GitHub¶
About¶
Is a web-based Git repository hosting service. It offers all of the distributed revision control and source code management functionality of Git as well as adding its own features.
Product Details¶
Vendor URL: GitHub
Product Type: code repository
Product Tier: TIER III
Integration Method: API
Integration URL: Reviewing the audit log for your organzation
Requirements¶
A GitHub personal access token must be created for Cyderes with the following permissions:
| Permissions |
|---|
| admin:org |
| read:user |
| security_events |
| user:email |
Parser Details¶
Log Format: JSON
Expected Normalization Rate: near 100%
Data Label: GITHUB
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| hook_id | target.resource.attribute.labels |
| data.team | target.user.group_identifiers |
| data.email | target.email |
| data.head_sha | target.file.sha256 |
| action | metadata.product_event_type |
| Node.Action | metadata.product_event_type |
| actor | principal.user.userid |
| Node.UserLogin | principal.user.userid |
| Node.ActorLogin | principal.user.userid |
| org | target.administrative_domain |
| repo | target.resource.name |
| STORAGE_OBJECT | target.resource.resource_type |
| Node.RepositoryURL | target.url |
| Node.RepositoryName | target.resource.name |
| user | target.user.user_display_name |
| res_type | target.resource.type |
| vulns.vulnerabilities | extensions.vulns.vulnerabilities |
| security_result | security_result |
| event_type | metadata.event_type |
Product Event Types¶
| Product Event | Description | UDM Event |
|---|---|---|
| All | All events | GENERIC_EVENT |
Log Sample¶
{"Node":{"Action":"team.add_repository","Actor":{"Typename":"User"},"ActorLogin":"user_name","ActorIP":"","OperationType":"CREATE","ActorLocation":{"City":"","Country":"United States","CountryCode":"US","Region":"","RegionCode":""},"CreatedAt":"2022-01-11T16:40:00.555Z","User":{"Name":"","Email":""},"UserLogin":"","UserURL":"","EnterpriseURL":"","OrganizationName":"your_org","OrganizationURL":"https://github.com/your_repo","OauthApplicationName":"","OauthApplicationURL":"","Name":"name/conf","RepositoryURL":"https://github.com/your_repo","TopicName":"","TeamName":"your_org/team_name","TeamURL":"https://github.com/orgs/your_org/teams/team_name"}}
Sample Parsing¶
metadata.event_timestamp = "2022-01-11T16:40:00.555Z"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "GITHUB"
metadata.product_name = "GITHUB"
metadata.product_event_type = "team.add_repository"
principal.user.userid = "john.doe"
target.url = "https://github.com/your_repo"
target.resource.name = "repo/name"
target.resource.resource_type = "STORAGE_OBJECT"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon