Skip to main content

Revise os eventos registrados no log de auditoria de uma empresa.

Quem pode usar esse recurso?

Enterprise owners

Neste artigo

Observação

Este artigo lista os eventos que podem aparecer no log de auditoria de uma empresa. Para saber quais eventos podem aparecer no log de segurança de uma conta de usuário ou no log de auditoria de uma organização, confira Eventos do log de segurança e Eventos de log de auditoria para sua organização.

Quais tipos de eventos estão incluídos?

  • Sem Enterprise Managed Users, o log de auditoria inclui apenas eventos relacionados à conta empresarial e às organizações dela.
  • Com Enterprise Managed Users, o log de auditoria também inclui eventos de usuário, que não estão listados aqui. Para ver essa lista, confira Eventos do log de segurança.

Audit log events

account

account.plan_change
The account's plan changed.
Campos
actor, operation_type, _document_id, user_agent, created_at, actor_id, request_id, @timestamp, user, action, user_id, programmatic_access_type
Referência
/billing/managing-the-plan-for-your-github-account/about-billing-for-plans

actions_cache

actions_cache.delete
A GitHub Actions cache was deleted using the REST API.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, user_id, user, repo_id, repo, org, org_id, actions_cache_id, actions_cache_key, actions_cache_version, actions_cache_scope, action, _document_id, @timestamp, created_at, operation_type, token_scopes, programmatic_access_type, request_access_security_header

advisory_credit

advisory_credit.accept
Credit was accepted for a security advisory.
Campos
user_agent, request_id, actor, actor_id, ghsa_id, repo, repo_id, recipient, org, org_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory
advisory_credit.create
Someone was added to the credit section of a security advisory.
Campos
user_agent, request_id, actor, actor_id, ghsa_id, repo, repo_id, recipient, org, org_id, action, operation_type, @timestamp, created_at, _document_id
advisory_credit.decline
Credit was declined for a security advisory.
Campos
user_agent, request_id, actor, actor_id, ghsa_id, repo, repo_id, recipient, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo
advisory_credit.destroy
Someone was removed from the credit section of a security advisory.
Campos
user_agent, request_id, actor, actor_id, ghsa_id, repo, repo_id, recipient, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo

api

api.request
An API request was made to an endpoint for the enterprise, or an enterprise owned resource. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.
Campos
user_agent, request_id, request_method, query_string, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, request_body, status_code, url_path, business, business_id, org, org_id, repo, repo_id, public_repo, user, user_id, action, _document_id, @timestamp, created_at, operation_type, route, rate_limit_remaining, actor_is_bot
Referência
Streaming the audit log for your enterprise

artifact

artifact.destroy
A workflow run artifact was manually deleted.
Campos
action, actor, user_agent, actor_id, repo, repo_id, request_id, @timestamp, created_at, _document_id, operation_type, programmatic_access_type

audit_log_streaming

audit_log_streaming.check
A manual check of the endpoint configured for audit log streaming was performed.
Campos
user_agent, request_id, actor, actor_id, audit_log_stream_result, business_id, business, action, _document_id, @timestamp, created_at, operation_type, audit_log_stream_sink_details, request_access_security_header
audit_log_streaming.create
An endpoint was added for audit log streaming.
Campos
user_agent, request_id, actor, actor_id, business_id, business, audit_log_stream_sink, action, _document_id, @timestamp, created_at, operation_type, audit_log_stream_id
audit_log_streaming.destroy
An audit log streaming endpoint was deleted.
Campos
user_agent, request_id, actor, actor_id, business_id, business, action, _document_id, @timestamp, created_at, operation_type, audit_log_stream_id, audit_log_stream_sink_details
audit_log_streaming.update
An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.
Campos
user_agent, request_id, actor, actor_id, audit_log_stream_enabled, business_id, business, audit_log_stream_sink, action, _document_id, @timestamp, created_at, operation_type, new_s3_bucket, old_s3_bucket, secrets_updated, new_s3_arn_role, old_s3_arn_role, new_azure_blob_container, old_azure_blob_container, new_event_hub_instance, old_event_hub_instance, new_splunk_domain, old_splunk_domain, ssl_verify, old_gc_bucket

