,user,user_id,action,created_at,actor_id,user_agent,org,org_id,operation_type,request_id,request_access_security_header- Referencia
- /organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization
org.disable_reader_discussion_creation_permission- An organization owner limited discussion creation to users with at least triage permission in an organization.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization
org.disable_saml- SAML single sign-on was disabled for an organization.
- Campos
org_id,sso_url,issuer,action,@timestamp,_document_id,created_at,org,operation_type
org.disable_two_factor_requirement- A two-factor authentication requirement was disabled for the organization.
- Campos
created_at,org,org_id,action,actor,actor_id,operation_type,request_id,@timestamp,_document_id,user_agent
org.display_commenter_full_name_disabled- An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.
- Campos
actor,user_id,user,action,operation_type,@timestamp,_document_id,created_at,user_agent,org,actor_id,org_id,request_id
org.display_commenter_full_name_enabled- An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.
- Campos
org,user_agent,request_id,actor,_document_id,user_id,operation_type,@timestamp,created_at,user,action,actor_id,org_id
org.enable_member_team_creation_permission- Team creation by members was allowed.
- Campos
org_id,user,actor,operation_type,_document_id,user_id,created_at,user_agent,actor_id,org,request_id,action,@timestamp- Referencia
- /organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization
org.enable_reader_discussion_creation_permission- An organization owner allowed users with read access to create discussions in an organization
- Campos
user_agent,request_id,actor,actor_id,created_at,org,org_id,user,user_id,action,operation_type,@timestamp,_document_id- Referencia
- /organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization
org.enable_saml- SAML single sign-on was enabled for the organization.
- Campos
actor_id,action,operation_type,actor,sso_url,org,created_at,@timestamp,issuer,org_id,_document_id,user_agent,request_id- Referencia
- Enabling and testing SAML single sign-on for your organization
org.enable_two_factor_requirement- Two-factor authentication is now required for the organization.
- Campos
actor_id,action,_document_id,org,@timestamp,actor,user_agent,org_id,operation_type,created_at,request_id- Referencia
- /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization
org.integration_manager_added- An organization owner granted a member access to manage all GitHub Apps owned by an organization.
- Campos
user_agent,org_id,manager,@timestamp,request_id,actor,operation_type,_document_id,actor_id,org,action,created_at
org.integration_manager_removed- An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.
- Campos
org_id,@timestamp,org,user_agent,request_id,action,actor,actor_id,manager,operation_type,created_at,_document_id
org.invite_member- A new user was invited to join an organization.
- Campos
org,user_id,invitation_id,org_id,user,action,operation_type,_document_id,actor,@timestamp,created_at,user_agent,actor_id,request_id,invitee_email,token_scopes,programmatic_access_type- Referencia
- /organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization
org.invite_to_business- An organization was invited to join an enterprise.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type
org.members_can_update_protected_branches.disable- The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id
org.members_can_update_protected_branches.enable- The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.
- Campos
org,org_id,user_agent,actor_id,user_id,operation_type,@timestamp,created_at,request_id,_document_id,actor,user,action
org.recreate- An organization was restored.
- Campos
created_at,org,action,operation_type,_document_id,user_agent,actor_id,@timestamp,request_id,actor,org_id
org.register_self_hosted_runner- A new self-hosted runner was registered.
- Campos
actor,operation_type,@timestamp,_document_id,request_id,org,org_id,action,created_at,user_agent,actor_id,actor_is_bot,request_access_security_header- Referencia
- Adding self-hosted runners
org.remove_billing_manager- A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.
- Campos
user_id,user_agent,org_id,user,action,_document_id,operation_type,@timestamp,actor,org,actor_id,request_id,created_at- Referencia
- /organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization
org.remove_member- A member was removed from an organization, either manually or due to a two-factor authentication requirement.
- Campos
_document_id,request_id,actor_id,user_agent,actor,action,user_id,@timestamp,created_at,user,operation_type,org_id,org,token_scopes,programmatic_access_type
org.remove_outside_collaborator- An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.
- Campos
org,user,org_id,created_at,request_id,@timestamp,action,operation_type,user_agent,_document_id,actor,actor_id,user_id,programmatic_access_type,request_access_security_header
org.remove_self_hosted_runner- A self-hosted runner was removed.
- Campos
operation_type,org_id,@timestamp,_document_id,user_agent,request_id,actor_id,org,created_at,actor,action,programmatic_access_type- Referencia
- Removing self-hosted runners
org.rename- An organization was renamed.
- Campos
user_agent,_document_id,@timestamp,org,action,actor,old_login,org_id,request_id,actor_id,operation_type,created_at,request_access_security_header
org.restore_member- An organization member was restored.
- Campos
user,actor,user_id,_document_id,action,created_at,org_id,operation_type,request_id,@timestamp,user_agent,org,actor_id,request_access_security_header- Referencia
- /organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization
org.runner_group_created- A self-hosted runner group was created.
- Campos
user_agent,request_id,actor,actor_id,runner_group_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,runner_group_restricted_to_workflows,runner_group_selected_workflow_refs,programmatic_access_type,network_configuration_id- Referencia
- Managing access to self-hosted runners using groups
org.runner_group_removed- A self-hosted runner group was removed.
- Campos
user_agent,request_id,actor,actor_id,runner_group_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id,programmatic_access_type- Referencia
- Managing access to self-hosted runners using groups
org.runner_group_runner_removed- The REST API was used to remove a self-hosted runner from a group.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,runner_group_id,runner_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,token_scopes,programmatic_access_type,request_access_security_header- Referencia
- /rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization
org.runner_group_runners_added- A self-hosted runner was added to a group.
- Campos
user_agent,request_id,actor,actor_id,runner_group_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id,token_scopes,programmatic_access_type,request_access_security_header- Referencia
- Managing access to self-hosted runners using groups
org.runner_group_runners_updated- A runner group's list of members was updated.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,runner_group_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /rest/actions#set-self-hosted-runners-in-a-group-for-an-organization
org.runner_group_updated- The configuration of a self-hosted runner group was changed.
- Campos
user_agent,request_id,actor,actor_id,runner_group_id,runner_group_name,runner_group_allow_public,org,org_id,action,operation_type,@timestamp,created_at,_document_id,runner_group_restricted_to_workflows,runner_group_selected_workflow_refs,programmatic_access_type,network_configuration_id,request_access_security_header- Referencia
- Managing access to self-hosted runners using groups
org.secret_scanning_custom_pattern_push_protection_disabled- Push protection for a custom pattern for secret scanning was disabled for an organization.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id- Referencia
- Defining custom patterns for secret scanning
org.secret_scanning_custom_pattern_push_protection_enabled- Push protection for a custom pattern for secret scanning was enabled for an organization.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,request_access_security_header- Referencia
- Defining custom patterns for secret scanning
org.secret_scanning_push_protection_custom_message_disabled- The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,programmatic_access_type- Referencia
- About push protection
org.secret_scanning_push_protection_custom_message_enabled- The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,programmatic_access_type- Referencia
- About push protection
org.secret_scanning_push_protection_custom_message_updated- The custom message triggered by an attempted push to a push-protected repository was updated for an organization.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,programmatic_access_type- Referencia
- About push protection
org.secret_scanning_push_protection_disable- Push protection for secret scanning was disabled.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id- Referencia
- About push protection
org.secret_scanning_push_protection_enable- Push protection for secret scanning was enabled.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id- Referencia
- About push protection
org.secret_scanning_push_protection_new_repos_disable- Push protection for secret scanning was disabled for all new repositories in the organization.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,token_scopes- Referencia
- About push protection
org.secret_scanning_push_protection_new_repos_enable- Push protection for secret scanning was enabled for all new repositories in the organization.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,token_scopes- Referencia
- About push protection
org.security_center_export_code_scanning_metrics- A CSV export was requested on the CodeQL pull request alerts page.
- Campos
actor,actor_id,user_agent,request_id,org,org_id,user,user_id,query,filename,requested_at,start_date,end_date,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot
org.security_center_export_coverage- A CSV export was requested on the Coverage page.
- Campos
actor,actor_id,user_agent,request_id,org,org_id,user,user_id,query,filename,requested_at,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
org.security_center_export_overview_dashboard- A CSV export was requested on the Overview Dashboard page.
- Campos
actor,actor_id,user_agent,request_id,org,org_id,user,user_id,query,filename,requested_at,start_date,end_date,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
org.security_center_export_risk- A CSV export was requested on the Risk page.
- Campos
actor,actor_id,user_agent,request_id,org,org_id,user,user_id,query,filename,requested_at,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
org.self_hosted_runner_offline- The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
- Campos
org_id,org,runner_id,runner_name,action,_document_id,operation_type,created_at,@timestamp- Referencia
- Monitoring and troubleshooting self-hosted runners
org.self_hosted_runner_online- The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
- Campos
org_id,org,runner_id,runner_name,action,_document_id,operation_type,created_at,@timestamp- Referencia
- Monitoring and troubleshooting self-hosted runners
org.self_hosted_runner_updated- The runner application was updated. This event is not included in the JSON/CSV export.
- Campos
org_id,runner_id,runner_name,source_version,target_version,runner_group_id,runner_group_name- Referencia
- Self-hosted runners
org.set_actions_fork_pr_approvals_policy- The setting for requiring approvals for workflows from public forks was changed for an organization.
- Campos
user_agent,request_id,actor,actor_id,policy,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id- Referencia
- /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks
org.set_actions_private_fork_pr_approvals_policy- The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.
- Campos
actor,actor_id,user_agent,request_id,policy,org,org_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks
org.set_actions_retention_limit- The retention period for GitHub Actions artifacts and logs in an organization was changed.
- Campos
user_agent,request_id,actor,actor_id,limit,org,org_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization
org.set_default_workflow_permissions- The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.
- Campos
actor,actor_id,user_agent,request_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization
org.set_fork_pr_workflows_policy- The policy for workflows on private repository forks was changed.
- Campos
user_agent,request_id,actor,actor_id,policy,org,org_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks
org.set_workflow_permission_can_approve_pr- The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.
- Campos
actor,actor_id,user_agent,request_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests
org.sso_response- A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
- Campos
action,user_agent,actor,actor_id,org_id,@timestamp,org,issuer,business,operation_type,created_at,request_id,business_id,_document_id,actor_is_bot,request_access_security_header
org.transform- A user account was converted into an organization.
- Campos
actor,_document_id,request_id,operation_type,actor_id,org_id,org,action,@timestamp,created_at,user_agent,owner,request_access_security_header- Referencia
- /account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization
org.unblock_user- A user was unblocked from an organization.
- Campos
oauth_application_id,_document_id,blocked_user,action,operation_type,@timestamp,request_id,created_at,actor,actor_id,org,org_id,user_agent- Referencia
- /communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization
org.update_actions_settings- An organization owner or site administrator updated GitHub Actions policy settings for an organization.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,new_policy,updated_allowed_types,old_policy,updated_access_policy,programmatic_access_type,request_access_security_header- Referencia
- /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization
org.update_default_repository_permission- The default repository permission level for organization members was changed.
- Campos
actor,action,operation_type,created_at,org,org_id,request_id,@timestamp,user_agent,permission,actor_id,old_permission,_document_id,programmatic_access_type
org.update_member- A person's role was changed from owner to member or member to owner.
- Campos
@timestamp,org_id,created_at,_document_id,user,user_id,action,request_id,actor_id,old_permission,permission,actor,user_agent,operation_type,org
org.update_member_repository_creation_permission- The create repository permission for organization members was changed.
- Campos
actor,action,@timestamp,request_id,actor_id,permission,created_at,user_agent,org,org_id,_document_id,visibility,operation_type
org.update_member_repository_invitation_permission- An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.
- Campos
actor_id,permission,action,org_id,actor,created_at,_document_id,business_id,operation_type,org,user_agent,request_id,business,@timestamp- Referencia
- Setting permissions for adding outside collaborators
org.update_saml_provider_settings- An organization's SAML provider settings were updated.
- Campos
user_agent,sso_url,actor_id,operation_type,@timestamp,issuer,org,_document_id,actor,org_id,created_at,request_id,action
org.update_terms_of_service- An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.
