Accessing your security log
The security log lists all actions performed within the last 90 days.
-
En la esquina superior derecha de cualquier página, haga clic en la foto del perfil y, luego, en Settings (Configuración).
-
In the "Archives" section of the sidebar, click Security log.
Searching your security log
El nombre de cada entrada del registro de auditoría se compone del calificador de objeto o categoría action, seguido de un tipo de operación. Por ejemplo, la entrada repo.create hace referencia a la operación create de la categoría repo.
Cada entrada del registro de auditoría muestra información vigente acerca de un evento, como:
- La empresa organización en la que se ha realizado una acción
- El usuario (actor) que ha realizado la acción
- El usuario afectado por la acción
- En qué repositorio se realizó una acción
- La acción que se realizó
- En qué país se realizó la acción
- Fecha y hora en que se produjo la acción
Nota que no puedes buscar entradas utilizando texto. Sin embargo, puedes construir consultas de búsqueda utilizando una variedad de filtros. Muchos operadores que se utilizan cuando se consulta el registro, tales como -, > o <, coinciden con el mismo formato de búsqueda en GitHub. Para obtener más información, vea "Buscar en GitHub."
Búsqueda basada en la operación
Use el calificador operation para limitar las acciones a tipos específicos de operaciones. Por ejemplo:
operation:accessbusca todos los eventos en los que se ha accedido a un recurso.operation:authenticationbusca todos los eventos en los que se ha realizado un evento de autenticación.operation:createbusca todos los eventos en los que se ha creado un recurso.operation:modifybusca todos los eventos en los que se ha modificado un recurso existente.operation:removebusca todos los eventos en los que se ha quitado un recurso existente.operation:restorebusca todos los eventos en los que se ha restaurado un recurso existente.operation:transferbusca todos los eventos en los que se ha transferido un recurso existente.
Búsqueda basada en el repositorio
Use el calificador repo para limitar las acciones a un repositorio específico. Por ejemplo:
repo:my-org/our-repobusca todos los eventos que se han producido para el repositorioour-repode la organizaciónmy-org.repo:my-org/our-repo repo:my-org/another-repobusca todos los eventos que se han producido para los repositoriosour-repoyanother-repode la organizaciónmy-org.-repo:my-org/not-this-repoexcluye todos los eventos que se han producido para el repositorionot-this-repode la organizaciónmy-org.
Tenga en cuenta que debe incluir el nombre de la cuenta en el calificador repo; la búsqueda de solo repo:our-repo no funcionará.
Búsqueda basada en el usuario
El calificador actor puede incluir eventos en función de quién haya realizado la acción. Por ejemplo:
actor:octocatbusca todos los eventos realizados poroctocat.actor:octocat actor:hubotbusca todos los eventos realizados poroctocatyhubot.-actor:hubotexcluye todos los eventos realizados porhubot.
Ten en cuenta que solo puedes utilizar un nombre de usuario GitHub, no el nombre real de una persona.
Search based on the action performed
The events listed in your security log are triggered by your actions. Actions are grouped into the following categories:
| Category name | Description |
|---|---|
billing | Contains all activities related to your billing information. |
codespaces | Contains all activities related to GitHub Codespaces. For more information, see "About Codespaces." |
marketplace_agreement_signature | Contains all activities related to signing the GitHub Marketplace Developer Agreement. |
marketplace_listing | Contains all activities related to listing apps in GitHub Marketplace. |
oauth_access | Contains all activities related to OAuth Apps you've connected with. |
payment_method | Contains all activities related to paying for your GitHub subscription. |
personal_access_token | Contains activities related to fine-grained personal access tokens. For more information, see "Creating a personal access token." |
profile_picture | Contains all activities related to your profile picture. |
project | Contains all activities related to project boards. |
public_key | Contains all activities related to your public SSH keys. |
repo | Contains all activities related to the repositories you own. |
sponsors | Contains all events related to GitHub Sponsors and sponsor buttons (see "About GitHub Sponsors" and "Displaying a sponsor button in your repository") |
two_factor_authentication | Contains all activities related to two-factor authentication. |
user | Contains all activities related to your account. |
Exporting your security log
Puedes exportar el registro como datos JSON o como un archivo con valores separados por comas (V).