auto_approve_personal_access_token_requests

auto_approve_personal_access_token_requests.disable
Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type
Referência
/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization
auto_approve_personal_access_token_requests.enable
Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization

billing

billing.change_billing_type
The way the account pays for GitHub was changed.
Campos
actor_id, user, @timestamp, actor, user_id, action, created_at, operation_type, _document_id, user_agent, request_id
Referência
Managing your payment and billing information
billing.change_email
The billing email address changed.
Campos
actor, operation_type, actor_id, org_id, @timestamp, user_agent, request_id, created_at, _document_id, org, email, action, request_access_security_header
Referência
Managing your payment and billing information

business

business.add_admin
An enterprise owner was added to an enterprise.
Campos
name, business, user, user_id, @timestamp, created_at, actor, actor_id, action, operation_type, request_id, business_id, _document_id, user_agent, programmatic_access_type, request_access_security_header
Referência
Inviting people to manage your enterprise
business.add_billing_manager
A billing manager was added to an enterprise.
Campos
user_agent, user, actor, name, business, business_id, action, @timestamp, request_id, actor_id, operation_type, created_at, user_id, _document_id
business.add_disallowed_two_factor_method
An enterprise prevented access to resources by users with the given two-factor method.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, name, two_factor_method, business, business_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
business.add_organization
An organization was added to an enterprise.
Campos
org_id, operation_type, @timestamp, actor, business_id, org, action, user_agent, actor_id, name, created_at, request_id, _document_id, business, organization_upgrade, request_access_security_header
business.add_support_entitlee
A support entitlement was added to a member of an enterprise.
Campos
user_agent, request_id, actor, actor_id, name, business, business_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id
Referência
Managing support entitlements for your enterprise
business.advanced_security_metered_usage_unlock
Enablement for Advanced Security features on new repositories has been unlocked for this enterprise.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
business.advanced_security_policy_update
An enterprise owner created, updated, or removed a policy for GitHub Advanced Security.
Campos
user_agent, request_id, actor, actor_id, name, new_policy, business, business_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
Referência
Enforcing policies for code security and analysis for your enterprise
business.audit_log_export
An export of the enterprise audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.
Campos
user_agent, business, business_id, @timestamp, actor_id, operation_type, created_at, request_id, actor, action, _document_id, query_phrase
Referência
Exporting audit log activity for your enterprise
business.audit_log_git_event_export
An export of the enterprise's Git events was created.
Campos
user_agent, request_id, actor, actor_id, created_at, start, end, business, business_id, action, operation_type, @timestamp, _document_id
Referência
Exporting audit log activity for your enterprise
business.cancel_admin_invitation
An invitation for someone to be an owner of an enterprise was canceled.
Campos
user, actor_id, user_agent, invitation_id, user_id, _document_id, operation_type, created_at, name, request_id, actor, @timestamp, business, business_id, action
business.cancel_billing_manager_invitation
An invitation for someone to be an billing manager of an enterprise was canceled.
Campos
business_id, action, @timestamp, actor, name, _document_id, actor_id, created_at, business, user_id, operation_type, request_id, user_agent, invitation_id, user
business.cancel_trial
The trial of GitHub Enterprise Cloud was canceled.
Campos
user_agent, request_id, actor, actor_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Setting up a trial of GitHub Enterprise Cloud
business.change_seats_plan_type
The seats plan type was changed for an enterprise.
Campos
actor, actor_id, user_agent, request_id, name, seats_plan_type_was, seats_plan_type, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
business.clear_actions_settings
An enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise.
Campos
user_agent, request_id, actor, actor_id, name, business, business_id, action, operation_type, @timestamp, created_at, _document_id
Referência
Enforcing policies for GitHub Actions in your enterprise
business.clear_default_repository_permission
An enterprise owner cleared the base repository permission policy setting for an enterprise.
Campos
name, operation_type, business_id, user_agent, actor_id, request_id, actor, _document_id, business, action, @timestamp, created_at
Referência
Enforcing repository management policies in your enterprise
business.clear_disallowed_two_factor_methods
Cleared two-factor authentication restrictions for an enterprise.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
business.clear_members_can_create_repos
An enterprise owner cleared a restriction on repository creation in organizations in the enterprise.
Campos
user_agent, actor_id, business_id, action, _document_id, request_id, name, business, visibility, created_at, actor, operation_type, @timestamp