- Campos
request_id,org_id,actor,actor_id,user_agent,operation_type,_document_id,org,action,@timestamp,created_at,request_access_security_header- Referencia
- /organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement
org_secret_scanning_automatic_validity_checks
org_secret_scanning_automatic_validity_checks.disabled- Automatic partner validation checks have been disabled at the organization level
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot- Referencia
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization
org_secret_scanning_automatic_validity_checks.enabled- Automatic partner validation checks have been enabled at the organization level
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot- Referencia
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization
org_secret_scanning_custom_pattern
org_secret_scanning_custom_pattern.create- A custom pattern was created for secret scanning in an organization.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- Defining custom patterns for secret scanning
org_secret_scanning_custom_pattern.delete- A custom pattern was removed from secret scanning in an organization.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,request_access_security_header- Referencia
- Defining custom patterns for secret scanning
org_secret_scanning_custom_pattern.publish- A custom pattern was published for secret scanning in an organization.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id- Referencia
- Defining custom patterns for secret scanning
org_secret_scanning_custom_pattern.update- Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id- Referencia
- Defining custom patterns for secret scanning
org_secret_scanning_non_provider_patterns
org_secret_scanning_non_provider_patterns.disabled- Secret scanning for non-provider patterns was disabled at the organization level.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot- Referencia
- Supported secret scanning patterns
org_secret_scanning_non_provider_patterns.enabled- Secret scanning for non-provider patterns was enabled at the organization level.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot- Referencia
- Supported secret scanning patterns
org_secret_scanning_push_protection_bypass_list
org_secret_scanning_push_protection_bypass_list.add- A role or team was added to the push protection bypass list at the organization level.
- Campos
actor,actor_id,user_agent,request_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot- Referencia
- About push protection
org_secret_scanning_push_protection_bypass_list.disable- Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Specific roles or teams" to "Anyone with write access" at the organization level.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot- Referencia
- About push protection
org_secret_scanning_push_protection_bypass_list.enable- Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Anyone with write access" to "Specific roles or teams" at the organization level.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot- Referencia
- About push protection
org_secret_scanning_push_protection_bypass_list.remove- A role or team was removed from the push protection bypass list at the organization level.
- Campos
actor,actor_id,user_agent,request_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot- Referencia
- About push protection
org_secret_scanning_push_protection_pattern_configuration
org_secret_scanning_push_protection_pattern_configuration.push_protection_setting_changed- The push protection setting was changed for a secret type for your org.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,business,business_id,action,_document_id,@timestamp,created_at,secret_type,secret_type_display_name,push_protection_setting- Referencia
- Managing GitHub Advanced Security features for your enterprise
org_secret_scanning_push_protection_pattern_configuration.updated- The push protection pattern configuration was updated for your org.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,org,org_id,business,business_id,action,_document_id,@timestamp- Referencia
- Managing GitHub Advanced Security features for your enterprise
organization_domain
organization_domain.approve- A domain was approved for an organization.
- Campos
user_agent,request_id,actor,actor_id,owner_type,domain_name,org_id,business_id,owner,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization
organization_domain.create- A domain was added to an organization.
- Campos
created_at,_document_id,domain_name,action,request_id,actor_id,operation_type,@timestamp,user_agent,actor- Referencia
- /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization
organization_domain.destroy- A domain was removed from an organization.
- Campos
action,domain_name,@timestamp,_document_id,user_agent,request_id,actor,actor_id,operation_type,created_at- Referencia
- /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain
organization_domain.verify- A domain was verified for an organization.
- Campos
operation_type,domain_name,@timestamp,user_agent,request_id,actor,action,created_at,_document_id,actor_id- Referencia
- /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization
packages
packages.package_deleted- An entire package was deleted.
- Campos
actor_id,actor,org,org_id,repo,repo_id,package,action,operation_type,@timestamp,created_at,_document_id,business,business_id,actor_is_bot- Referencia
- /packages/learn-github-packages/deleting-and-restoring-a-package
packages.package_published- A package was published or republished to an organization.
- Campos
actor_id,actor,org,org_id,repo,repo_id,package,ecosystem,version_count,is_republished,action,operation_type,@timestamp,created_at,_document_id,business,business_id,actor_is_bot
packages.package_version_deleted- A specific package version was deleted.
- Campos
actor_id,actor,org,org_id,repo,repo_id,package,version,action,operation_type,@timestamp,created_at,_document_id,business,business_id,ecosystem,actor_is_bot- Referencia
- /packages/learn-github-packages/deleting-and-restoring-a-package
packages.package_version_published- A specific package version was published or republished to a package.
- Campos
org_id,ecosystem,package,version,actor_id,user_agent,is_republished,actor,action,operation_type,@timestamp,created_at,_document_id,business,business_id,actor_is_bot
pages_protected_domain
pages_protected_domain.create- A GitHub Pages verified domain was created for an organization or enterprise.
- Campos
user_agent,request_id,actor,actor_id,owner,owner_type,domain,state,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages
pages_protected_domain.delete- A GitHub Pages verified domain was deleted from an organization or enterprise.
- Campos
user_agent,request_id,actor,actor_id,owner,owner_type,domain,state,action,_document_id,@timestamp,created_at,operation_type- Referencia
- /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages
pages_protected_domain.verify- A GitHub Pages domain was verified for an organization or enterprise.
- Campos
user_agent,request_id,actor,actor_id,owner,owner_type,domain,state,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages
passkey
passkey.register- A new passkey was added.
- Campos
actor,actor_id,user_agent,request_id,nickname,user,user_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
passkey.remove- A new passkey was removed.
- Campos
actor,actor_id,user_agent,request_id,nickname,user,user_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
payment_method
payment_method.create- A new payment method was added, such as a new credit card or PayPal account.
- Campos
user_agent,request_id,user,operation_type,user_id,_document_id,action,actor,actor_id,@timestamp,created_at,request_access_security_header
payment_method.remove- A payment method was removed.
- Campos
user,created_at,actor_id,@timestamp,user_id,action,operation_type,actor,_document_id,request_access_security_header
payment_method.update- An existing payment method was updated.
- Campos
operation_type,request_id,org_id,created_at,actor_id,@timestamp,action,actor,org,user_agent,_document_id,request_access_security_header
personal_access_token
personal_access_token.access_granted- A fine-grained personal access token was granted access to resources.
- Campos
user_agent,request_id,actor,actor_id,user_programmatic_access_id,user_programmatic_access_name,repository_selection,user,user_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization
personal_access_token.access_restriction_disabled- The configured restriction for access to resources via personal access tokens was disabled.
- Campos
actor,actor_id,user_agent,request_id,programmatic_access_type,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header
personal_access_token.access_restriction_enabled- The configured restriction for access to resources via personal access tokens was enabled.
- Campos
actor,actor_id,user_agent,request_id,programmatic_access_type,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header
personal_access_token.access_restriction_reset- The configured restriction for access to resources via personal access tokens was reset and delegated to organizations.
- Campos
actor,actor_id,user_agent,request_id,programmatic_access_type,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot
personal_access_token.access_revoked- A fine-grained personal access token was revoked. The token can still read public organization resources.
- Campos
user_agent,request_id,actor,actor_id,user_programmatic_access_id,user_programmatic_access_name,repository_selection,user,user_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- /organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization
personal_access_token.auto_approve_grant_requests_disabled- Triggered when fine-grained personal access tokens can access organization resources without prior approval.
- Campos
actor,actor_id,user_agent,request_id,request_access_security_header,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot
personal_access_token.auto_approve_grant_requests_enabled- Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.
- Campos
actor,actor_id,user_agent,request_id,request_access_security_header,user,user_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot
personal_access_token.auto_approve_grant_requests_reset- Triggered when the enterprise delegates to the organizations when to require approval for fine-grained personal access tokens before the tokens can access organization resources.
- Campos
actor,actor_id,user_agent,request_id,request_access_security_header,user,user_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot
personal_access_token.create- Triggered when you create a fine-grained personal access token.
- Campos
user_agent,request_id,actor,actor_id,user_programmatic_access_name,user,user_id,repository_selection,action,_document_id,@timestamp,created_at,operation_type
personal_access_token.credential_regenerated- Triggered when you regenerate a fine-grained personal access token.
- Campos
user_agent,request_id,actor,actor_id,user_programmatic_access_name,user,user_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
personal_access_token.credential_revoked- A fine-grained personal access token was revoked by GitHub Advanced Security.
- Campos
user_programmatic_access_name,user,user_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- /code-security/getting-started/github-security-features#secret-scanning-alerts-for-users
personal_access_token.destroy- Triggered when you delete a fine-grained personal access token.
- Campos
user_agent,request_id,actor,actor_id,user_programmatic_access_name,user,user_id,explanation,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
personal_access_token.expiration_limit_set- A personal access token expiration limit was set.
- Campos
actor,actor_id,user_agent,request_id,programmatic_access_type,token_expiration,old_token_expiration,exempt_administrators,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header
personal_access_token.expiration_limit_unset- A personal access token expiration limit was unset.
- Campos
actor,actor_id,user_agent,request_id,programmatic_access_type,old_token_expiration,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header
personal_access_token.request_cancelled- A pending request for a fine-grained personal access token to access organization resources was canceled.
- Campos
user_agent,request_id,actor,actor_id,user_programmatic_access_name,org,org_id,repository_selection,action,_document_id,@timestamp,created_at,operation_type,user_programmatic_access_request_id
personal_access_token.request_created- Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.
- Campos
user_agent,request_id,actor,actor_id,user_programmatic_access_id,user_programmatic_access_name,user,user_id,repository_selection,action,_document_id,@timestamp,created_at,operation_type,user_programmatic_access_request_id- Referencia
- /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization
personal_access_token.request_denied- A request for a fine-grained personal access token to access organization resources was denied.
- Campos
actor,actor_id,user_agent,request_id,user_programmatic_access_name,org,org_id,repository_selection,action,_document_id,@timestamp,created_at,operation_type,user_programmatic_access_request_id- Referencia
- /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization
personal_access_token.update- A fine-grained personal access token was updated.
- Campos
user_agent,request_id,actor,actor_id,user_programmatic_access_name,user,user_id,repository_selection,action,_document_id,@timestamp,created_at,operation_type- Referencia
- /authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens
profile_picture
profile_picture.update- A profile picture was updated.
- Campos
user,actor_id,user_id,@timestamp,created_at,owner,action,_document_id,request_id,user_agent,actor,operation_type- Referencia
- /account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile
project
project.access- A project board visibility was changed.
- Campos
actor_id,actor,user_agent,operation_type,user,created_at,user_id,action,request_id,_document_id,@timestamp
project.close- A project board was closed.
- Campos
org_id,user_agent,request_id,operation_type,@timestamp,created_at,repo_id,org,_document_id,project_id,action,actor,actor_id,repo,project_kind- Referencia
- Closing a project (classic)
project.create- A project board was created.
- Campos
operation_type,user,_document_id,request_id,user_id,user_agent,@timestamp,actor_id,action,created_at,actor
project.delete- A project board was deleted.
- Campos
request_id,action,actor_id,operation_type,actor,user_id,@timestamp,created_at,_document_id,user_agent,user
project.link- A repository was linked to a project board.
- Campos
repo_id,action,actor_id,org_id,user_agent,request_id,actor,operation_type,@timestamp,_document_id,created_at,org,repo
project.open- A project board was reopened.
- Campos
actor,request_id,actor_id,action,user_id,project_id,_document_id,user_agent,operation_type,user,@timestamp,created_at,project_kind,project_name- Referencia
- Reopening a closed project (classic)
project.rename- A project board was renamed.
- Campos
action,created_at,request_id,actor_id,old_name,operation_type,@timestamp,repo,_document_id,user_agent,org_id,business_id,actor,repo_id,org,business
project.unlink- A repository was unlinked from a project board.
- Campos
repo,repo_id,operation_type,actor,action,created_at,actor_id,_document_id,request_id,@timestamp,user_agent,org,org_id
project.update_org_permission- The project's base-level permission for all organization members was changed or removed.
- Campos
actor,org,@timestamp,_document_id,operation_type,created_at,request_id,actor_id,action,org_id,user_agent
project.update_team_permission- A team's project board permission level was changed or when a team was added or removed from a project board.
- Campos
created_at,org_id,operation_type,org,actor_id,_document_id,request_id,team,@timestamp,action,user_agent,actor
project.update_user_permission- A user was added to or removed from a project board or had their permission level changed.