Para filtrar los resultados en su exportación, busque utilizando uno o más de los calificadores antes de recurrir al menú desplegable Export (Exportar).
| Calificador: | Valor de ejemplo |
|---|---|
action | team.create |
actor | octocat |
user | codertocat |
org | octo-org |
repo | octo-org/documentation |
created | 2019-06-01 |
Después de exportar el registro, verá los siguientes valores y claves en el archivo resultante.
| Clave | Valor de ejemplo |
|---|---|
action | team.create |
actor | octocat |
user | codertocat |
actor_location.country_code | US |
org | octo-org |
repo | octo-org/documentation |
created_at | 1429548104000 (Los registros horarios muestran la hora desde Epoch con milisegundos). |
data.email | octocat@nowhere.com |
data.hook_id | 245 |
data.events | ["issues", "issue_comment", "pull_request", "pull_request_review_comment"] |
data.events_were | ["push", "pull_request", "issues"] |
data.target_login | octocat |
data.old_user | hubot |
data.team | octo-org/engineering |
Security log actions
An overview of some of the most common actions that are recorded as events in the security log.
billing category actions
| Action | Description |
|---|---|
change_billing_type | Triggered when you change how you pay for GitHub. |
change_email | Triggered when you change your email address. |
codespaces category actions
| Action | Description |
|---|---|
create | Triggered when you create a codespace. |
resume | Triggered when you resume a suspended codespace. |
delete | Triggered when you delete a codespace. |
manage_access_and_security | Triggered when you update the repositories a codespace has access to. |
trusted_repositories_access_update | Triggered when you change your personal account's access and security setting for Codespaces. |
marketplace_agreement_signature category actions
| Action | Description |
|---|---|
create | Triggered when you sign the GitHub Marketplace Developer Agreement. |
marketplace_listing category actions
| Action | Description |
|---|---|
approve | Triggered when your listing is approved for inclusion in GitHub Marketplace. |
create | Triggered when you create a listing for your app in GitHub Marketplace. |
delist | Triggered when your listing is removed from GitHub Marketplace. |
redraft | Triggered when your listing is sent back to draft state. |
reject | Triggered when your listing is not accepted for inclusion in GitHub Marketplace. |
oauth_authorization category actions
| Action | Description |
|---|---|
create | Triggered when you grant access to an OAuth App. |
destroy | Triggered when you revoke an OAuth App's access to your account and when authorizations are revoked or expire. |
payment_method category actions
| Action | Description |
|---|---|
create | Triggered when a new payment method is added, such as a new credit card or PayPal account. |
update | Triggered when an existing payment method is updated. |
personal_access_token category actions
| Action | Description |
|---|---|
access_granted | Triggered when a fine-grained personal access token that you created is granted access to resources. |
access_revoked | Triggered when a fine-grained personal access token that you created is revoked. The token can still read public organization resources. |
create | Triggered when you create a fine-grained personal access token. |
credential_regenerated | Triggered when you regenerate a fine-grained personal access token. |
destroy | Triggered when you delete a fine-grained personal access token. |
request_cancelled | Triggered when you cancel a pending request for your fine-grained personal access token to access organization resources. |
request_created | Triggered when you create a fine-grained personal access token to access organization resources and the organization requires approval before a fine-grained personal access token can access organization resources. |
request_denied | Triggered when your request for a fine-grained personal access token to access organization resources is denied. For more information, see "Managing requests for personal access token in your organization." |
profile_picture category actions
| Action | Description |
|---|---|
update | Triggered when you set or update your profile picture. |
project category actions
| Action | Description |
|---|---|
access | Triggered when a project board's visibility is changed. |
create | Triggered when a project board is created. |
rename | Triggered when a project board is renamed. |
update | Triggered when a project board is updated. |
delete | Triggered when a project board is deleted. |
link | Triggered when a repository is linked to a project board. |
unlink | Triggered when a repository is unlinked from a project board. |
update_user_permission | Triggered when an outside collaborator is added to or removed from a project board or has their permission level changed. |
public_key category actions
| Action | Description |
|---|---|
create | Triggered when you add a new public SSH key to your account on GitHub.com. |
delete | Triggered when you remove a public SSH key to your account on GitHub.com. |
repo category actions
| Action | Description |
|---|---|
access | Triggered when you a repository you own is switched from "private" to "public" (or vice versa). |
add_member | Triggered when a GitHub user is invited to have collaboration access to a repository. |
add_topic | Triggered when a repository owner adds a topic to a repository. |
archived | Triggered when a repository owner archives a repository. |
create | Triggered when a new repository is created. |
destroy | Triggered when a repository is deleted. |
disable | Triggered when a repository is disabled (e.g., for insufficient funds). |