Referência
Enforcing repository management policies in your enterprise
business.code_scanning_autofix_policy_update
The policy for Code scanning autofix was updated for an enterprise.
Campos
actor, actor_id, user_agent, request_id, name, new_policy, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
business.code_scanning_autofix_third_party_tools_policy_update
The policy for Code scanning autofix third party tools was updated for an enterprise.
Campos
actor, actor_id, user_agent, request_id, name, new_policy, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
Referência
/code-security/getting-started/github-security-features#available-with-github-code-security
business.code_security_enablement_policy_update
The policy for Code Security enablement was updated for an enterprise.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, name, new_policy, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
Referência
/code-security/getting-started/github-security-features#available-with-github-code-security
business.code_security_metered_usage_lock
Enablement for Code Security features on new repositories has been locked for this enterprise.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
business.connect_usage_metrics_export
Server statistics were exported for the enterprise.
Campos
user_agent, request_id, actor, actor_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Exporting Server Statistics
business.convert_trial
The enterprise account on a trial of GitHub Enterprise Cloud was upgraded to a paid enterprise account.
Campos
name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Setting up a trial of GitHub Enterprise Cloud
business.create
An enterprise was created.
Campos
actor_id, _document_id, action, @timestamp, request_id, name, business, business_id, operation_type, actor, created_at, user_agent, request_access_security_header
business.create_trial
A trial of GitHub Enterprise Cloud began.
Campos
user_agent, request_id, actor, actor_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Setting up a trial of GitHub Enterprise Cloud
business.delete
The enterprise was deleted.
Campos
actor_id, business, action, business_id, @timestamp, operation_type, _document_id, request_id, user_agent, actor, name, created_at
Referência
Deleting an enterprise account
business.disable_oidc
OIDC single sign-on was disabled for an enterprise.
Campos
actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Configuring OIDC for Enterprise Managed Users
business.disable_open_scim
SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.
Campos
actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
business.disable_saml
SAML single sign-on was disabled for an enterprise.
Campos
request_id, business, action, created_at, actor, user_agent, business_id, operation_type, _document_id, issuer, @timestamp, actor_id, name, sso_url
business.disable_source_ip_disclosure
Display of IP addresses within audit log events for the enterprise was disabled.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Displaying IP addresses in the audit log for your enterprise
business.disable_two_factor_requirement
The requirement for members to have two-factor authentication enabled to access an enterprise was disabled.
Campos
action, @timestamp, actor, business, operation_type, created_at, user_agent, business_id, actor_id, name, _document_id, request_id
business.enable_oidc
OIDC single sign-on was enabled for an enterprise.
Campos
actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Configuring OIDC for Enterprise Managed Users
business.enable_open_scim
SCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.
Campos
actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
business.enable_saml
SAML single sign-on was enabled for an enterprise.
Campos
operation_type, name, sso_url, @timestamp, issuer, action, actor_id, _document_id, request_id, created_at, actor, business_id, business, user_agent
business.enable_source_ip_disclosure
Display of IP addresses within audit log events for the enterprise was enabled.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Displaying IP addresses in the audit log for your enterprise
business.enable_two_factor_requirement
The requirement for members to have two-factor authentication enabled to access an enterprise was enabled.
Campos
actor_id, action, user_agent, actor, operation_type, created_at, business, business_id, name, _document_id, request_id, @timestamp
business.enterprise_server_license_download
A GitHub Enterprise Server license was downloaded.
Campos
actor, business, user_agent, action, request_id, user, business_id, _document_id, actor_id, operation_type, created_at, user_id, @timestamp
business.expire_trial
The trial of GitHub Enterprise Cloud expired.
Campos
name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Setting up a trial of GitHub Enterprise Cloud
business.github_models_billing_disabled
GitHub Models billing was disabled for the business.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
business.github_models_billing_enabled
GitHub Models billing was enabled for the business.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
business.import_license_usage
License usage information was imported from a GitHub Enterprise Server instance to an enterprise account on GitHub.com.
Campos
name, actor, business_id, created_at, request_id, user_agent, operation_type, business, action, @timestamp, _document_id, actor_id
Referência
Syncing license usage between GitHub Enterprise Server and GitHub Enterprise Cloud
business.invite_admin
