Points de terminaison d’API REST pour les journaux d’audit de l’entreprise
Utilisez l’API REST pour récupérer les journaux d’audit d’une entreprise.
Note
Ces points de terminaison prennent uniquement en charge l’authentification à l’aide d’un personal access token (classic). Pour plus d’informations, consultez « Gestion de vos jetons d'accès personnels ».
Get the audit log for an enterprise
Gets the audit log for an enterprise.
This endpoint has a rate limit of 1,750 queries per hour per user and IP address. If your integration receives a rate limit error (typically a 403 or 429 response), it should wait before making another request to the GitHub API. For more information, see "Rate limits for the REST API" and "Best practices for integrators."
The authenticated user must be an enterprise admin to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the read:audit_log
scope to use this endpoint.
Jetons d’accès affinés pour « Get the audit log for an enterprise »
Ce point de terminaison fonctionne avec les types de jetons précis suivants:
- Jetons d’accès utilisateur d’application GitHub
- Jetons d’accès d’installation d’application GitHub
- Jetons d’accès personnel affiné
Le jeton précis doit avoir l’ensemble d’autorisations suivant:
- "Enterprise administration" business permissions (read)
Paramètres pour « Get the audit log for an enterprise »
Nom, Type, Description |
---|
accept string Setting to |
Nom, Type, Description |
---|
enterprise string ObligatoireThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Nom, Type, Description |
---|
phrase string A search phrase. For more information, see Searching the audit log. |
include string The event types to include:
The default is Peut être: |
after string A cursor, as given in the Link header. If specified, the query only searches for events after this cursor. |
before string A cursor, as given in the Link header. If specified, the query only searches for events before this cursor. |
order string The order of audit log events. To list newest events first, specify The default is Peut être: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: |
Codes d’état de la réponse HTTP pour « Get the audit log for an enterprise »
Code d’état | Description |
---|---|
200 | OK |
Exemples de code pour « Get the audit log for an enterprise »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com
par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com
.
Exemple de requête
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log
Response
Status: 200
[
{
"@timestamp": 1606929874512,
"action": "team.add_member",
"actor": "octocat",
"created_at": 1606929874512,
"_document_id": "xJJFlFOhQ6b-5vaAFy9Rjw",
"org": "octo-corp",
"team": "octo-corp/example-team",
"user": "monalisa"
},
{
"@timestamp": 1606507117008,
"action": "org.create",
"actor": "octocat",
"created_at": 1606507117008,
"_document_id": "Vqvg6kZ4MYqwWRKFDzlMoQ",
"org": "octocat-test-org"
},
{
"@timestamp": 1605719148837,
"action": "repo.destroy",
"actor": "monalisa",
"created_at": 1605719148837,
"_document_id": "LwW2vpJZCDS-WUmo9Z-ifw",
"org": "mona-org",
"repo": "mona-org/mona-test-repo",
"visibility": "private"
}
]
Get the audit log stream key for encrypting secrets
Retrieves the audit log streaming public key for encrypting secrets.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Jetons d’accès affinés pour « Get the audit log stream key for encrypting secrets »
Ce point de terminaison ne fonctionne pas avec les jetons d’accès utilisateur d’application GitHub, les jetons d’accès d’installation d’application GitHub ou les jetons d’accès personnels affinés.
Paramètres pour « Get the audit log stream key for encrypting secrets »
Nom, Type, Description |
---|
accept string Setting to |
Nom, Type, Description |
---|
enterprise string ObligatoireThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Codes d’état de la réponse HTTP pour « Get the audit log stream key for encrypting secrets »
Code d’état | Description |
---|---|
200 | The stream key for the audit log streaming configuration was retrieved successfully. |
Exemples de code pour « Get the audit log stream key for encrypting secrets »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com
par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com
.
Exemple de requête
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/stream-key
The stream key for the audit log streaming configuration was retrieved successfully.
Status: 200
{
"key_id": "123",
"key": "actual-public-key-value"
}
List audit log stream configurations for an enterprise
Lists the configured audit log streaming configurations for an enterprise. This only lists configured streams for supported providers.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Jetons d’accès affinés pour « List audit log stream configurations for an enterprise »
Ce point de terminaison ne fonctionne pas avec les jetons d’accès utilisateur d’application GitHub, les jetons d’accès d’installation d’application GitHub ou les jetons d’accès personnels affinés.
Paramètres pour « List audit log stream configurations for an enterprise »
Nom, Type, Description |
---|
accept string Setting to |
Nom, Type, Description |
---|
enterprise string ObligatoireThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Codes d’état de la réponse HTTP pour « List audit log stream configurations for an enterprise »
Code d’état | Description |
---|---|
200 | OK |
Exemples de code pour « List audit log stream configurations for an enterprise »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com
par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com
.
