Puntos de conexión de API de REST para registros de auditoría de empresa
Usa la API REST para recuperar los registros de auditoría de una empresa.
Note
Estos puntos de conexión solo admiten la autenticación mediante personal access token (classic). Para obtener más información, vea «Administración de tokens de acceso personal».
Get the audit log for an enterprise
Gets the audit log for an enterprise.
This endpoint has a rate limit of 1,750 queries per hour per user and IP address. If your integration receives a rate limit error (typically a 403 or 429 response), it should wait before making another request to the GitHub API. For more information, see "Rate limits for the REST API" and "Best practices for integrators."
The authenticated user must be an enterprise admin to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the read:audit_log
scope to use this endpoint.
Tokens de acceso específicos para "Get the audit log for an enterprise"
Este punto de conexión funciona con los siguientes tipos de token pormenorizados:
- Tokens de acceso de usuario de la aplicación de GitHub
- Token de acceso a la instalación de la aplicación de GitHub
- Tokens de acceso personal específico
El token pormenorizado debe tener el siguiente conjunto de permisos:
- "Enterprise administration" business permissions (read)
Parámetros para "Get the audit log for an enterprise"
Nombre, Tipo, Descripción |
---|
accept string Setting to |
Nombre, Tipo, Descripción |
---|
enterprise string RequeridoThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Nombre, Tipo, Descripción |
---|
phrase string A search phrase. For more information, see Searching the audit log. |
include string The event types to include:
The default is Puede ser uno de los siguientes: |
after string A cursor, as given in the Link header. If specified, the query only searches for events after this cursor. |
before string A cursor, as given in the Link header. If specified, the query only searches for events before this cursor. |
order string The order of audit log events. To list newest events first, specify The default is Puede ser uno de los siguientes: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Valor predeterminado: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Valor predeterminado: |
Códigos de estado de respuesta HTTP para "Get the audit log for an enterprise"
status code | Descripción |
---|---|
200 | OK |
Ejemplos de código para "Get the audit log for an enterprise"
Si accedes a GitHub en GHE.com, reemplaza api.github.com
por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com
.
Ejemplo de solicitud
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log
Response
Status: 200
[
{
"@timestamp": 1606929874512,
"action": "team.add_member",
"actor": "octocat",
"created_at": 1606929874512,
"_document_id": "xJJFlFOhQ6b-5vaAFy9Rjw",
"org": "octo-corp",
"team": "octo-corp/example-team",
"user": "monalisa"
},
{
"@timestamp": 1606507117008,
"action": "org.create",
"actor": "octocat",
"created_at": 1606507117008,
"_document_id": "Vqvg6kZ4MYqwWRKFDzlMoQ",
"org": "octocat-test-org"
},
{
"@timestamp": 1605719148837,
"action": "repo.destroy",
"actor": "monalisa",
"created_at": 1605719148837,
"_document_id": "LwW2vpJZCDS-WUmo9Z-ifw",
"org": "mona-org",
"repo": "mona-org/mona-test-repo",
"visibility": "private"
}
]
Get the audit log stream key for encrypting secrets
Retrieves the audit log streaming public key for encrypting secrets.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Tokens de acceso específicos para "Get the audit log stream key for encrypting secrets"
Este punto de conexión no funciona con tokens de acceso de usuario de aplicación de GitHub, tokens de acceso de instalación de aplicaciones de GitHub ni tokens de acceso personales específicos.
Parámetros para "Get the audit log stream key for encrypting secrets"
Nombre, Tipo, Descripción |
---|
accept string Setting to |
Nombre, Tipo, Descripción |
---|
enterprise string RequeridoThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Códigos de estado de respuesta HTTP para "Get the audit log stream key for encrypting secrets"
status code | Descripción |
---|---|
200 | The stream key for the audit log streaming configuration was retrieved successfully. |
Ejemplos de código para "Get the audit log stream key for encrypting secrets"
Si accedes a GitHub en GHE.com, reemplaza api.github.com
por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com
.
Ejemplo de solicitud
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/stream-key
The stream key for the audit log streaming configuration was retrieved successfully.
Status: 200
{
"key_id": "123",
"key": "actual-public-key-value"
}
List audit log stream configurations for an enterprise
Lists the configured audit log streaming configurations for an enterprise. This only lists configured streams for supported providers.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Tokens de acceso específicos para "List audit log stream configurations for an enterprise"
Este punto de conexión no funciona con tokens de acceso de usuario de aplicación de GitHub, tokens de acceso de instalación de aplicaciones de GitHub ni tokens de acceso personales específicos.
Parámetros para "List audit log stream configurations for an enterprise"
Nombre, Tipo, Descripción |
---|
accept string Setting to |
Nombre, Tipo, Descripción |
---|
enterprise string RequeridoThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Códigos de estado de respuesta HTTP para "List audit log stream configurations for an enterprise"
status code | Descripción |
---|---|
200 | OK |
Ejemplos de código para "List audit log stream configurations for an enterprise"
Si accedes a GitHub en GHE.com, reemplaza api.github.com
por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com
.