An invitation for someone to be an enterprise owner of an enterprise was sent.
Campos
action, name, request_id, business, invitation_id, business_id, user_id, user_agent, actor, actor_id, _document_id, @timestamp, user, operation_type, created_at
business.invite_billing_manager
An invitation for someone to be an billing manager of an enterprise was sent.
Campos
user, operation_type, user_agent, invitation_id, _document_id, business, actor, user_id, action, @timestamp, name, request_id, actor_id, business_id, created_at
business.members_can_update_protected_branches.clear
An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.
Campos
user_id, action, created_at, actor, actor_id, @timestamp, request_id, business, name, operation_type, user, user_agent, business_id, _document_id
business.members_can_update_protected_branches.disable
The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.
Campos
user_agent, request_id, actor, actor_id, name, business, business_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id
business.members_can_update_protected_branches.enable
The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.
Campos
name, actor, operation_type, _document_id, business_id, user, @timestamp, business, actor_id, created_at, action, user_agent, request_id, user_id
business.proxy_security_header_disabled
The proxy security header was disabled for an enterprise. All users on the network can now access GitHub, unless blocked by other means.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
business.proxy_security_header_enabled
The proxy security header was enabled for an enterprise. When the header is provided in requests, only Enterprise Managed Users matching the header will be able to access GitHub.
Campos
actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
business.proxy_security_header_unsatisfied
A user outside the enterprise tried to access GitHub while the proxy security header was enabled and provided in the request.
Campos
user_agent, request_id, programmatic_access_type, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
business.recovery_code_failed
An enterprise owner failed to sign into a enterprise with an external identity provider (IdP) using a recovery code.
Campos
actor, actor_id, user_agent, request_id, name, reason, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Accessing your enterprise account if your identity provider is unavailable
business.recovery_code_used
An enterprise owner successfully signed into an enterprise with an external identity provider (IdP) using a recovery code.
Campos
actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Accessing your enterprise account if your identity provider is unavailable
business.recovery_codes_downloaded
An enterprise owner downloaded the enterprise's SSO recovery codes.
Campos
actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Downloading your enterprise account's single sign-on recovery codes
business.recovery_codes_generated
An enterprise owner generated the enterprise's SSO recovery codes.
Campos
actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Downloading your enterprise account's single sign-on recovery codes
business.recovery_codes_printed
An enterprise owner printed the enterprise's SSO recovery codes.
Campos
actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Downloading your enterprise account's single sign-on recovery codes
business.recovery_codes_viewed
An enterprise owner viewed the enterprise's SSO recovery codes.
Campos
actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Downloading your enterprise account's single sign-on recovery codes
business.remove_admin
An enterprise owner was removed from an enterprise.
Campos
actor, operation_type, user_agent, business, business_id, @timestamp, created_at, request_id, action, name, actor_id, user_id, _document_id, user
Referência
Inviting people to manage your enterprise
business.remove_billing_manager
A billing manager was removed from an enterprise.
Campos
actor_id, business, actor, user_id, user_agent, request_id, action, _document_id, operation_type, @timestamp, name, business_id, user, created_at
business.remove_disallowed_two_factor_method
Removed a two-factor authentication method restriction for an enterprise.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, name, two_factor_method, business, business_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
business.remove_member
A member was removed from an enterprise.
Campos
user_agent, @timestamp, business_id, actor_id, actor, operation_type, user, created_at, business, user_id, action, _document_id, request_id, request_access_security_header
business.remove_organization
An organization was removed from an enterprise.
Campos
org_id, action, business, actor, actor_id, request_id, created_at, user_agent, business_id, operation_type, @timestamp, _document_id, name, org
business.remove_support_entitlee
A support entitlement was removed from a member of an enterprise.
Campos
user_agent, request_id, actor, actor_id, name, business, business_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id
Referência
Managing support entitlements for your enterprise
business.rename_slug
The slug for the enterprise URL was renamed.
Campos
request_id, name, business_id, user_agent, action, actor_id, operation_type, actor, @timestamp, created_at, business, _document_id
business.restore
The deleted enterprise was restored.
Campos
actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
business.revoke_external_identity
The external identity for a member in an enterprise was revoked.