- Campos
request_id,user_id,operation_type,@timestamp,actor_id,user,user_agent,actor,created_at,org,_document_id,org_id,action,programmatic_access_type
project.visibility_private- A project's visibility was changed from public to private.
- Campos
user_agent,request_id,actor,actor_id,project_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,project_kind,project_name
project.visibility_public- A project's visibility was changed from private to public.
- Campos
user_agent,request_id,actor,actor_id,project_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,project_kind,project_name,request_access_security_header
project_collaborator
project_collaborator.add- A collaborator was added to a project.
- Campos
actor,actor_id,user_agent,request_id,collaborator_type,org,org_id,collaborator,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,public_project,project_name,project_role,old_project_role,request_access_security_header
project_collaborator.remove- A collaborator was removed from a project.
- Campos
actor,actor_id,user_agent,request_id,collaborator_type,user,user_id,collaborator,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
project_collaborator.update- A project collaborator's permission level was changed.
- Campos
actor,actor_id,user_agent,request_id,public_project,project_name,collaborator_type,project_role,old_project_role,project_id,user,user_id,collaborator,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
project_field
project_field.create- A field was created in a project board.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /issues/planning-and-tracking-with-projects/understanding-fields
project_field.delete- A field was deleted in a project board.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields
project_view
project_view.create- A view was created in a project board.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views
project_view.delete- A view was deleted in a project board.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views
protected_branch
protected_branch.authorized_users_teams- The users, teams, or integrations allowed to bypass a branch protection were changed.
- Campos
repo,action,org_id,user_agent,name,created_at,_document_id,operation_type,actor,repo_id,org,request_id,actor_id,oauth_application_id,@timestamp,programmatic_access_type- Referencia
- /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches
protected_branch.branch_allowances- A protected branch allowance was given to a specific user, team or integration.
- Campos
user_agent,request_id,token_id,hashed_token,programmatic_access_type,actor,actor_id,name,authorized_actors,policy,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,request_access_security_header
protected_branch.create- Branch protection was enabled on a branch.
- Campos
operation_type,repo_id,user_id,@timestamp,user_agent,repo,name,org_id,user,_document_id,request_id,actor,actor_id,org,action,created_at,authorized_actor_names,token_scopes,required_deployments_enforcement_level,merge_queue_enforcement_level,create_protected
protected_branch.destroy- Branch protection was disabled on a branch.
- Campos
name,repo,@timestamp,actor,org,actor_id,request_id,repo_id,org_id,operation_type,action,user_agent,created_at,_document_id,token_scopes,required_deployments_enforcement_level,merge_queue_enforcement_level,create_protected
protected_branch.dismiss_stale_reviews- Enforcement of dismissing stale pull requests was updated on a branch.
- Campos
user_agent,dismiss_stale_reviews_on_push,org_id,action,created_at,request_id,_document_id,@timestamp,actor_id,repo_id,operation_type,actor,repo,org,name,programmatic_access_type
protected_branch.dismissal_restricted_users_teams- Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.
- Campos
repo,repo_id,actor,oauth_application_id,authorized_actors_only,authorized_actors,created_at,user_agent,name,_document_id,org_id,request_id,@timestamp,actor_id,org,action,operation_type,programmatic_access_type
protected_branch.policy_override- A branch protection requirement was overridden by a repository administrator.
- Campos
repo_id,created_at,actor,reasons,@timestamp,before,after,actor_id,repo,operation_type,user_agent,branch,overridden_codes,org,org_id,action,_document_id,request_id,referrer,business,business_id,deploy_key_fingerprint,token_scopes,programmatic_access_type,compliant_pull_request_ids,rule_suite_id
protected_branch.rejected_ref_update- A branch update attempt was rejected.
- Campos
repo,org,@timestamp,created_at,_document_id,business,org_id,operation_type,request_id,repo_id,actor,branch,before,overridden_codes,after,action,reasons,actor_id,business_id,deploy_key_fingerprint,token_scopes,programmatic_access_type,compliant_pull_request_ids,actor_is_bot,rule_suite_id
protected_branch.update_admin_enforced- Branch protection was enforced for repository administrators.
- Campos
request_id,actor_id,admin_enforced,operation_type,user_agent,actor,org,name,repo,@timestamp,action,repo_id,org_id,_document_id,created_at,token_scopes,programmatic_access_type
protected_branch.update_allow_deletions_enforcement_level- Branch deletion was enabled or disabled for a protected branch.
- Campos
name,operation_type,request_id,repo,@timestamp,org_id,org,action,allow_deletions_enforcement_level,_document_id,created_at,actor_id,user_agent,actor,repo_id,request_access_security_header
protected_branch.update_allow_force_pushes_enforcement_level- Force pushes were enabled or disabled for a branch.
- Campos
org_id,actor_id,name,_document_id,actor,repo,operation_type,request_id,allow_force_pushes_enforcement_level,@timestamp,org,action,created_at,user_agent,repo_id,token_scopes,programmatic_access_type
protected_branch.update_ignore_approvals_from_contributors- Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.
- Campos
actor,actor_id,user_agent,request_id,name,ignore_approvals_from_contributors,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id- Referencia
- /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule
protected_branch.update_linear_history_requirement_enforcement_level- Required linear commit history was enabled or disabled for a branch.
- Campos
actor_id,action,user_agent,operation_type,actor,linear_history_requirement_enforcement_level,repo,request_id,name,org_id,repo_id,org,@timestamp,created_at,_document_id,programmatic_access_type
protected_branch.update_lock_allows_fetch_and_merge- Fork syncing was enabled or disabled for a read-only branch
- Campos
actor,actor_id,user_agent,request_id,name,lock_allows_fetch_and_merge,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,programmatic_access_type,request_access_security_header- Referencia
- repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch
protected_branch.update_lock_branch_enforcement_level- The enforcement of a branch lock was updated.
- Campos
actor,actor_id,user_agent,request_id,name,enforcement_level,lock_branch_enforcement_level,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,programmatic_access_type,request_access_security_header- Referencia
- /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch
protected_branch.update_merge_queue_enforcement_level- Enforcement of the merge queue was modified for a branch.
- Campos
actor,actor_id,user_agent,request_id,name,merge_queue_enforcement_level,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type- Referencia
- /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue
protected_branch.update_name- A branch name pattern was updated for a branch.
- Campos
user_agent,request_id,actor,actor_id,name,old_name,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,public_repo,programmatic_access_type,request_access_security_header
protected_branch.update_pull_request_reviews_enforcement_level- Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).
- Campos
name,org_id,_document_id,actor_id,@timestamp,business_id,request_id,pull_request_reviews_enforcement_level,org,repo,action,business,user_agent,created_at,repo_id,operation_type,actor,token_scopes,programmatic_access_type
protected_branch.update_require_code_owner_review- Enforcement of required code owner review was updated for a branch.
- Campos
org_id,created_at,require_code_owner_review,operation_type,name,user_agent,action,@timestamp,actor,actor_id,repo,request_id,org,repo_id,_document_id,programmatic_access_type
protected_branch.update_require_last_push_approval- Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.
- Campos
actor,actor_id,user_agent,request_id,name,require_last_push_approval,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type,programmatic_access_type,request_access_security_header- Referencia
- /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging
protected_branch.update_required_approving_review_count- Enforcement of the required number of approvals before merging was updated on a branch.
- Campos
required_approving_review_count,repo,request_id,repo_id,created_at,actor,operation_type,user_agent,name,org_id,action,actor_id,_document_id,org,@timestamp,programmatic_access_type
protected_branch.update_required_status_checks_enforcement_level- Enforcement of required status checks was updated for a branch.
- Campos
actor,org_id,user_agent,@timestamp,_document_id,name,repo,action,business_id,repo_id,business,actor_id,operation_type,created_at,request_id,required_status_checks_enforcement_level,org,token_scopes,programmatic_access_type
protected_branch.update_signature_requirement_enforcement_level- Enforcement of required commit signing was updated for a branch.
- Campos
operation_type,name,@timestamp,created_at,_document_id,request_id,repo_id,org,org_id,action,actor,actor_id,signature_requirement_enforcement_level,repo,user_agent,programmatic_access_type
protected_branch.update_strict_required_status_checks_policy- Enforcement of required status checks was updated for a branch.
- Campos
request_id,actor_id,_document_id,org,@timestamp,created_at,repo_id,org_id,user_agent,name,actor,repo,operation_type,action,strict_required_status_checks_policy,programmatic_access_type
public_key
public_key.create- An SSH key was added to a user account or a deploy key was added to a repository.
- Campos
read_only,user_agent,actor_id,operation_type,created_at,_document_id,key,fingerprint,actor,action,user,user_id,@timestamp,request_id,title,token_scopes,programmatic_access_type- Referencia
- /authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account
public_key.delete- An SSH key was removed from a user account or a deploy key was removed from a repository.
- Campos
fingerprint,user_agent,read_only,explanation,repo,@timestamp,action,key,operation_type,_document_id,actor,title,request_id,actor_id,repo_id,created_at,token_scopes,programmatic_access_type- Referencia
- /authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys
public_key.unverification_failure- A user account's SSH key or a repository's deploy key was unable to be unverified.
- Campos
user_agent,request_id,title,key,fingerprint,read_only,user,user_id,action,_document_id,@timestamp,created_at,operation_type,token_scopes- Referencia
- /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.unverify- A user account's SSH key or a repository's deploy key was unverified.
- Campos
created_at,operation_type,_document_id,title,request_id,key,action,actor,read_only,explanation,repo_id,@timestamp,actor_id,repo,user_agent,fingerprint- Referencia
- /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.update- A user account's SSH key or a repository's deploy key was updated.
- Campos
actor,user_agent,key,fingerprint,read_only,repo_id,operation_type,created_at,actor_id,repo,action,_document_id,request_id,title,@timestamp,programmatic_access_type- Referencia
- /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.verification_failure- A user account's SSH key or a repository's deploy key was unable to be verified.
- Campos
repo_id,actor,key,fingerprint,@timestamp,request_id,actor_id,oauth_application_id,title,action,user_agent,created_at,repo,read_only,operation_type,_document_id,user,user_id,programmatic_access_type- Referencia
- /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.verify- A user account's SSH key or a repository's deploy key was verified.
- Campos
operation_type,user,@timestamp,_document_id,action,created_at,key,fingerprint,actor_id,actor,title,user_agent,user_id,request_id,read_only,token_scopes,programmatic_access_type- Referencia
- /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
pull_request
pull_request.close- A pull request was closed without being merged.
- Campos
user_agent,request_id,actor,actor_id,pull_request_id,action,operation_type,@timestamp,created_at,_document_id,pull_request_url,programmatic_access_type,actor_is_bot- Referencia
- /pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request
pull_request.converted_to_draft- A pull request was converted to a draft.
- Campos
user_agent,request_id,actor,actor_id,pull_request_id,business_id,action,operation_type,@timestamp,created_at,_document_id,pull_request_url,token_scopes,programmatic_access_type,request_access_security_header- Referencia
- /pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft
pull_request.create- A pull request was created.
- Campos
user_agent,request_id,actor,actor_id,pull_request_id,user_id,action,operation_type,@timestamp,created_at,_document_id,pull_request_url,programmatic_access_type,actor_is_bot- Referencia
- /pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request
pull_request.create_review_request- A review was requested on a pull request.
- Campos
user_agent,request_id,actor,actor_id,pull_request_id,business_id,org_id,reviewer_type,reviewer,reviewer_id,action,operation_type,@timestamp,created_at,_document_id,pull_request_url,programmatic_access_type- Referencia
- /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews
pull_request.in_progress- A pull request was marked as in progress.
- Campos
user_agent,request_id,actor,actor_id,pull_request_id,business_id,action,operation_type,@timestamp,created_at,_document_id
pull_request.indirect_merge- A pull request was considered merged because the pull request's commits were merged into the target branch.
- Campos
user_agent,request_id,actor,actor_id,pull_request_id,business_id,action,operation_type,@timestamp,created_at,_document_id,pull_request_url,programmatic_access_type
pull_request.merge- A pull request was merged.
- Campos
user_agent,request_id,actor,actor_id,pull_request_id,action,operation_type,@timestamp,created_at,_document_id,pull_request_url,token_scopes,programmatic_access_type,actor_is_bot- Referencia
- /pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request
pull_request.ready_for_review- A pull request was marked as ready for review.