Ejemplo de solicitud
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams
OK
Status: 200
[
{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}
]
Create an audit log streaming configuration for an enterprise
Creates an audit log streaming configuration for any of the supported streaming endpoints: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, Google Cloud Storage, Datadog.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Tokens de acceso específicos para "Create an audit log streaming configuration for an enterprise"
Este punto de conexión no funciona con tokens de acceso de usuario de aplicación de GitHub, tokens de acceso de instalación de aplicaciones de GitHub ni tokens de acceso personales específicos.
Parámetros para "Create an audit log streaming configuration for an enterprise"
Nombre, Tipo, Descripción |
---|
accept string Setting to |
Nombre, Tipo, Descripción |
---|
enterprise string RequeridoThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Nombre, Tipo, Descripción | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
enabled boolean RequeridoThis setting pauses or resumes a stream. | |||||||||||||||||||||||||||||||||||||||||||||||||
stream_type string RequeridoThe audit log streaming provider. The name is case sensitive. Puede ser uno de los siguientes: | |||||||||||||||||||||||||||||||||||||||||||||||||
vendor_specific object Requerido | |||||||||||||||||||||||||||||||||||||||||||||||||
Can be one of these objects:
AzureHubConfig object RequeridoAzure Event Hubs Config for audit log streaming configuration. Properties of |
Nombre, Tipo, Descripción |
---|
name string RequeridoInstance name of Azure Event Hubs |
encrypted_connstring string RequeridoEncrypted Connection String for Azure Event Hubs |
key_id string RequeridoKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
AmazonS3OIDCConfig
object RequeridoAmazon S3 OIDC Config for audit log streaming configuration.
Properties of AmazonS3OIDCConfig
Nombre, Tipo, Descripción |
---|
bucket string RequeridoAmazon S3 Bucket Name. |
region string RequeridoAWS S3 Bucket Region. |
key_id string RequeridoKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string RequeridoAuthentication Type for Amazon S3. Valor: |
arn_role string Requerido |
AmazonS3AccessKeysConfig
object RequeridoAmazon S3 Access Keys Config for audit log streaming configuration.
Properties of AmazonS3AccessKeysConfig
Nombre, Tipo, Descripción |
---|
bucket string RequeridoAmazon S3 Bucket Name. |
region string RequeridoAmazon S3 Bucket Name. |
key_id string RequeridoKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string RequeridoAuthentication Type for Amazon S3. Valor: |
encrypted_secret_key string RequeridoEncrypted AWS Secret Key. |
encrypted_access_key_id string RequeridoEncrypted AWS Access Key ID. |
SplunkConfig
object RequeridoSplunk Config for Audit Log Stream Configuration
Properties of SplunkConfig
Nombre, Tipo, Descripción |
---|
domain string RequeridoDomain of Splunk instance. |
port integer RequeridoThe port number for connecting to Splunk. |
key_id string RequeridoKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_token string RequeridoEncrypted Token. |
ssl_verify boolean RequeridoSSL verification helps ensure your events are sent to your Splunk endpoint securely. |
GoogleCloudConfig
object RequeridoGoogle Cloud Config for audit log streaming configuration.
Properties of GoogleCloudConfig
Nombre, Tipo, Descripción |
---|
bucket string RequeridoGoogle Cloud Bucket Name |
key_id string RequeridoKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_json_credentials string Requerido |
DatadogConfig
object RequeridoDatadog Config for audit log streaming configuration.
Properties of DatadogConfig
Nombre, Tipo, Descripción |
---|
encrypted_token string RequeridoEncrypted Splunk token. |
site string RequeridoDatadog Site to use. Puede ser uno de los siguientes: |
key_id string RequeridoKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
Códigos de estado de respuesta HTTP para "Create an audit log streaming configuration for an enterprise"
status code | Descripción |
---|---|
200 | The audit log stream configuration was created successfully. |
Ejemplos de código para "Create an audit log streaming configuration for an enterprise"
Si accedes a GitHub en GHE.com, reemplaza api.github.com
por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com
.
Ejemplo de solicitud
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams \
-d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'
The audit log stream configuration was created successfully.
Status: 200
{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}
List one audit log streaming configuration via a stream ID
Lists one audit log stream configuration via a stream ID.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Tokens de acceso específicos para "List one audit log streaming configuration via a stream ID"
Este punto de conexión no funciona con tokens de acceso de usuario de aplicación de GitHub, tokens de acceso de instalación de aplicaciones de GitHub ni tokens de acceso personales específicos.
Parámetros para "List one audit log streaming configuration via a stream ID"
Nombre, Tipo, Descripción |
---|
accept string Setting to |
Nombre, Tipo, Descripción |
---|
enterprise string RequeridoThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
stream_id integer RequeridoThe ID of the audit log stream configuration. |
Códigos de estado de respuesta HTTP para "List one audit log streaming configuration via a stream ID"
status code | Descripción |
---|---|
200 | Lists one audit log stream configuration via stream ID. |
Ejemplos de código para "List one audit log streaming configuration via a stream ID"
Si accedes a GitHub en GHE.com, reemplaza api.github.com
por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com
.
Ejemplo de solicitud
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID
Lists one audit log stream configuration via stream ID.
