Managed log source for GitHub audit logs - Githubissues

matanolabs / matano

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

https://matano.dev

Apache License 2.0

1.46k stars 100 forks source link

Managed log source for GitHub audit logs #53

Closed timoguin closed 7 months ago

timoguin commented 1 year ago

Add support for managing GitHub audit logs.

Considerations

Enterprise audit logs are different from normal organization audit logs. Will need to research specifics.

Repo and org-level webhooks may also have different data and structures than the two types of audit logs.

May be able to generate schemas from GraphQL, OpenAPI for REST, or some other way of keeping up with all the many types of GitHub events.

Tasks

[x] Research and discovery
- [x] Organization audit logs
- [x] Enterprise audit logs
- [ ] General webhooks (repo or org-level)
- [ ] Schema generation
[x] ECS schemas
[x] VRL transforms
[x] Docs and examples

timoguin commented 7 months ago

Closed via #63