- Campos
user_agent,request_id,actor,actor_id,pull_request_id,business_id,action,operation_type,@timestamp,created_at,_document_id,pull_request_url,token_scopes,programmatic_access_type,request_access_security_header- Referencia
- /pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review
pull_request.remove_review_request- A review request was removed from a pull request.
- Campos
user_agent,request_id,actor,actor_id,pull_request_id,business_id,org_id,reviewer_type,reviewer,reviewer_id,action,operation_type,@timestamp,created_at,_document_id,pull_request_url,programmatic_access_type- Referencia
- /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews
pull_request.reopen- A pull request was reopened after previously being closed.
- Campos
user_agent,request_id,actor,actor_id,pull_request_id,action,operation_type,@timestamp,created_at,_document_id,pull_request_url,programmatic_access_type
pull_request_review_comment
pull_request_review_comment.create- A review comment was added to a pull request.
- Campos
user_agent,request_id,actor,actor_id,comment_id,action,operation_type,@timestamp,created_at,_document_id,token_scopes,programmatic_access_type,request_access_security_header- Referencia
- /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews
pull_request_review_comment.delete- A review comment on a pull request was deleted.
- Campos
user_agent,actor,@timestamp,_document_id,repo,created_at,request_id,comment_id,actor_id,repo_id,action,operation_type,token_scopes,programmatic_access_type
pull_request_review_comment.update- A review comment on a pull request was changed.
- Campos
operation_type,user_agent,request_id,actor_id,action,created_at,actor,_document_id,@timestamp,comment_id,token_scopes,programmatic_access_type
pull_request_review
pull_request_review.delete- A review on a pull request was deleted.
- Campos
user_agent,request_id,actor,actor_id,pull_request_id,review_id,action,operation_type,@timestamp,created_at,_document_id,pull_request_url,token_scopes,programmatic_access_type,request_access_security_header
pull_request_review.dismiss- A review on a pull request was dismissed.
- Campos
user_agent,request_id,actor,actor_id,pull_request_id,business_id,review_id,action,operation_type,@timestamp,created_at,_document_id,pull_request_url,programmatic_access_type- Referencia
- /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review
pull_request_review.submit- A review on a pull request was submitted.
- Campos
user_agent,request_id,actor,actor_id,pull_request_id,review_id,action,operation_type,@timestamp,created_at,_document_id,pull_request_url,programmatic_access_type- Referencia
- /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review
repo
repo.access- The visibility of a repository changed.
- Campos
repo_id,user,request_id,operation_type,@timestamp,actor_id,user_id,created_at,user_agent,actor,action,repo,visibility,_document_id,previous_visibility,programmatic_access_type- Referencia
- /repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility
repo.actions_enabled- GitHub Actions was enabled for a repository.
- Campos
user_agent,request_id,actor,actor_id,created_at,repo,repo_id,org,org_id,action,operation_type,@timestamp,_document_id,token_scopes,programmatic_access_type- Referencia
- organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api
repo.add_member- A collaborator was added to a repository.
- Campos
visibility,repo,created_at,user_agent,operation_type,@timestamp,_document_id,actor,actor_id,repo_id,user,request_id,action,user_id,oauth_application_id,org,org_id,token_scopes,programmatic_access_type- Referencia
- /account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository
repo.add_topic- A topic was added to a repository.
- Campos
action,user_agent,actor,repo,repo_id,user,org,org_id,request_id,actor_id,topic,@timestamp,_document_id,user_id,created_at,operation_type,programmatic_access_type- Referencia
- /repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics
repo.advanced_security_disabled- GitHub Advanced Security was disabled for a repository.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,repository,repository_id,business,business_id,action,operation_type,@timestamp,created_at,_document_id,programmatic_access_type,actor_is_bot,request_access_security_header- Referencia
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository
repo.advanced_security_enabled- GitHub Advanced Security was enabled for a repository.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,repository,repository_id,business,business_id,action,operation_type,@timestamp,created_at,_document_id,public_repo,programmatic_access_type,actor_is_bot- Referencia
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository
repo.archived- A repository was archived.
- Campos
repo_id,user_agent,user_id,created_at,@timestamp,repo,user,operation_type,visibility,action,actor_id,actor,_document_id,request_id,token_scopes,programmatic_access_type- Referencia
- /repositories/archiving-a-github-repository
repo.change_merge_setting- Pull request merge options were changed for a repository.
- Campos
actor,oauth_application_id,user_agent,request_id,created_at,@timestamp,_document_id,actor_id,operation_type,action,public_repo,token_scopes,programmatic_access_type,actor_is_bot
repo.code_scanning_analysis_deleted- Code scanning analysis for a repository was deleted.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,public_repo,tool,category,request_access_security_header- Referencia
- /rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository
repo.code_scanning_autofix_disabled- Autofix for code scanning alerts was disabled for a repository.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
repo.code_scanning_autofix_enabled- Autofix for code scanning alerts was enabled for a repository.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
repo.code_scanning_autofix_third_party_tools_disabled- Autofix for third party tools for code scanning alerts was disabled for a repository.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
repo.code_scanning_autofix_third_party_tools_enabled- Autofix for third party tools for code scanning alerts was enabled for a repository.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
repo.code_scanning_configuration_for_branch_deleted- A code scanning configuration for a branch of a repository was deleted.
- Campos
actor,actor_id,user_agent,request_id,tool,branch,category,repo,repo_id,public_repo,org,org_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Resolving code scanning alerts
repo.code_scanning_delegated_alert_dismissal_disabled- Prevention of direct alert dismissal for code scanning was disabled for a repository.
- Campos
actor,actor_id,user_agent,request_id,request_access_security_header,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type
repo.code_scanning_delegated_alert_dismissal_enabled- Prevention of direct alert dismissal for code scanning was enabled for a repository.
- Campos
actor,actor_id,user_agent,request_id,request_access_security_header,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type
repo.codeql_disabled- Code scanning using the default setup was disabled for a repository.
- Campos
user_agent,request_id,hashed_token,programmatic_access_type,actor,actor_id,token_id,token_scopes,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning
repo.codeql_enabled- Code scanning using the default setup was enabled for a repository.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,query_suite,threat_model,languages,request_access_security_header- Referencia
- /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning
repo.codeql_updated- Code scanning using the default setup was updated for a repository.
- Campos
actor,actor_id,user_agent,request_id,query_suite,threat_model,languages,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot- Referencia
- /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning
repo.config.disable_collaborators_only- The interaction limit for collaborators only was disabled.
- Campos
user_agent,actor,actor_id,repo_id,_document_id,action,created_at,repo,operation_type,@timestamp,request_id- Referencia
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.disable_contributors_only- The interaction limit for prior contributors only was disabled in a repository.
- Campos
repo,@timestamp,request_id,actor,_document_id,user_agent,actor_id,repo_id,action,operation_type,created_at- Referencia
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.disable_sockpuppet_disallowed- The interaction limit for existing users only was disabled in a repository.
- Campos
actor,request_id,repo_id,action,user_agent,_document_id,@timestamp,created_at,actor_id,repo,operation_type- Referencia
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.enable_collaborators_only- The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.
- Campos
actor,oauth_application_id,created_at,action,request_id,repo_id,repo,@timestamp,_document_id,user_agent,actor_id,operation_type- Referencia
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.enable_contributors_only- The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.
- Campos
user_agent,request_id,operation_type,created_at,actor,org,action,actor_id,repo,repo_id,org_id,@timestamp,_document_id- Referencia
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.enable_sockpuppet_disallowed- The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.
- Campos
actor,operation_type,created_at,user_agent,request_id,action,actor_id,repo,repo_id,@timestamp,_document_id- Referencia
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.create- A repository was created.
- Campos
repo,user_id,visibility,repo_id,user,request_id,actor_id,action,operation_type,request_category,@timestamp,created_at,_document_id,actor,user_agent,org,oauth_application_id,org_id,request_method,business,business_id,public_repo,token_scopes,programmatic_access_type,actor_is_bot- Referencia
- /repositories/creating-and-managing-repositories/creating-a-new-repository
repo.create_actions_secret- A GitHub Actions secret was created for a repository.
- Campos
user_agent,request_id,actor,actor_id,key,repo,repo_id,action,operation_type,@timestamp,created_at,_document_id,token_scopes,programmatic_access_type- Referencia
- Using secrets in GitHub Actions
repo.create_actions_variable- A GitHub Actions variable was created for a repository.
- Campos
actor,actor_id,user_agent,request_id,key,visibility,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,request_access_security_header- Referencia
- Store information in variables
repo.create_integration_secret- A Codespaces or Dependabot secret was created for a repository.
- Campos
user_agent,request_id,actor,actor_id,key,visibility,integration,repo,repo_id,action,operation_type,@timestamp,created_at,_document_id,public_repo,programmatic_access_type,request_access_security_header
repo.destroy- A repository was deleted.
- Campos
repo,_document_id,user_agent,user_id,actor,action,user,repo_id,operation_type,request_category,actor_id,visibility,request_id,created_at,@timestamp,request_method,oauth_application_id,token_scopes,programmatic_access_type,actor_is_bot- Referencia
- /repositories/creating-and-managing-repositories/deleting-a-repository
repo.disk_archive- A repository was archived on disk.
- Campos
actor_id,repo,operation_type,@timestamp,created_at,request_id,_document_id,repo_id,actor,action,user_agent- Referencia
- /repositories/archiving-a-github-repository/archiving-repositories
repo.download_zip- A source code archive of a repository was downloaded as a ZIP file.
- Campos
user_agent,request_id,actor,actor_id,visibility,repo,repo_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,public_repo,token_scopes,programmatic_access_type,actor_is_bot- Referencia
- /repositories/working-with-files/using-files/downloading-source-code-archives
repo.override_unlock- The repository was unlocked.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,repo,repo_id,action,operation_type,@timestamp,created_at,_document_id
repo.pages_cname- A GitHub Pages custom domain was modified in a repository.
- Campos
actor,@timestamp,visibility,repo,repo_id,user,request_id,actor_id,cname,user_agent,user_id,created_at,_document_id,action,operation_type,old_cname,programmatic_access_type
repo.pages_create- A GitHub Pages site was created.
- Campos
actor_id,user,_document_id,user_id,visibility,action,user_agent,operation_type,repo_id,created_at,@timestamp,request_id,actor,repo,programmatic_access_type
repo.pages_destroy- A GitHub Pages site was deleted.
- Campos
created_at,user_id,action,request_id,user,repo,user_agent,_document_id,actor_id,@timestamp,actor,visibility,operation_type,repo_id,programmatic_access_type
repo.pages_https_redirect_disabled- HTTPS redirects were disabled for a GitHub Pages site.
- Campos
user,actor_id,repo_id,_document_id,user_agent,actor,visibility,user_id,request_id,repo,@timestamp,operation_type,action,created_at,programmatic_access_type,request_access_security_header
repo.pages_https_redirect_enabled- HTTPS redirects were enabled for a GitHub Pages site.
- Campos
request_id,@timestamp,user_agent,user_id,created_at,visibility,actor,actor_id,user,operation_type,repo_id,action,repo,_document_id,request_access_security_header
repo.pages_private- A GitHub Pages site visibility was changed to private.
- Campos
user_agent,request_id,actor,actor_id,visibility,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id
repo.pages_public- A GitHub Pages site visibility was changed to public.
- Campos
user_agent,request_id,actor,actor_id,visibility,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,programmatic_access_type,request_access_security_header
repo.pages_soft_delete- A GitHub Pages site was soft-deleted because its owner's plan changed.
- Campos
visibility,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
repo.pages_soft_delete_restore- A GitHub Pages site that was previously soft-deleted was restored.
- Campos
actor,actor_id,user_agent,request_id,visibility,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
repo.pages_source- A GitHub Pages source was modified.
- Campos
user_id,actor_id,operation_type,user_agent,actor,@timestamp,repo_id,user,_document_id,request_id,visibility,repo,created_at,action,programmatic_access_type
repo.register_self_hosted_runner- A new self-hosted runner was registered.
- Campos
actor_id,repo,operation_type,action,@timestamp,actor,user_agent,created_at,_document_id,request_id,repo_id,request_access_security_header- Referencia
- Adding self-hosted runners
repo.remove_actions_secret- A GitHub Actions secret was deleted for a repository.