Exemple de requête
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams
OK
Status: 200
[
{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}
]
Create an audit log streaming configuration for an enterprise
Creates an audit log streaming configuration for any of the supported streaming endpoints: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, Google Cloud Storage, Datadog.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Jetons d’accès affinés pour « Create an audit log streaming configuration for an enterprise »
Ce point de terminaison ne fonctionne pas avec les jetons d’accès utilisateur d’application GitHub, les jetons d’accès d’installation d’application GitHub ou les jetons d’accès personnels affinés.
Paramètres pour « Create an audit log streaming configuration for an enterprise »
Nom, Type, Description |
---|
accept string Setting to |
Nom, Type, Description |
---|
enterprise string ObligatoireThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Nom, Type, Description | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
enabled boolean ObligatoireThis setting pauses or resumes a stream. | |||||||||||||||||||||||||||||||||||||||||||||||||
stream_type string ObligatoireThe audit log streaming provider. The name is case sensitive. Peut être: | |||||||||||||||||||||||||||||||||||||||||||||||||
vendor_specific object Obligatoire | |||||||||||||||||||||||||||||||||||||||||||||||||
Can be one of these objects:
AzureHubConfig object ObligatoireAzure Event Hubs Config for audit log streaming configuration. Properties of |
Nom, Type, Description |
---|
name string ObligatoireInstance name of Azure Event Hubs |
encrypted_connstring string ObligatoireEncrypted Connection String for Azure Event Hubs |
key_id string ObligatoireKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
AmazonS3OIDCConfig
object ObligatoireAmazon S3 OIDC Config for audit log streaming configuration.
Properties of AmazonS3OIDCConfig
Nom, Type, Description |
---|
bucket string ObligatoireAmazon S3 Bucket Name. |
region string ObligatoireAWS S3 Bucket Region. |
key_id string ObligatoireKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string ObligatoireAuthentication Type for Amazon S3. Value: |
arn_role string Obligatoire |
AmazonS3AccessKeysConfig
object ObligatoireAmazon S3 Access Keys Config for audit log streaming configuration.
Properties of AmazonS3AccessKeysConfig
Nom, Type, Description |
---|
bucket string ObligatoireAmazon S3 Bucket Name. |
region string ObligatoireAmazon S3 Bucket Name. |
key_id string ObligatoireKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string ObligatoireAuthentication Type for Amazon S3. Value: |
encrypted_secret_key string ObligatoireEncrypted AWS Secret Key. |
encrypted_access_key_id string ObligatoireEncrypted AWS Access Key ID. |
SplunkConfig
object ObligatoireSplunk Config for Audit Log Stream Configuration
Properties of SplunkConfig
Nom, Type, Description |
---|
domain string ObligatoireDomain of Splunk instance. |
port integer ObligatoireThe port number for connecting to Splunk. |
key_id string ObligatoireKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_token string ObligatoireEncrypted Token. |
ssl_verify boolean ObligatoireSSL verification helps ensure your events are sent to your Splunk endpoint securely. |
GoogleCloudConfig
object ObligatoireGoogle Cloud Config for audit log streaming configuration.
Properties of GoogleCloudConfig
Nom, Type, Description |
---|
bucket string ObligatoireGoogle Cloud Bucket Name |
key_id string ObligatoireKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_json_credentials string Obligatoire |
DatadogConfig
object ObligatoireDatadog Config for audit log streaming configuration.
Properties of DatadogConfig
Nom, Type, Description |
---|
encrypted_token string ObligatoireEncrypted Splunk token. |
site string ObligatoireDatadog Site to use. Peut être: |
key_id string ObligatoireKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
Codes d’état de la réponse HTTP pour « Create an audit log streaming configuration for an enterprise »
Code d’état | Description |
---|---|
200 | The audit log stream configuration was created successfully. |
Exemples de code pour « Create an audit log streaming configuration for an enterprise »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com
par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com
.
Exemple de requête
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams \
-d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'
The audit log stream configuration was created successfully.
Status: 200
{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}
List one audit log streaming configuration via a stream ID
Lists one audit log stream configuration via a stream ID.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Jetons d’accès affinés pour « List one audit log streaming configuration via a stream ID »
Ce point de terminaison ne fonctionne pas avec les jetons d’accès utilisateur d’application GitHub, les jetons d’accès d’installation d’application GitHub ou les jetons d’accès personnels affinés.
Paramètres pour « List one audit log streaming configuration via a stream ID »
Nom, Type, Description |
---|
accept string Setting to |
Nom, Type, Description |
---|
enterprise string ObligatoireThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
stream_id integer ObligatoireThe ID of the audit log stream configuration. |
Codes d’état de la réponse HTTP pour « List one audit log streaming configuration via a stream ID »
Code d’état | Description |
---|---|
200 | Lists one audit log stream configuration via stream ID. |
Exemples de code pour « List one audit log streaming configuration via a stream ID »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com
par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com
.
Exemple de requête
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID
Lists one audit log stream configuration via stream ID.