Status: 200
{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}
Update an existing audit log stream configuration
Updates an existing audit log stream configuration for an enterprise.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Tokens de acceso específicos para "Update an existing audit log stream configuration"
Este punto de conexión no funciona con tokens de acceso de usuario de aplicación de GitHub, tokens de acceso de instalación de aplicaciones de GitHub ni tokens de acceso personales específicos.
Parámetros para "Update an existing audit log stream configuration"
Nombre, Tipo, Descripción |
---|
accept string Setting to |
Nombre, Tipo, Descripción |
---|
enterprise string RequeridoThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
stream_id integer RequeridoThe ID of the audit log stream configuration. |
Nombre, Tipo, Descripción | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
enabled boolean RequeridoThis setting pauses or resumes a stream. | |||||||||||||||||||||||||||||||||||||||||||||||||
stream_type string RequeridoThe audit log streaming provider. The name is case sensitive. Puede ser uno de los siguientes: | |||||||||||||||||||||||||||||||||||||||||||||||||
vendor_specific object Requerido | |||||||||||||||||||||||||||||||||||||||||||||||||
Can be one of these objects:
AzureHubConfig object RequeridoAzure Event Hubs Config for audit log streaming configuration. Properties of |
Nombre, Tipo, Descripción |
---|
name string RequeridoInstance name of Azure Event Hubs |
encrypted_connstring string RequeridoEncrypted Connection String for Azure Event Hubs |
key_id string RequeridoKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
AmazonS3OIDCConfig
object RequeridoAmazon S3 OIDC Config for audit log streaming configuration.
Properties of AmazonS3OIDCConfig
Nombre, Tipo, Descripción |
---|
bucket string RequeridoAmazon S3 Bucket Name. |
region string RequeridoAWS S3 Bucket Region. |
key_id string RequeridoKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string RequeridoAuthentication Type for Amazon S3. Valor: |
arn_role string Requerido |
AmazonS3AccessKeysConfig
object RequeridoAmazon S3 Access Keys Config for audit log streaming configuration.
Properties of AmazonS3AccessKeysConfig
Nombre, Tipo, Descripción |
---|
bucket string RequeridoAmazon S3 Bucket Name. |
region string RequeridoAmazon S3 Bucket Name. |
key_id string RequeridoKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string RequeridoAuthentication Type for Amazon S3. Valor: |
encrypted_secret_key string RequeridoEncrypted AWS Secret Key. |
encrypted_access_key_id string RequeridoEncrypted AWS Access Key ID. |
SplunkConfig
object RequeridoSplunk Config for Audit Log Stream Configuration
Properties of SplunkConfig
Nombre, Tipo, Descripción |
---|
domain string RequeridoDomain of Splunk instance. |
port integer RequeridoThe port number for connecting to Splunk. |
key_id string RequeridoKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_token string RequeridoEncrypted Token. |
ssl_verify boolean RequeridoSSL verification helps ensure your events are sent to your Splunk endpoint securely. |
GoogleCloudConfig
object RequeridoGoogle Cloud Config for audit log streaming configuration.
Properties of GoogleCloudConfig
Nombre, Tipo, Descripción |
---|
bucket string RequeridoGoogle Cloud Bucket Name |
key_id string RequeridoKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_json_credentials string Requerido |
DatadogConfig
object RequeridoDatadog Config for audit log streaming configuration.
Properties of DatadogConfig
Nombre, Tipo, Descripción |
---|
encrypted_token string RequeridoEncrypted Splunk token. |
site string RequeridoDatadog Site to use. Puede ser uno de los siguientes: |
key_id string RequeridoKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
Códigos de estado de respuesta HTTP para "Update an existing audit log stream configuration"
status code | Descripción |
---|---|
200 | Successful update |
422 | Validation error |
Ejemplos de código para "Update an existing audit log stream configuration"
Si accedes a GitHub en GHE.com, reemplaza api.github.com
por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com
.
Ejemplo de solicitud
curl -L \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID \
-d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'
Successful update
Status: 200
{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}
Delete an audit log streaming configuration for an enterprise
Deletes an existing audit log stream configuration for an enterprise.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Tokens de acceso específicos para "Delete an audit log streaming configuration for an enterprise"
Este punto de conexión no funciona con tokens de acceso de usuario de aplicación de GitHub, tokens de acceso de instalación de aplicaciones de GitHub ni tokens de acceso personales específicos.
Parámetros para "Delete an audit log streaming configuration for an enterprise"
Nombre, Tipo, Descripción |
---|
accept string Setting to |
Nombre, Tipo, Descripción |
---|
enterprise string RequeridoThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
stream_id integer RequeridoThe ID of the audit log stream configuration. |
Códigos de estado de respuesta HTTP para "Delete an audit log streaming configuration for an enterprise"
status code | Descripción |
---|---|
204 | The audit log stream configuration was deleted successfully. |
Ejemplos de código para "Delete an audit log streaming configuration for an enterprise"
Si accedes a GitHub en GHE.com, reemplaza api.github.com
por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com
.
Ejemplo de solicitud
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID
The audit log stream configuration was deleted successfully.
Status: 204