- Campos
user_agent,request_id,actor,actor_id,key,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,token_scopes,programmatic_access_type- Referencia
- Using secrets in GitHub Actions
repo.remove_actions_variable- A GitHub Actions variable was deleted for a repository.
- Campos
actor,actor_id,user_agent,request_id,key,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,request_access_security_header- Referencia
- Store information in variables
repo.remove_integration_secret- A Codespaces or Dependabot secret was deleted for a repository.
- Campos
user_agent,request_id,actor,actor_id,key,integration,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,public_repo,request_access_security_header
repo.remove_member- A collaborator was removed from a repository.
- Campos
request_id,user,business,action,actor_id,org,org_id,actor,created_at,repo_id,user_agent,business_id,user_id,operation_type,@timestamp,_document_id,visibility,repo,token_scopes,programmatic_access_type- Referencia
- /account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository
repo.remove_self_hosted_runner- A self-hosted runner was removed.
- Campos
request_id,actor_id,repo_id,@timestamp,_document_id,repo,org_id,action,operation_type,user_agent,actor,created_at,org,token_scopes,programmatic_access_type- Referencia
- Removing self-hosted runners
repo.remove_topic- A topic was removed from a repository.
- Campos
user,action,repo_id,user_agent,topic,operation_type,user_id,org,org_id,actor,business,request_id,repo,@timestamp,created_at,_document_id,actor_id,business_id,programmatic_access_type
repo.rename- A repository was renamed.
- Campos
user_agent,@timestamp,request_id,actor_id,actor,old_name,repo,user_id,created_at,user,action,operation_type,visibility,repo_id,_document_id,programmatic_access_type- Referencia
- /repositories/creating-and-managing-repositories/renaming-a-repository
repo.self_hosted_runner_offline- The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
- Campos
repo_id,repo,org_id,org,runner_id,runner_name,action,_document_id,operation_type,created_at,@timestamp- Referencia
- Monitoring and troubleshooting self-hosted runners
repo.self_hosted_runner_online- The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
- Campos
repo_id,repo,org_id,org,runner_id,runner_name,action,_document_id,operation_type,created_at,@timestamp- Referencia
- Monitoring and troubleshooting self-hosted runners
repo.self_hosted_runner_updated- The runner application was updated. This event is not included in the JSON/CSV export.
- Campos
repo_id,runner_id,runner_name,source_version,target_version,runner_group_id,runner_group_name- Referencia
- Self-hosted runners
repo.set_actions_fork_pr_approvals_policy- The setting for requiring approvals for workflows from public forks was changed for a repository.
- Campos
user_agent,request_id,actor,actor_id,visibility,policy,repo,repo_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,public_repo- Referencia
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks
repo.set_actions_private_fork_pr_approvals_policy- The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.
- Campos
actor,actor_id,user_agent,request_id,visibility,policy,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories
repo.set_actions_retention_limit- The retention period for GitHub Actions artifacts and logs in a repository was changed.
- Campos
user_agent,request_id,actor,actor_id,visibility,limit,repo,repo_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository
repo.set_default_workflow_permissions- The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.
- Campos
actor,actor_id,user_agent,request_id,visibility,repo,repo_id,public_repo,user,user_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository
repo.set_fork_pr_workflows_policy- Triggered when the policy for workflows on private repository forks is changed.
- Campos
user_agent,request_id,actor,actor_id,visibility,policy,repo,repo_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks
repo.set_workflow_permission_can_approve_pr- The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.
- Campos
actor,actor_id,user_agent,request_id,visibility,repo,repo_id,public_repo,user,user_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests
repo.staff_unlock- An enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.
- Campos
@timestamp,_document_id,user_agent,actor_id,created_at,actor,repo_id,action,org,org_id,request_id,repo,operation_type
repo.temporary_access_granted- Temporary access was enabled for a repository.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type,business,business_id- Referencia
- Accessing user-owned repositories in your enterprise
repo.transfer- A user accepted a request to receive a transferred repository.
- Campos
@timestamp,user_id,_document_id,request_id,actor_id,repo_id,owner,user,old_user,action,operation_type,created_at,user_agent,repo,visibility,repo_was,actor- Referencia
- /repositories/creating-and-managing-repositories/transferring-a-repository
repo.transfer_outgoing- A repository was transferred to another repository network.
- Campos
user_agent,request_id,actor,actor_id,repo,repo_id,new_nwo,visibility,org,org_id,action,_document_id,@timestamp,created_at,operation_type,public_repo,request_access_security_header
repo.transfer_start- A user sent a request to transfer a repository to another user or organization.
- Campos
@timestamp,_document_id,operation_type,user_id,request_id,user,action,user_agent,created_at,actor,visibility,repo_id,actor_id,repo,request_access_security_header
repo.unarchived- A repository was unarchived.
- Campos
actor,request_id,actor_id,repo,operation_type,created_at,_document_id,repo_id,user,@timestamp,visibility,user_agent,user_id,action,programmatic_access_type- Referencia
- /repositories/archiving-a-github-repository
repo.update_actions_access_settings- The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.
- Campos
user_agent,request_id,actor,actor_id,visibility,policy,old_policy,repo,repo_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id
repo.update_actions_secret- A GitHub Actions secret was updated for a repository.
- Campos
user_agent,request_id,actor,actor_id,oauth_application_id,key,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,business,business_id,token_scopes,programmatic_access_type- Referencia
- Using secrets in GitHub Actions
repo.update_actions_settings- A repository administrator changed GitHub Actions policy settings for a repository.
- Campos
user_agent,request_id,actor,actor_id,visibility,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,new_policy,old_policy,updated_access_policy,programmatic_access_type,actor_is_bot
repo.update_actions_variable- A GitHub Actions variable was updated for a repository.
- Campos
actor,actor_id,user_agent,request_id,key,visibility,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,request_access_security_header- Referencia
- Store information in variables
repo.update_default_branch- The default branch for a repository was changed.
- Campos
user_agent,request_id,actor,actor_id,visibility,repo,repo_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id,token_scopes,programmatic_access_type,actor_is_bot
repo.update_integration_secret- A Codespaces or Dependabot secret was updated for a repository.
- Campos
user_agent,request_id,actor,actor_id,key,visibility,integration,repo,repo_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,public_repo,token_scopes,programmatic_access_type,request_access_security_header
repo.update_member- A user's permission to a repository was changed.
- Campos
user_agent,action,_document_id,actor,repo_id,created_at,oauth_application_id,user,@timestamp,repo,operation_type,request_id,org_id,actor_id,visibility,old_permission,org,user_id,old_base_role,old_repo_permission,old_repo_base_role,new_repo_base_role,new_repo_permission,token_scopes,programmatic_access_type,actor_is_bot
repository_branch_protection_evaluation
repository_branch_protection_evaluation.disable- Branch protections were disabled for the repository.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,org,org_id,business_id,user,user_id,business,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule
repository_branch_protection_evaluation.enable- Branch protections were enabled for this repository.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,org,org_id,business_id,user,user_id,business,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule
repository_image
repository_image.create- An image to represent a repository was uploaded.
- Campos
user_agent,operation_type,created_at,actor_id,repo_id,action,request_id,actor,content_type,repo,@timestamp,_document_id,user,user_id,request_access_security_header
repository_image.destroy- An image to represent a repository was deleted.
- Campos
content_type,created_at,actor_id,user_id,operation_type,request_id,_document_id,actor,repo_id,user_agent,repo,user,action,@timestamp,request_access_security_header
repository_invitation
repository_invitation.accept- An invitation to join a repository was accepted.
- Campos
actor_id,created_at,request_id,repo,invitee,operation_type,actor,repo_id,_document_id,action,user_agent,inviter,@timestamp,token_scopes,programmatic_access_type
repository_invitation.cancel- An invitation to join a repository was canceled.
- Campos
inviter,action,operation_type,_document_id,repo_id,repo,@timestamp,user_agent,invitee,created_at,request_id,actor,actor_id,request_access_security_header
repository_invitation.create- An invitation to join a repository was sent.
- Campos
_document_id,actor,actor_id,@timestamp,invitee,action,request_id,inviter,repo,created_at,user_agent,repo_id,operation_type,token_scopes,programmatic_access_type
repository_invitation.reject- An invitation to join a repository was declined.
- Campos
repo,_document_id,actor,invitee,action,@timestamp,request_id,actor_id,operation_type,created_at,inviter,user_agent,repo_id
repository_ruleset
repository_ruleset.create- A repository ruleset was created.
- Campos
actor,actor_id,user_agent,request_id,name,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,ruleset_id,ruleset_name,ruleset_enforcement,ruleset_source_type,ruleset_rules,ruleset_conditions,ruleset_bypass_actors,request_access_security_header- Referencia
- /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository
repository_ruleset.destroy- A repository ruleset was deleted.
- Campos
actor,actor_id,user_agent,request_id,name,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,ruleset_id,ruleset_name,ruleset_enforcement,ruleset_source_type,ruleset_rules,ruleset_bypass_actors,request_access_security_header- Referencia
- /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset
repository_ruleset.update- A repository ruleset was edited.
- Campos
actor,actor_id,user_agent,request_id,old_name,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,ruleset_id,ruleset_name,ruleset_enforcement,ruleset_source_type,ruleset_rules_updated,ruleset_conditions_added,ruleset_conditions_deleted,ruleset_old_enforcement,ruleset_rules_added,ruleset_rules_deleted,ruleset_old_name,ruleset_conditions_updated,ruleset_bypass_actors_added,ruleset_bypass_actors_deleted,ruleset_bypass_actors_updated,actor_is_bot- Referencia
- /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset
repository_secret_scanning_automatic_validity_checks
repository_secret_scanning_automatic_validity_checks.disabled- Automatic partner validation checks have been disabled at the repository level
- Campos
actor,actor_id,user_agent,request_id,user,user_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository
repository_secret_scanning_automatic_validity_checks.enabled- Automatic partner validation checks have been enabled at the repository level
- Campos
actor,actor_id,user_agent,request_id,user,user_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository
repository_secret_scanning_custom_pattern
repository_secret_scanning_custom_pattern.create- A custom pattern was created for secret scanning in a repository.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,repo,repo_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,public_repo- Referencia
- Defining custom patterns for secret scanning
repository_secret_scanning_custom_pattern.delete- A custom pattern was removed from secret scanning in a repository.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,repo,repo_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,public_repo- Referencia
- Defining custom patterns for secret scanning
repository_secret_scanning_custom_pattern.publish- A custom pattern was published for secret scanning in a repository.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot- Referencia
- Defining custom patterns for secret scanning
repository_secret_scanning_custom_pattern.update- Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,repo,repo_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,public_repo- Referencia
- Defining custom patterns for secret scanning
repository_secret_scanning_custom_pattern_push_protection
repository_secret_scanning_custom_pattern_push_protection.disabled- Push protection for a custom pattern for secret scanning was disabled for your repository.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id- Referencia
- Defining custom patterns for secret scanning
repository_secret_scanning_custom_pattern_push_protection.enabled- Push protection for a custom pattern for secret scanning was enabled for your repository.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot- Referencia
- Defining custom patterns for secret scanning
repository_secret_scanning
repository_secret_scanning.disable- Secret scanning was disabled for a repository.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,repo,repo_id,org,org_id,action,operation_type,@timestamp,_document_id,public_repo,programmatic_access_type- Referencia
- About secret scanning
repository_secret_scanning.enable- Secret scanning was enabled for a repository.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,repo,repo_id,org,org_id,action,operation_type,@timestamp,_document_id,programmatic_access_type
repository_secret_scanning_non_provider_patterns
repository_secret_scanning_non_provider_patterns.disabled- Secret scanning for non-provider patterns was disabled at the repository level.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- Supported secret scanning patterns
repository_secret_scanning_non_provider_patterns.enabled- Secret scanning for non-provider patterns was enabled at the repository level.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- Supported secret scanning patterns
repository_secret_scanning_push_protection_bypass_list
repository_secret_scanning_push_protection_bypass_list.add- A role or team was added to the push protection bypass list at the repository level.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- About push protection
repository_secret_scanning_push_protection_bypass_list.disable- Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Specific roles or teams" to "Anyone with write access" at the repository level.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- About push protection
repository_secret_scanning_push_protection_bypass_list.enable- Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Anyone with write access" to "Specific roles or teams" at the repository level.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- About push protection
repository_secret_scanning_push_protection_bypass_list.remove- A role or team was removed from the push protection bypass list at the repository level.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- About push protection
repository_secret_scanning_push_protection
repository_secret_scanning_push_protection.disable- Secret scanning push protection was disabled for a repository.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,repo,repo_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,public_repo,programmatic_access_type,request_access_security_header- Referencia
- About push protection
repository_secret_scanning_push_protection.enable- Secret scanning push protection was enabled for a repository.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,repo,repo_id,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,public_repo,programmatic_access_type,request_access_security_header- Referencia
- About push protection
repository_security_configuration
repository_security_configuration.applied- A code security configuration was applied to a repository.