Status: 200
{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}
Update an existing audit log stream configuration
Updates an existing audit log stream configuration for an enterprise.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Jetons d’accès affinés pour « Update an existing audit log stream configuration »
Ce point de terminaison ne fonctionne pas avec les jetons d’accès utilisateur d’application GitHub, les jetons d’accès d’installation d’application GitHub ou les jetons d’accès personnels affinés.
Paramètres pour « Update an existing audit log stream configuration »
Nom, Type, Description |
---|
accept string Setting to |
Nom, Type, Description |
---|
enterprise string ObligatoireThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
stream_id integer ObligatoireThe ID of the audit log stream configuration. |
Nom, Type, Description | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
enabled boolean ObligatoireThis setting pauses or resumes a stream. | |||||||||||||||||||||||||||||||||||||||||||||||||
stream_type string ObligatoireThe audit log streaming provider. The name is case sensitive. Peut être: | |||||||||||||||||||||||||||||||||||||||||||||||||
vendor_specific object Obligatoire | |||||||||||||||||||||||||||||||||||||||||||||||||
Can be one of these objects:
AzureHubConfig object ObligatoireAzure Event Hubs Config for audit log streaming configuration. Properties of |
Nom, Type, Description |
---|
name string ObligatoireInstance name of Azure Event Hubs |
encrypted_connstring string ObligatoireEncrypted Connection String for Azure Event Hubs |
key_id string ObligatoireKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
AmazonS3OIDCConfig
object ObligatoireAmazon S3 OIDC Config for audit log streaming configuration.
Properties of AmazonS3OIDCConfig
Nom, Type, Description |
---|
bucket string ObligatoireAmazon S3 Bucket Name. |
region string ObligatoireAWS S3 Bucket Region. |
key_id string ObligatoireKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string ObligatoireAuthentication Type for Amazon S3. Value: |
arn_role string Obligatoire |
AmazonS3AccessKeysConfig
object ObligatoireAmazon S3 Access Keys Config for audit log streaming configuration.
Properties of AmazonS3AccessKeysConfig
Nom, Type, Description |
---|
bucket string ObligatoireAmazon S3 Bucket Name. |
region string ObligatoireAmazon S3 Bucket Name. |
key_id string ObligatoireKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string ObligatoireAuthentication Type for Amazon S3. Value: |
encrypted_secret_key string ObligatoireEncrypted AWS Secret Key. |
encrypted_access_key_id string ObligatoireEncrypted AWS Access Key ID. |
SplunkConfig
object ObligatoireSplunk Config for Audit Log Stream Configuration
Properties of SplunkConfig
Nom, Type, Description |
---|
domain string ObligatoireDomain of Splunk instance. |
port integer ObligatoireThe port number for connecting to Splunk. |
key_id string ObligatoireKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_token string ObligatoireEncrypted Token. |
ssl_verify boolean ObligatoireSSL verification helps ensure your events are sent to your Splunk endpoint securely. |
GoogleCloudConfig
object ObligatoireGoogle Cloud Config for audit log streaming configuration.
Properties of GoogleCloudConfig
Nom, Type, Description |
---|
bucket string ObligatoireGoogle Cloud Bucket Name |
key_id string ObligatoireKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_json_credentials string Obligatoire |
DatadogConfig
object ObligatoireDatadog Config for audit log streaming configuration.
Properties of DatadogConfig
Nom, Type, Description |
---|
encrypted_token string ObligatoireEncrypted Splunk token. |
site string ObligatoireDatadog Site to use. Peut être: |
key_id string ObligatoireKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
Codes d’état de la réponse HTTP pour « Update an existing audit log stream configuration »
Code d’état | Description |
---|---|
200 | Successful update |
422 | Validation error |
Exemples de code pour « Update an existing audit log stream configuration »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com
par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com
.
Exemple de requête
curl -L \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID \
-d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'
Successful update
Status: 200
{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}
Delete an audit log streaming configuration for an enterprise
Deletes an existing audit log stream configuration for an enterprise.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Jetons d’accès affinés pour « Delete an audit log streaming configuration for an enterprise »
Ce point de terminaison ne fonctionne pas avec les jetons d’accès utilisateur d’application GitHub, les jetons d’accès d’installation d’application GitHub ou les jetons d’accès personnels affinés.
Paramètres pour « Delete an audit log streaming configuration for an enterprise »
Nom, Type, Description |
---|
accept string Setting to |
Nom, Type, Description |
---|
enterprise string ObligatoireThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
stream_id integer ObligatoireThe ID of the audit log stream configuration. |
Codes d’état de la réponse HTTP pour « Delete an audit log streaming configuration for an enterprise »
Code d’état | Description |
---|---|
204 | The audit log stream configuration was deleted successfully. |
Exemples de code pour « Delete an audit log streaming configuration for an enterprise »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com
par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com
.
Exemple de requête
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID
The audit log stream configuration was deleted successfully.
Status: 204