download_zip | Triggered when a ZIP or TAR archive of a repository is downloaded. |
enable | Triggered when a repository is re-enabled. |
remove_member | Triggered when a GitHub user is removed from a repository as a collaborator. |
remove_topic | Triggered when a repository owner removes a topic from a repository. |
rename | Triggered when a repository is renamed. |
staff_unlock | Triggered when an enterprise owner or Soporte de GitHub (with permission from a repository administrator) temporarily unlocked the repository. The visibility of the repository isn't changed. |
transfer | Triggered when a repository is transferred. |
transfer_start | Triggered when a repository transfer is about to occur. |
unarchived | Triggered when a repository owner unarchives a repository. |
sponsors category actions
| Action | Description |
|---|---|
custom_amount_settings_change | Triggered when you enable or disable custom amounts, or when you change the suggested custom amount (see "Managing your sponsorship tiers") |
repo_funding_links_file_action | Triggered when you change the FUNDING file in your repository (see "Displaying a sponsor button in your repository") |
sponsor_sponsorship_cancel | Triggered when you cancel a sponsorship (see "Downgrading a sponsorship") |
sponsor_sponsorship_create | Triggered when you sponsor an account (see "Sponsoring an open source contributor") |
sponsor_sponsorship_payment_complete | Triggered after you sponsor an account and your payment has been processed (see "Sponsoring an open source contributor") |
sponsor_sponsorship_preference_change | Triggered when you change whether you receive email updates from a sponsored developer (see "Managing your sponsorship") |
sponsor_sponsorship_tier_change | Triggered when you upgrade or downgrade your sponsorship (see "Upgrading a sponsorship" and "Downgrading a sponsorship") |
sponsored_developer_approve | Triggered when your GitHub Sponsors account is approved (see "Setting up GitHub Sponsors for your personal account") |
sponsored_developer_create | Triggered when your GitHub Sponsors account is created (see "Setting up GitHub Sponsors for your personal account") |
sponsored_developer_disable | Triggered when your GitHub Sponsors account is disabled |
sponsored_developer_redraft | Triggered when your GitHub Sponsors account is returned to draft state from approved state |
sponsored_developer_profile_update | Triggered when you edit your sponsored developer profile (see "Editing your profile details for GitHub Sponsors") |
sponsored_developer_request_approval | Triggered when you submit your application for GitHub Sponsors for approval (see "Setting up GitHub Sponsors for your personal account") |
sponsored_developer_tier_description_update | Triggered when you change the description for a sponsorship tier (see "Managing your sponsorship tiers") |
sponsored_developer_update_newsletter_send | Triggered when you send an email update to your sponsors (see "Contacting your sponsors") |
waitlist_invite_sponsored_developer | Triggered when you are invited to join GitHub Sponsors from the waitlist (see "Setting up GitHub Sponsors for your personal account") |
waitlist_join | Triggered when you join the waitlist to become a sponsored developer (see "Setting up GitHub Sponsors for your personal account") |
successor_invitation category actions
| Action | Description |
|---|---|
accept | Triggered when you accept a succession invitation (see "Maintaining ownership continuity of your personal account's repositories") |
cancel | Triggered when you cancel a succession invitation (see "Maintaining ownership continuity of your personal account's repositories") |
create | Triggered when you create a succession invitation (see "Maintaining ownership continuity of your personal account's repositories") |
decline | Triggered when you decline a succession invitation (see "Maintaining ownership continuity of your personal account's repositories") |
revoke | Triggered when you revoke a succession invitation (see "Maintaining ownership continuity of your personal account's repositories") |
two_factor_authentication category actions
| Action | Description |
|---|---|
enabled | Triggered when two-factor authentication is enabled. |
disabled | Triggered when two-factor authentication is disabled. |
user category actions
| Action | Description |
|---|---|
add_email | Triggered when you add a new email address. |
codespaces_trusted_repo_access_granted | Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account. |
codespaces_trusted_repo_access_revoked | Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account. |
create | Triggered when you create a new personal account. |
change_password | Triggered when you change your password. |
forgot_password | Triggered when you ask for a password reset. |
hide_private_contributions_count | Triggered when you hide private contributions on your profile. |
login | Triggered when you log in to GitHub.com. |
failed_login | Triggered when you failed to log in successfully. |
remove_email | Triggered when you remove an email address. |
rename | Triggered when you rename your account. |
report_content | Triggered when you report an issue or pull request, or a comment on an issue, pull request, or commit. |
show_private_contributions_count | Triggered when you publicize private contributions on your profile. |
two_factor_requested | Triggered when GitHub asks you for your two-factor authentication code. |
user_status category actions
| Action | Description |
|---|---|
update | Triggered when you set or change the status on your profile. For more information, see "Setting a status." |
destroy | Triggered when you clear the status on your profile. |