- Campos
actor,actor_id,user_agent,request_id,security_configuration_id,security_configuration_name,repository_security_configuration_state,repository_security_configuration_failure_reason,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
repository_security_configuration.failed- A code security configuration failed to attach to the repository.
- Campos
actor,actor_id,user_agent,request_id,security_configuration_id,security_configuration_name,repository_security_configuration_failure_reason,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
repository_security_configuration.removed- A code security configuration was removed from a repository.
- Campos
actor,actor_id,user_agent,request_id,security_configuration_id,security_configuration_name,repository_security_configuration_state,repository_security_configuration_failure_reason,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
repository_security_configuration.removed_by_settings_change- A code security configuration was removed due to a change in repository or enterprise settings.
- Campos
actor,actor_id,user_agent,request_id,security_configuration_id,security_configuration_name,repository_security_configuration_state,repository_security_configuration_failure_reason,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
restrict_notification_delivery
restrict_notification_delivery.disable- Email notification restrictions for an organization or enterprise were disabled.
- Campos
user_agent,request_id,actor,actor_id,business,business_id,owner,action,operation_type,@timestamp,created_at,_document_id- Referencia
- Restricting email notifications for your organization, Restricting email notifications for your enterprise
restrict_notification_delivery.enable- Email notification restrictions for an organization or enterprise were enabled.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,business_id,owner,action,operation_type,@timestamp,created_at,_document_id- Referencia
- Restricting email notifications for your organization, Restricting email notifications for your enterprise
secret_scanning_alert
secret_scanning_alert.create- GitHub detected a secret and created a secret scanning alert.
- Campos
repo_id,repo,actor_id,actor,org_id,org,business,business_id,number,secret_type,secret_type_display_name,publicly_leaked,multi_repo- Referencia
- /code-security/secret-scanning/managing-alerts-from-secret-scanning
secret_scanning_alert.reopen- A secret scanning alert was reopened.
- Campos
user_agent,request_id,actor,actor_id,number,user,user_id,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type,token_scopes,secret_type_display_name
secret_scanning_alert.resolve- A secret scanning alert was resolved.
- Campos
user_agent,request_id,actor,actor_id,number,resolution,user,user_id,repo,repo_id,public_repo,action,_document_id,@timestamp,created_at,operation_type,token_scopes,secret_type,secret_type_display_name,publicly_leaked,multi_repo,request_access_security_header
secret_scanning_alert.revoke- A secret scanning alert was revoked.
- Campos
user_agent,request_id,actor,actor_id,number,user,user_id,repo,repo_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id
secret_scanning_alert.validate- A secret scanning alert was validated.
- Campos
repo_id,repo,actor_id,actor,org_id,org,business,business_id,number,created_at,previous_validity,current_validity,secret_type,secret_type_display_name,publicly_leaked,multi_repo- Referencia
- /code-security/secret-scanning/managing-alerts-from-secret-scanning
secret_scanning
secret_scanning.disable- Secret scanning was disabled for all existing repositories.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- About secret scanning
secret_scanning.enable- Secret scanning was enabled for all existing repositories.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,org,org_id,action,operation_type,@timestamp,_document_id- Referencia
- About secret scanning
secret_scanning_new_repos
secret_scanning_new_repos.disable- Secret scanning was disabled for all new repositories.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,org,org_id,action,operation_type,@timestamp,created_at,_document_id,token_scopes- Referencia
- About secret scanning
secret_scanning_new_repos.enable- Secret scanning was enabled for all new repositories.
- Campos
user_agent,request_id,actor,actor_id,created_at,user,user_id,org,org_id,action,operation_type,@timestamp,_document_id- Referencia
- About secret scanning
secret_scanning_push_protection
secret_scanning_push_protection.bypass- Triggered when a user bypasses the push protection on a secret detected by secret scanning.
- Campos
repo_id,repo,actor_id,actor,org_id,org,business,business_id,number,created_at,push_protection_bypass_reason,secret_type,secret_type_display_name,publicly_leaked,multi_repo,request_reviewer,request_reviewer_id- Referencia
- About push protection
secret_scanning_push_protection_request
secret_scanning_push_protection_request.approve- A request to bypass secret scanning push protection was approved by a user.
- Campos
actor,actor_id,user_agent,request_id,number,repository,repository_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- About push protection
secret_scanning_push_protection_request.deny- A request to bypass secret scanning push protection was denied by a user.
- Campos
actor,actor_id,user_agent,request_id,number,repository,repository_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header,request_reviewer_comment- Referencia
- About push protection
secret_scanning_push_protection_request.request- A user requested to bypass secret scanning push protection.
- Campos
actor,actor_id,user_agent,request_id,number,repository,repository_id,public_repo,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header- Referencia
- Working with secret scanning and push protection
secret_scanning_scan
secret_scanning_scan.completed- A secret scanning scan has completed on this repository.
- Campos
repo_id,org_id,business_id,source,type,source_slug,type_slug,started_at,completed_at,repo,public_repo,org,business,action,_document_id,@timestamp,created_at,operation_type,secret_types,custom_pattern_name,custom_pattern_scope- Referencia
- About secret scanning
security_configuration
security_configuration.create- A security configuration was created
- Campos
actor,actor_id,user_agent,request_id,security_configuration_id,security_configuration_name,security_configuration_description,security_configuration_created_at,security_configuration_updated_at,security_configuration_enable_ghas,security_configuration_private_vulnerability_reporting,security_configuration_dependency_graph,security_configuration_dependabot_alerts,security_configuration_dependabot_security_updates,security_configuration_code_scanning,security_configuration_secret_scanning,security_configuration_secret_scanning_push_protection,security_configuration_secret_scanning_validity_checks,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,security_configuration_dependency_graph_autosubmit_action,security_configuration_secret_scanning_non_provider_patterns,security_configuration_secret_scanning_delegated_bypass,security_configuration_secret_scanning_generic_secrets,security_configuration_secret_scanning_delegated_alert_dismissal,security_configuration_code_scanning_delegated_alert_dismissal,security_configuration_code_security_sku_enabled,security_configuration_secret_protection_sku_enabled
security_configuration.delete- A security configuration was deleted
- Campos
actor,actor_id,user_agent,request_id,security_configuration_id,security_configuration_name,security_configuration_description,security_configuration_created_at,security_configuration_updated_at,security_configuration_enable_ghas,security_configuration_private_vulnerability_reporting,security_configuration_dependency_graph,security_configuration_dependabot_alerts,security_configuration_dependabot_security_updates,security_configuration_code_scanning,security_configuration_secret_scanning,security_configuration_secret_scanning_push_protection,security_configuration_secret_scanning_validity_checks,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,security_configuration_dependency_graph_autosubmit_action,security_configuration_secret_scanning_non_provider_patterns,security_configuration_secret_scanning_delegated_bypass,security_configuration_secret_scanning_delegated_alert_dismissal,security_configuration_code_scanning_delegated_alert_dismissal,security_configuration_code_security_sku_enabled,security_configuration_secret_protection_sku_enabled
security_configuration.update- A security configuration was updated
- Campos
actor,actor_id,user_agent,request_id,security_configuration_id,security_configuration_name,security_configuration_description,security_configuration_created_at,security_configuration_updated_at,security_configuration_enable_ghas,security_configuration_private_vulnerability_reporting,security_configuration_dependency_graph,security_configuration_dependabot_alerts,security_configuration_dependabot_security_updates,security_configuration_code_scanning,security_configuration_secret_scanning,security_configuration_secret_scanning_push_protection,security_configuration_secret_scanning_validity_checks,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,security_configuration_dependency_graph_autosubmit_action,security_configuration_secret_scanning_non_provider_patterns,security_configuration_secret_scanning_delegated_bypass,security_configuration_secret_scanning_generic_secrets,security_configuration_secret_scanning_delegated_alert_dismissal,security_configuration_code_scanning_delegated_alert_dismissal,security_configuration_code_security_sku_enabled,security_configuration_secret_protection_sku_enabled
security_configuration_default
security_configuration_default.delete- A default security configuration setting for new repositories was removed.
- Campos
actor,actor_id,user_agent,request_id,default_for_new_private_repos,default_for_new_public_repos,security_configuration_name,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot
security_configuration_default.update- A default security configuration setting for new repositories was updated.
- Campos
actor,actor_id,user_agent,request_id,default_for_new_private_repos,default_for_new_public_repos,security_configuration_name,org,org_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot
security_configuration_policy
security_configuration_policy.update- A security configuration policy was updated
- Campos
actor,actor_id,user_agent,request_id,enforcement,security_configuration_name,action,_document_id,@timestamp,created_at,operation_type
security_key
security_key.register- A security key was registered for an account.
- Campos
actor_id,user,created_at,user_id,action,operation_type,request_id,@timestamp,_document_id,actor,user_agent,request_access_security_header
security_key.remove- A security key was removed from an account.
- Campos
actor,user_id,operation_type,_document_id,user_agent,@timestamp,request_id,actor_id,action,created_at,user,request_access_security_header
sponsors
sponsors.agreement_sign- A GitHub Sponsors agreement was signed on behalf of an organization.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,sponsors_listing_id,action,_document_id,@timestamp,created_at,operation_type
sponsors.custom_amount_settings_change- Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,sponsors_listing_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers
sponsors.fiscal_host_change- The fiscal host for a GitHub Sponsors listing was updated.
- Campos
user_agent,request_id,actor,actor_id,org,org_id,sponsors_listing_id,action,_document_id,@timestamp,created_at,operation_type
sponsors.repo_funding_links_file_action- The FUNDING file in a repository was changed.
- Campos
@timestamp,action,created_at,_document_id,request_id,repository,repository_id,actor,user_agent,actor_id,operation_type- Referencia
- /repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository
sponsors.sponsor_sponsorship_cancel- A sponsorship was canceled.
- Campos
operation_type,_document_id,created_at,actor,user,action,actor_id,user_id,@timestamp- Referencia
- Downgrading a sponsorship
sponsors.sponsor_sponsorship_create- A sponsorship was created, by sponsoring an account.
- Campos
actor,user_id,action,@timestamp,user_agent,request_id,user,operation_type,created_at,actor_id,_document_id- Referencia
- /sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes
sponsors.sponsor_sponsorship_payment_complete- After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.
- Campos
active,user,user_id,actor,actor_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes
sponsors.sponsor_sponsorship_preference_change- The option to receive email updates from a sponsored account was changed.
- Campos
actor_id,action,@timestamp,request_id,user_id,created_at,user,_document_id,user_agent,actor,operation_type- Referencia
- /sponsors/sponsoring-open-source-contributors/managing-your-sponsorship
sponsors.sponsor_sponsorship_tier_change- A sponsorship was upgraded or downgraded.
- Campos
user_id,actor,actor_id,action,user,operation_type,@timestamp,_document_id,created_at- Referencia
- Upgrading a sponsorship, Downgrading a sponsorship
sponsors.sponsored_developer_approve- A GitHub Sponsors account was approved.
- Campos
user_id,action,user_agent,request_id,actor,user,operation_type,@timestamp,created_at,actor_id,_document_id- Referencia
- /sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.sponsored_developer_create- A GitHub Sponsors account was created.
- Campos
user_id,operation_type,request_id,actor_id,@timestamp,_document_id,user,action,created_at,user_agent,actor- Referencia
- /sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.sponsored_developer_disable- A GitHub Sponsors account was disabled.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,sponsors_listing_id,action,operation_type,@timestamp,created_at,_document_id
sponsors.sponsored_developer_profile_update- The profile for GitHub Sponsors account was edited.
