Skip to content

GitHub Webhook

GitHub is a cloud provider of Git version control and software development tools. Cyderes supports the ingestion of events from GitHub at the Organization or Enterprise level via webhook.

For logs like dependabot alerts and repository vulnerability alerts Cyderes recommends using a generic webhook method to collect these logs as they are not exposed from the audit log API, if you are looking for Github audit logs please visit our page for Github Audit Logging

For more information regarding GitHub webhooks please reference their documentation.

Creating the Webhook(s)

Below are the steps Cyderes recommends for setting up ingestion into Chronicle via Github webhooks. Further information regarding setting up a webhook in Github can be found in the Github webhook documentation

  • For each GitHub Organization to ingest events for, navigate to the settings page: https://github.com/organizations/<YourOrgName>/settings/hooks
  • Click Add Webhook
  • When asked for the payload URL use your generic webhook URL. Example: https://generic-webhook-collector-<YourUrlHere>.cyderes.io/collector/v2/webhook?api_key=<API_KEY>&log_type=GITHUB (Reach out to your Cyderes representative if you do not have this info)
  • Set Content Type to application/json
  • Leave the secret blank
  • Choose either Send me everything. or Let me select individual events.
  • If Let me select individual events is selected, choose the events to be ingested

If your organization also has a GitHub Enterprise, repeat the steps above at the Enterprise level https://github.com/enterprises/<YourEnterpriseName>/settings/hooks

For a full list of events and payloads Github can provide visit their guide to webhook events and payloads

Chronicle Data Types

  • GITHUB