Campos
request_id, @timestamp, _document_id, user_id, operation_type, actor, created_at, name, user_agent, actor_id, business_id, action, user, business
business.revoke_sso_session
The SAML single sign-on session for a member in an enterprise was revoked.
Campos
business_id, user_agent, request_id, user, operation_type, actor, _document_id, actor_id, name, @timestamp, user_id, action, created_at, business
business.security_center_export_code_scanning_metrics
A CSV export was requested on the "CodeQL pull request alerts" page.
Campos
actor, actor_id, user_agent, request_id, business, business_id, user, user_id, query, filename, requested_at, start_date, end_date, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
business.security_center_export_coverage
A CSV export was requested on the "Coverage" page.
Campos
actor, actor_id, user_agent, request_id, business, business_id, user, user_id, query, filename, requested_at, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
business.security_center_export_overview_dashboard
A CSV export was requested on the "Overview Dashboard" page.
Campos
actor, actor_id, user_agent, request_id, business, business_id, user, user_id, query, filename, requested_at, start_date, end_date, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
business.security_center_export_risk
A CSV export was requested on the "Risk" page.
Campos
actor, actor_id, user_agent, request_id, business, business_id, user, user_id, query, filename, requested_at, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
business.set_actions_fork_pr_approvals_policy
The policy for requiring approvals for workflows from public forks was changed for an enterprise.
Campos
user_agent, request_id, actor, actor_id, name, policy, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Enforcing policies for GitHub Actions in your enterprise
business.set_actions_private_fork_pr_approvals_policy
The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.
Campos
actor, actor_id, user_agent, request_id, name, policy, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Enforcing policies for GitHub Actions in your enterprise
business.set_actions_retention_limit
The retention period for GitHub Actions artifacts and logs was changed for an enterprise.
Campos
user_agent, request_id, actor, actor_id, name, limit, business, business_id, action, operation_type, @timestamp, created_at, _document_id
Referência
Enforcing policies for GitHub Actions in your enterprise
business.set_default_workflow_permissions
The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.
Campos
actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Enforcing policies for GitHub Actions in your enterprise
business.set_fork_pr_workflows_policy
The policy for fork pull request workflows was changed for an enterprise.
Campos
user_agent, request_id, actor, actor_id, name, policy, business, business_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
Referência
Enforcing policies for GitHub Actions in your enterprise
business.set_workflow_permission_can_approve_pr
The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.
Campos
actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Enforcing policies for GitHub Actions in your enterprise
business.sso_response
A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Campos
issuer, name, user_agent, action, @timestamp, _document_id, actor, business, business_id, actor_id, created_at, request_id, operation_type, request_access_security_header
business.update_actions_settings
An enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise.
Campos
user_agent, request_id, actor, actor_id, name, business, business_id, action, operation_type, @timestamp, created_at, _document_id, updated_github_owned_allowed, updated_verified_allowed, updated_patterns, new_policy, old_policy, updated_access_policy
Referência
Enforcing policies for GitHub Actions in your enterprise
business.update_default_repository_permission
The base repository permission setting was updated for all organizations in an enterprise.
Campos
business_id, operation_type, user_agent, actor, actor_id, permission, action, created_at, @timestamp, request_id, name, _document_id, old_permission, business
Referência
Enforcing repository management policies in your enterprise
business.update_member_repository_creation_permission
The repository creation setting was updated for an enterprise.
Campos
created_at, _document_id, request_id, name, business_id, actor, actor_id, @timestamp, operation_type, permission, action, business, user_agent, visibility
Referência
Enforcing repository management policies in your enterprise
business.update_member_repository_invitation_permission
The policy setting for enterprise members inviting outside collaborators to repositories was updated.
Campos
business_id, created_at, action, operation_type, @timestamp, request_id, permission, actor, actor_id, name, _document_id, user_agent, business
Referência
Enforcing repository management policies in your enterprise
business.update_saml_provider_settings
The SAML single sign-on provider settings for an enterprise were updated.
Campos
actor, _document_id, request_id, business_id, sso_url, user_agent, action, business, name, created_at, operation_type, actor_id, @timestamp, issuer
business.upgrade_from_organization
The organization was upgraded to an enterprise account.
Campos
actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
Referência
/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan#upgrading-your-organizations-plan