- Campos
@timestamp,actor_id,operation_type,created_at,user_agent,request_id,actor,action,_document_id,request_access_security_header- Referencia
- /sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors
sponsors.sponsored_developer_redraft- A GitHub Sponsors account was returned to draft state from approved state.
- Campos
@timestamp,created_at,request_id,user,action,user_agent,operation_type,_document_id,actor,actor_id,user_id
sponsors.sponsored_developer_request_approval- An application for GitHub Sponsors was submitted for approval.
- Campos
user_agent,user,@timestamp,actor_id,user_id,request_id,_document_id,actor,action,operation_type,created_at- Referencia
- /sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.sponsored_developer_tier_description_update- The description for a sponsorship tier was changed.
- Campos
operation_type,request_id,actor,user_id,action,@timestamp,_document_id,user_agent,actor_id,user,created_at- Referencia
- /sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers
sponsors.sponsored_developer_update_newsletter_send- Triggered when you send an email update to your sponsors.
- Campos
request_id,actor,action,user_agent,operation_type,_document_id,created_at,actor_id,user,user_id,@timestamp- Referencia
- /sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors
sponsors.sponsors_patreon_user_create- A Patreon account was linked to a user account for use with GitHub Sponsors.
- Campos
actor,actor_id,user_agent,request_id,patreon_email,patreon_username,user,user_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- /sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account
sponsors.sponsors_patreon_user_destroy- A Patreon account for use with GitHub Sponsors was unlinked from a user account.
- Campos
actor,actor_id,user_agent,request_id,patreon_email,patreon_username,user,user_id,action,_document_id,@timestamp,created_at,operation_type- Referencia
- Unlinking your Patreon account from GitHub
sponsors.update_tier_repository- A GitHub Sponsors tier changed access for a repository.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,sponsors_listing_id,repo,repo_id,action,_document_id,@timestamp,created_at,operation_type
sponsors.update_tier_welcome_message- The welcome message for a GitHub Sponsors tier for an organization was updated.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,sponsors_listing_id,action,_document_id,@timestamp,created_at,operation_type
sponsors.waitlist_join- You join the waitlist to join GitHub Sponsors.
- Campos
request_id,actor,user_id,user_agent,actor_id,action,operation_type,created_at,user,@timestamp,_document_id- Referencia
- /sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.withdraw_agreement_signature- A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,sponsors_listing_id,action,_document_id,@timestamp,created_at,operation_type
ssh_certificate_authority
ssh_certificate_authority.create- An SSH certificate authority for an organization or enterprise was created.
- Campos
@timestamp,_document_id,fingerprint,operation_type,openssh_public_key,org_id,actor,created_at,org,action,user_agent,actor_id,request_id- Referencia
- Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise
ssh_certificate_authority.destroy- An SSH certificate authority for an organization or enterprise was deleted.
- Campos
created_at,_document_id,fingerprint,operation_type,actor,org_id,openssh_public_key,org,action,user_agent,actor_id,@timestamp,request_id- Referencia
- Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise
ssh_certificate_requirement
ssh_certificate_requirement.disable- The requirement for members to use SSH certificates to access an organization resources was disabled.
- Campos
user,user_agent,operation_type,_document_id,request_id,org,org_id,created_at,actor,action,user_id,business,business_id,@timestamp,actor_id- Referencia
- Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise
ssh_certificate_requirement.enable- The requirement for members to use SSH certificates to access an organization resources was enabled.
- Campos
actor_id,user_id,org,operation_type,request_id,@timestamp,_document_id,actor,user,action,org_id,created_at,user_agent- Referencia
- Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise
staff
staff.set_domain_token_expiration- The verification code expiry time for an organization or enterprise domain was set.
- Campos
user_agent,request_id,actor,actor_id,owner_type,domain_name,business_id,token_expires_at,owner,action,operation_type,@timestamp,created_at,_document_id
staff.unverify_domain- An organization or enterprise domain was unverified.
- Campos
user_agent,request_id,actor,actor_id,created_at,owner_type,domain_name,owner,action,operation_type,@timestamp,_document_id
staff.verify_domain- An organization or enterprise domain was verified.
- Campos
user_agent,request_id,actor,actor_id,domain_name,action,operation_type,@timestamp,created_at,_document_id
successor_invitation
successor_invitation.accept- Triggered when you accept a succession invitation.
- Campos
user_agent,request_id,actor,actor_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories
successor_invitation.cancel- Triggered when you cancel a succession invitation.
- Campos
user_agent,request_id,actor,actor_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories
successor_invitation.create- Triggered when you create a succession invitation.
- Campos
user_agent,request_id,actor,actor_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories
successor_invitation.decline- Triggered when you decline a succession invitation.
- Campos
user_agent,request_id,actor,actor_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories
successor_invitation.revoke- Triggered when you revoke a succession invitation.
- Campos
user_agent,request_id,actor,actor_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- /account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories
team
team.add_member- A member of an organization was added to a team.
- Campos
user_agent,request_id,org_id,user_id,team,user,@timestamp,actor_id,created_at,operation_type,_document_id,org,action,actor,programmatic_access_type- Referencia
- /organizations/organizing-members-into-teams/adding-organization-members-to-a-team
team.add_repository- A team was given access and permissions to a repository.
- Campos
actor,team,action,operation_type,request_id,created_at,@timestamp,org,repo,actor_id,_document_id,repo_id,user_agent,org_id,token_scopes,programmatic_access_type,actor_is_bot
team.change_parent_team- A child team was created or a child team's parent was changed.
- Campos
org,@timestamp,created_at,_document_id,team,action,operation_type,actor,request_id,actor_id,user_agent,org_id,programmatic_access_type,request_access_security_header- Referencia
- /organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy
team.change_privacy- A team's privacy level was changed.
- Campos
user_agent,request_id,org,action,team,created_at,operation_type,actor_id,org_id,@timestamp,actor,_document_id- Referencia
- /organizations/organizing-members-into-teams/changing-team-visibility
team.create- A new team is created.
- Campos
request_id,actor_id,oauth_application_id,action,operation_type,@timestamp,org_id,user_agent,team,org,actor,created_at,_document_id,token_scopes,programmatic_access_type
team.demote_maintainer- A user was demoted from a team maintainer to a team member.
- Campos
user_agent,request_id,actor,actor_id,team,org,org_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id,token_scopes- Referencia
- /organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member
team.destroy- A team was deleted.
- Campos
created_at,org,team,org_id,actor_id,actor,action,@timestamp,user_agent,request_id,operation_type,_document_id,programmatic_access_type
team.promote_maintainer- A user was promoted from a team member to a team maintainer.
- Campos
user_agent,request_id,actor,actor_id,team,org,org_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id,programmatic_access_type,request_access_security_header- Referencia
- /organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer
team.remove_member- An organization member was removed from a team.
- Campos
request_id,operation_type,created_at,actor_id,org,org_id,team,user_id,actor,user,action,@timestamp,user_agent,_document_id,token_scopes,programmatic_access_type- Referencia
- /organizations/organizing-members-into-teams/removing-organization-members-from-a-team
team.remove_repository- A repository was removed from a team's control.
- Campos
request_id,org_id,repo,repo_id,action,_document_id,actor,@timestamp,actor_id,user_agent,created_at,team,org,operation_type,programmatic_access_type
team.rename- A team's name was changed.
- Campos
name,user_agent,created_at,team,operation_type,actor_id,org,action,request_id,actor,org_id,@timestamp,_document_id,programmatic_access_type,request_access_security_header
team.update_repository_permission- A team's permission to a repository was changed.
- Campos
actor_id,team,org_id,@timestamp,org,_document_id,old_permission,request_id,repo,action,repo_id,actor,operation_type,created_at,user_agent,permission,new_repo_permission,new_repo_base_role,old_repo_permission,old_repo_base_role,token_scopes,programmatic_access_type
team_discussions
team_discussions.clear- An organization owner cleared the setting to allow team discussions for an organization or enterprise.
- Campos
business_id,operation_type,@timestamp,user_agent,actor,actor_id,user,business,action,request_id,created_at,user_id,_document_id
team_discussions.disable- Team discussions were disabled for an organization.
- Campos
org_id,action,operation_type,request_id,actor,org,created_at,actor_id,user,user_id,@timestamp,user_agent,_document_id- Referencia
- Organizations and teams documentation
team_discussions.enable- Team discussions were enabled for an organization.
- Campos
actor_id,@timestamp,action,_document_id,user_agent,user_id,business_id,request_id,user,business,operation_type,actor,created_at
team_sync_tenant
team_sync_tenant.disabled- Team synchronization with a tenant was disabled.
- Campos
action,created_at,actor,request_id,org_id,actor_id,operation_type,_document_id,@timestamp,org,user_agent- Referencia
- Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise
team_sync_tenant.enabled- Team synchronization with a tenant was enabled.
- Campos
org_id,business_id,actor,created_at,user_agent,@timestamp,operation_type,business,actor_id,org,request_id,action,_document_id- Referencia
- Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise
trusted_device
trusted_device.register- A new trusted device was added.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id
trusted_device.remove- A trusted device was removed.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id
two_factor_authentication
two_factor_authentication.add_factor- A secondary authentication factor was added to a user account.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication
two_factor_authentication.disabled- Two-factor authentication was disabled for a user account.
- Campos
actor,action,_document_id,user_agent,user,user_id,actor_id,created_at,operation_type,request_id,@timestamp,request_access_security_header- Referencia
- Disabling two-factor authentication for your personal account
two_factor_authentication.enabled- Two-factor authentication was enabled for a user account.
- Campos
actor,operation_type,user_agent,action,created_at,actor_id,@timestamp,request_id,user,user_id,_document_id,request_access_security_header- Referencia
- Configuring two-factor authentication
two_factor_authentication.password_reset_fallback_sms- A one-time password code was sent to a user account fallback phone number.
- Campos
operation_type,created_at,user,user_id,action,@timestamp,request_id,_document_id,user_agent
two_factor_authentication.recovery_codes_regenerated- Two factor recovery codes were regenerated for a user account.
- Campos
request_id,actor,operation_type,_document_id,user_id,action,user,user_agent,actor_id,@timestamp,created_at
two_factor_authentication.remove_factor- A secondary authentication factor was removed from a user account.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication
two_factor_authentication.sign_in_fallback_sms- A one-time password code was sent to a user account fallback phone number.
- Campos
request_id,operation_type,user_id,user,user_agent,created_at,_document_id,action,@timestamp
two_factor_authentication.update_fallback- The two-factor authentication fallback for a user account was changed.
- Campos
@timestamp,created_at,_document_id,user,user_id,operation_type,user_agent,action,request_id,actor,actor_id
user
user.add_email- An email address was added to a user account.
- Campos
action,request_id,user,user_id,user_agent,operation_type,_document_id,actor_id,actor,email,@timestamp,created_at,request_access_security_header- Referencia
- /account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account
user.async_delete- An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.
- Campos
actor,user_id,created_at,user,@timestamp,_document_id,request_id,actor_id,operation_type,user_agent,action,request_access_security_header
user.audit_log_export- Audit log entries were exported.
- Campos
actor_id,user,action,request_id,actor,@timestamp,_document_id,user_agent,user_id,operation_type,created_at
user.block_user- A user was blocked by another user.
- Campos
action,actor,user_id,_document_id,actor_id,@timestamp,user_agent,user,request_id,blocked_user,operation_type,created_at,programmatic_access_type,request_access_security_header
user.change_password- A user changed their password.
- Campos
request_id,@timestamp,user_agent,actor_id,operation_type,actor,user,user_id,action,created_at,_document_id,request_access_security_header
user.codespaces_trusted_repo_access_granted- Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id,programmatic_access_type- Referencia
- Managing access to other repositories within your codespace
user.codespaces_trusted_repo_access_revoked- Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id- Referencia
- Managing access to other repositories within your codespace
user.create- A new user account was created.
- Campos
email,user_id,operation_type,@timestamp,request_id,user,created_at,_document_id,user_agent,actor,actor_id,action,programmatic_access_type
user.create_integration_secret- A user secret for Codespaces was created.
- Campos
actor,actor_id,user_agent,request_id,key,visibility,integration,user,user_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
user.creation_rate_limit_exceeded- The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.