business_advanced_security

business_advanced_security.disabled
GitHub Advanced Security was disabled for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Managing GitHub Advanced Security features for your enterprise
business_advanced_security.disabled_for_new_repos
GitHub Advanced Security was disabled for new repositories in your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise
business_advanced_security.disabled_for_new_user_namespace_repos
GitHub Advanced Security was disabled for new user namespace repositories in your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
Referência
Managing GitHub Advanced Security features for your enterprise
business_advanced_security.enabled
GitHub Advanced Security was enabled for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise
business_advanced_security.enabled_for_new_repos
GitHub Advanced Security was enabled for new repositories in your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise
business_advanced_security.enabled_for_new_user_namespace_repos
GitHub Advanced Security was enabled for new user namespace repositories in your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
Referência
Managing GitHub Advanced Security features for your enterprise
business_advanced_security.user_namespace_repos_disabled
GitHub Advanced Security was disabled for user namespace repositories in your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
Referência
Managing GitHub Advanced Security features for your enterprise
business_advanced_security.user_namespace_repos_enabled
GitHub Advanced Security was enabled for user namespace repositories in your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
Referência
Managing GitHub Advanced Security features for your enterprise

business_dependabot_alerts

business_dependabot_alerts.disable
Dependabot alerts were disabled for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
business_dependabot_alerts.enable
Dependabot alerts were enabled for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

business_dependabot_alerts_new_repos

business_dependabot_alerts_new_repos.disable
Dependabot alerts were disabled for new repositories in your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
business_dependabot_alerts_new_repos.enable
Dependabot alerts were enabled for new repositories in your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

business_secret_scanning_automatic_validity_checks

business_secret_scanning_automatic_validity_checks.disabled
Automatic partner validation checks have been disabled at the business level
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_automatic_validity_checks.enabled
Automatic partner validation checks have been enabled at the business level
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_custom_pattern

business_secret_scanning_custom_pattern.create
An enterprise-level custom pattern was created for secret scanning.
Campos
user_agent, request_id, actor, actor_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Defining custom patterns for secret scanning
business_secret_scanning_custom_pattern.delete
An enterprise-level custom pattern was removed from secret scanning.
Campos
user_agent, request_id, actor, actor_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
business_secret_scanning_custom_pattern.publish
An enterprise-level custom pattern was published for secret scanning.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
business_secret_scanning_custom_pattern.update
Changes to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning.
Campos
user_agent, request_id, actor, actor_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

business_secret_scanning_custom_pattern_push_protection

business_secret_scanning_custom_pattern_push_protection.disabled
Push protection for a custom pattern for secret scanning was disabled for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Defining custom patterns for secret scanning
business_secret_scanning_custom_pattern_push_protection.enabled
Push protection for a custom pattern for secret scanning was enabled for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Defining custom patterns for secret scanning

business_secret_scanning

business_secret_scanning.disable
Secret scanning was disabled for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise
business_secret_scanning.disabled_for_new_repos
Secret scanning was disabled for new repositories in your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise
business_secret_scanning.enable
Secret scanning was enabled for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise
business_secret_scanning.enabled_for_new_repos
Secret scanning was enabled for new repositories in your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_generic_secrets

business_secret_scanning_generic_secrets.disabled
Generic secrets have been disabled at the business level
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
business_secret_scanning_generic_secrets.enabled
Generic secrets have been enabled at the business level
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

business_secret_scanning_non_provider_patterns

business_secret_scanning_non_provider_patterns.disabled
Secret scanning for non-provider patterns was disabled at the enterprise level.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
Referência
Supported secret scanning patterns
business_secret_scanning_non_provider_patterns.enabled
Secret scanning for non-provider patterns was enabled at the enterprise level.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
Referência
Supported secret scanning patterns

business_secret_scanning_push_protection_custom_message

business_secret_scanning_push_protection_custom_message.disable
The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection_custom_message.enable
The custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection_custom_message.update
The custom message triggered by an attempted push to a push-protected repository was updated for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_push_protection

business_secret_scanning_push_protection.disable
Push protection for secret scanning was disabled for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection.disabled_for_new_repos
Push protection for secret scanning was disabled for new repositories in your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection.enable
Push protection for secret scanning was enabled for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection.enabled_for_new_repos
Push protection for secret scanning was enabled for new repositories in your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_push_protection_pattern_configuration

business_secret_scanning_push_protection_pattern_configuration.push_protection_setting_changed
The push protection setting was changed for a secret type for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, secret_type, secret_type_display_name, push_protection_setting
Referência
Managing GitHub Advanced Security features for your enterprise
business_secret_scanning_push_protection_pattern_configuration.updated
The push protection pattern configuration was updated for your enterprise.
Campos
actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp
Referência
Managing GitHub Advanced Security features for your enterprise

checks

checks.auto_trigger_disabled
Automatic creation of check suites was disabled on a repository in the organization or enterprise.
Campos
visibility, user_agent, user, @timestamp, repo, actor_id, user_id, action, created_at, actor, operation_type, request_id, repo_id, _document_id
Referência
/rest/checks#update-repository-preferences-for-check-suites
checks.auto_trigger_enabled
Automatic creation of check suites was enabled on a repository in the organization or enterprise.
Campos
user_agent, request_id, actor, actor_id, visibility, repo, repo_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, public_repo
Referência
/rest/checks#update-repository-preferences-for-check-suites
checks.delete_logs
Logs in a check suite were deleted.
Campos
@timestamp, actor, actor_id, operation_type, repo_id, action, created_at, _document_id, user_agent, request_id, repo, programmatic_access_type