- Campos
user,created_at,user_agent,_document_id,operation_type,oauth_application_id,action,actor,actor_id,request_id,user_id,@timestamp,token_scopes,programmatic_access_type
user.delete- A user account was destroyed by an asynchronous job.
- Campos
operation_type,created_at,user_agent,action,request_id,user_id,actor,actor_id,user,@timestamp,_document_id,request_access_security_header
user.demote- A site administrator was demoted to an ordinary user account.
- Campos
@timestamp,oauth_application_id,action,user,created_at,user_agent,request_id,actor,actor_id,operation_type,_document_id,user_id,programmatic_access_type,request_access_security_header
user.destroy- A user deleted his or her account, triggering user.async_delete.
- Campos
request_id,actor,user,_document_id,created_at,user_agent,user_id,operation_type,actor_id,action,@timestamp,request_access_security_header
user.failed_login- A user tried to sign in with an incorrect username, password, or two-factor authentication code.
- Campos
user_id,action,operation_type,request_id,created_at,_document_id,@timestamp,user,org_id,actor,actor_id,user_agent
user.flag_as_large_scale_contributor- A user account was flagged as a large scale contributor. Only contributions from public repositories the user owns will be shown in their contribution graph, in order to prevent timeouts.
- Campos
actor,actor_id,operation_type,@timestamp,request_id,user,user_id,action,_document_id,user_agent,created_at
user.forgot_password- A user requested a password reset.
- Campos
action,_document_id,user_agent,request_id,user,operation_type,@timestamp,email,created_at,user_id,request_access_security_header- Referencia
- /authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials
user.hide_private_contributions_count- A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header- Referencia
- /account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile
user.login- A user signed in.
- Campos
user_agent,user_id,actor_id,@timestamp,user,action,operation_type,_document_id,request_id,created_at,actor,passkey_nickname,request_access_security_header
user.logout- A user signed out.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
user.minimize_comment- A comment made by a user was minimized.
- Campos
user_agent,actor,actor_id,@timestamp,created_at,operation_type,_document_id,user,user_id,action,request_id,token_scopes,programmatic_access_type
user.new_device_used- A user signed in from a new device.
- Campos
user,user_id,actor,operation_type,created_at,user_agent,actor_id,action,@timestamp,_document_id,request_id,request_access_security_header
user.promote- An ordinary user account was promoted to a site administrator.
- Campos
user_id,action,actor,actor_id,user,@timestamp,created_at,user_agent,oauth_application_id,request_id,operation_type,_document_id,token_scopes,programmatic_access_type,request_access_security_header
user.recreate- A user's account was restored.
- Campos
user_agent,user,action,actor_id,@timestamp,_document_id,request_id,user_id,created_at,actor,operation_type
user.remove_email- An email address was removed from a user account.
- Campos
user_agent,action,@timestamp,_document_id,request_id,user,user_id,operation_type,actor,actor_id,created_at,email,token_scopes,programmatic_access_type
user.remove_integration_secret- A user secret for Codespaces was deleted.
- Campos
actor,actor_id,user_agent,request_id,key,integration,user,user_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
user.remove_large_scale_contributor_flag- A user account was no longer flagged as a large scale contributor.
- Campos
user_agent,request_id,actor,actor_id,user,user_id,action,operation_type,@timestamp,created_at,_document_id
user.rename- A username was changed.
- Campos
user,action,request_id,actor_id,old_login,created_at,_document_id,actor,user_id,@timestamp,operation_type,user_agent,token_scopes,programmatic_access_type
user.report_content- Triggered when you report an issue or pull request, or a comment on an issue, pull request, or commit.
- Campos
org_id,request_id,user,user_agent,action,created_at,actor,operation_type,actor_id,user_id,@timestamp,_document_id- Referencia
- /communities/maintaining-your-safety-on-github/reporting-abuse-or-spam
user.reset_password- A user reset their account password.
- Campos
actor_id,action,user_agent,user,request_id,user_id,created_at,@timestamp,_document_id,actor,operation_type,request_access_security_header
user.show_private_contributions_count- A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now shown.
- Campos
@timestamp,_document_id,request_id,user_id,action,actor,user,operation_type,user_agent,actor_id,created_at,request_access_security_header- Referencia
- /account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile
user.sign_in_from_unrecognized_device- A user signed in from an unrecognized device.
- Campos
request_id,action,_document_id,user_agent,user,user_id,operation_type,created_at,actor,actor_id,@timestamp,request_access_security_header
user.sign_in_from_unrecognized_device_and_location- A user signed in from an unrecognized device and location.
- Campos
actor,actor_id,user,user_id,@timestamp,user_agent,created_at,_document_id,request_id,action,operation_type,request_access_security_header
user.sign_in_from_unrecognized_location- A user signed in from an unrecognized location.
- Campos
request_id,user_id,action,operation_type,user_agent,user,_document_id,actor,created_at,actor_id,@timestamp,request_access_security_header
user.suspend- A user account was suspended.
- Campos
oauth_application_id,operation_type,actor_id,user,user_agent,request_id,actor,created_at,_document_id,@timestamp,user_id,action,token_scopes,programmatic_access_type,request_access_security_header
user.two_factor_challenge_failure- A 2FA challenge issued for a user account failed.
- Campos
operation_type,created_at,_document_id,user_agent,user,actor_id,actor,user_id,@timestamp,action,request_id,request_access_security_header
user.two_factor_challenge_success- A 2FA challenge issued for a user account succeeded.
- Campos
@timestamp,_document_id,user_id,operation_type,actor_id,user,actor,user_agent,request_id,action,created_at,request_access_security_header
user.two_factor_recover- A user used their 2FA recovery codes.
- Campos
user_id,operation_type,user_agent,request_id,user,action,actor,actor_id,created_at,@timestamp,_document_id,request_access_security_header
user.two_factor_recovery_codes_downloaded- A user downloaded 2FA recovery codes for their account.
- Campos
user_id,operation_type,actor_id,user,request_id,action,@timestamp,created_at,user_agent,actor,_document_id,request_access_security_header
user.two_factor_recovery_codes_printed- A user printed 2FA recovery codes for their account.
- Campos
user,action,operation_type,user_agent,request_id,user_id,created_at,_document_id,actor,actor_id,@timestamp
user.two_factor_recovery_codes_viewed- A user viewed 2FA recovery codes for their account.
- Campos
actor_id,user_agent,actor,user_id,action,created_at,user,operation_type,@timestamp,request_id,_document_id,request_access_security_header
user.two_factor_requested- A user was prompted for a two-factor authentication code.
- Campos
user,actor_id,action,user_agent,request_id,created_at,_document_id,user_id,operation_type,@timestamp,actor- Referencia
- /authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication
user.unblock_user- A user was unblocked by another user.
- Campos
actor_id,action,request_id,_document_id,blocked_user,operation_type,actor,@timestamp,user_agent,user_id,user,created_at,request_access_security_header
user.unminimize_comment- A comment made by a user was unminimized.
- Campos
@timestamp,user_agent,_document_id,actor_id,user,user_id,operation_type,request_id,actor,action,created_at
user.unsuspend- A user account was unsuspended.
- Campos
request_id,_document_id,user,action,user_agent,actor,oauth_application_id,operation_type,actor_id,created_at,@timestamp,user_id,token_scopes,programmatic_access_type,request_access_security_header
user.update_integration_secret- A user secret for Codespaces was updated.
- Campos
actor,actor_id,user_agent,request_id,key,visibility,integration,user,user_id,action,_document_id,@timestamp,created_at,operation_type,request_access_security_header
user_email
user_email.confirm_claim- An enterprise managed user claimed an email address.
- Campos
actor,actor_id,user_agent,request_id,user,user_id,action,_document_id,@timestamp,created_at,operation_type,business,business_id,actor_is_bot,request_access_security_header
user_status
user_status.destroy- Triggered when you clear the status on your profile.
- Campos
org,user_id,actor,message,user,actor_id,created_at,request_id,limited_availability,action,emoji,operation_type,user_agent,@timestamp,_document_id,request_access_security_header
user_status.update- Triggered when you set or change the status on your profile.
- Campos
limited_availability,user,action,actor_id,message,user_id,created_at,_document_id,request_id,@timestamp,user_agent,emoji,org,actor,operation_type,token_scopes,programmatic_access_type- Referencia
- /account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status
workflows
workflows.approve_workflow_job- A workflow job was approved.
- Campos
user_agent,request_id,actor,actor_id,workflow_run_id,run_number,user,user_id,repo,repo_id,business,business_id,action,operation_type,@timestamp,created_at,_document_id,public_repo,token_scopes,programmatic_access_type,request_access_security_header- Referencia
- Reviewing deployments
workflows.cancel_workflow_run- A workflow run was cancelled.
- Campos
user_agent,request_id,actor,actor_id,created_at,started_at,event,name,workflow_run_id,head_branch,head_sha,run_number,cancelled_at,workflow_id,repo,repo_id,org,org_id,action,operation_type,@timestamp,_document_id,business,business_id,trigger_id,public_repo,programmatic_access_type,request_access_security_header- Referencia
- Canceling a workflow run
workflows.completed_workflow_run- A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
- Campos
user_agent,request_id,actor,actor_id,created_at,started_at,event,name,workflow_run_id,head_branch,head_sha,completed_at,conclusion,run_number,workflow_id,repo,repo_id,org,org_id,action,operation_type,@timestamp,_document_id,business,business_id,trigger_id,run_attempt,programmatic_access_type,actor_is_bot- Referencia
- Viewing workflow run history
workflows.created_workflow_run- A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
- Campos
user_agent,request_id,actor,actor_id,created_at,started_at,event,name,workflow_run_id,head_branch,head_sha,workflow_id,repo,repo_id,org,org_id,action,operation_type,@timestamp,_document_id,business,business_id,trigger_id,public_repo,programmatic_access_type,actor_is_bot,request_access_security_header- Referencia
- Understanding GitHub Actions
workflows.delete_workflow_run- A workflow run was deleted.
- Campos
user_agent,request_id,actor,actor_id,repo,repo_id,action,operation_type,@timestamp,created_at,_document_id,workflow_run_id,started_at,head_branch,head_sha,trigger_id,programmatic_access_type- Referencia
- Deleting a workflow run
workflows.disable_workflow- A workflow was disabled.
- Campos
user_agent,request_id,actor,actor_id,repo,repo_id,workflow_id,action,operation_type,@timestamp,created_at,_document_id,public_repo,programmatic_access_type,actor_is_bot,request_access_security_header
workflows.enable_workflow- A workflow was enabled, after previously being disabled by disable_workflow.
- Campos
user_agent,request_id,actor,actor_id,repo,repo_id,workflow_id,action,operation_type,@timestamp,created_at,_document_id,public_repo,programmatic_access_type,request_access_security_header
workflows.pin_workflow- A workflow was pinned.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,public_repo,workflow_id,org,org_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header
workflows.prepared_workflow_job- A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
- Campos
repo_id,repo,org_id,org,business_id,business,workflow_run_id,job_name,runner_labels,is_hosted_runner,environment_name,secrets_passed,action,_document_id,operation_type,created_at,@timestamp,runner_owner_type,job_workflow_ref,calling_workflow_refs,calling_workflow_shas,imposer_repo- Referencia
- Events that trigger workflows
workflows.reject_workflow_job- A workflow job was rejected.
- Campos
user_agent,request_id,actor,actor_id,workflow_run_id,run_number,user,user_id,repo,repo_id,action,operation_type,@timestamp,created_at,_document_id,public_repo,programmatic_access_type,request_access_security_header- Referencia
- Reviewing deployments
workflows.rerun_workflow_run- A workflow run was re-run.
- Campos
user_agent,request_id,actor,actor_id,created_at,started_at,event,name,workflow_run_id,head_branch,head_sha,run_number,workflow_id,repo,repo_id,org,org_id,action,operation_type,@timestamp,_document_id,business,business_id,trigger_id,run_attempt,rerun_type,check_run_id,programmatic_access_type,actor_is_bot- Referencia
- Re-running workflows and jobs
workflows.unpin_workflow- A workflow was unpinned after previously being pinned.
- Campos
actor,actor_id,user_agent,request_id,repo,repo_id,public_repo,workflow_id,org,org_id,business,business_id,action,_document_id,@timestamp,created_at,operation_type,actor_is_bot,request_access_security_header