code_scanning

code_scanning.alert_appeared_in_branch
Existing code scanning alerts appeared in a branch.
Campos
repo_id, alert_number, commit_oid, ref, request_id, org_id, org, business_id, business, alert_numbers
Referência
/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_closed_became_fixed
Code scanning alerts were fixed.
Campos
repo_id, alert_number, commit_oid, ref, request_id, org_id, org, business_id, business, alert_numbers
Referência
/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_closed_became_outdated
Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).
Campos
repo_id, alert_numbers, commit_oid, ref, request_id, org_id, org, business_id, business
Referência
/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_closed_by_user
Code scanning alerts were manually dismissed.
Campos
repo_id, alert_number, actor_id, request_id, actor, org_id, org, business_id, business, alert_numbers, dismissal_approver_id
Referência
/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_closure_approved
Dismissal of code scanning alerts was approved.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, dismissal_request_id, alert_number, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type
Referência
/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_closure_denied
Dismissal of code scanning alerts was denied.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, dismissal_request_id, alert_number, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type
Referência
/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_closure_requested
Dismissal of code scanning alerts was requested.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, dismissal_request_id, alert_number, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type
Referência
/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_created
Code scanning alerts were seen for the first time.
Campos
repo_id, alert_number, commit_oid, ref, request_id, org_id, org, alert_numbers
Referência
/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_reappeared
Code scanning alerts that were previously fixed reappeared.
Campos
repo_id, alert_number, commit_oid, ref, request_id, org_id, org, business_id, business, alert_numbers
Referência
/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
code_scanning.alert_reopened_by_user
Code scanning alerts that were previously dismissed were reopened.
Campos
repo_id, alert_number, actor_id, request_id, actor, org_id, org, business_id, business, alert_numbers
Referência
/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning

code

code.search
A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Campos
@timestamp, action, actor_id, business_id, query, org_id, user_id, _document_id, search_string
Referência
/search-github/github-code-search

codespaces

codespaces.allow_permissions
A codespace using custom permissions from its devcontainer.json file was launched.
Campos
user_agent, request_id, actor, actor_id, origin_repository, action, _document_id, @timestamp, created_at, operation_type
codespaces.attempted_to_create_from_prebuild
An attempt to create a codespace from a prebuild was made.
Campos
user_agent, request_id, actor, actor_id, name, owner, pull_request_id, repository, repository_id, user_id, user, org, org_id, action, _document_id, @timestamp, created_at, operation_type, public_repo, token_scopes, programmatic_access_type, request_access_security_header
codespaces.business_enablement_updated
Enterprise setting for Codespaces ownership was updated.
Campos
actor, actor_id, user_agent, request_id, enablement, organization_names, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization
codespaces.connect
Credentials for a codespace were refreshed.
Campos
user_agent, request_id, actor, actor_id, repository_id, repository, pull_request_id, user_id, org_id, owner, name, action, operation_type, @timestamp, created_at, _document_id, public_repo, token_scopes, programmatic_access_type, actor_is_bot, machine_type, devcontainer_path
codespaces.create
A codespace was created
Campos
user_agent, request_id, actor, actor_id, repository_id, repository, pull_request_id, owner, name, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, actor_is_bot, machine_type, devcontainer_path
Referência
Creating a codespace for a repository
codespaces.destroy
A user deleted a codespace.
Campos
user_agent, request_id, actor, actor_id, repository_id, repository, pull_request_id, owner, name, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type
Referência
Deleting a codespace
codespaces.export_environment
A codespace was exported to a branch on GitHub.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, owner, action, _document_id, @timestamp, created_at, operation_type, public_repo
codespaces.policy_group_created
Policies were applied to codespaces in an organization or enterprise.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type
codespaces.policy_group_deleted
Policies were removed from codespaces in an organization or enterprise.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
codespaces.policy_group_updated
Policies were updated for codespaces in an organization or enterprise.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
codespaces.restore
A codespace was restored.
Campos
user_agent, request_id, actor, actor_id, owner, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type
codespaces.start_environment
A codespace was started.
Campos
actor, actor_id, user_agent, request_id, name, org, owner, pull_request_id, machine_type, user_id, user, devcontainer_path, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
codespaces.suspend_environment
A codespace was stopped.
Campos
user_agent, request_id, actor, actor_id, owner, action, operation_type, @timestamp, created_at, _document_id, public_repo, token_scopes, programmatic_access_type
codespaces.trusted_repositories_access_update
A personal account's access and security setting for Codespaces were updated.
Campos
user_agent, request_id, actor, actor_id, business, org, org_id, action, operation_type, @timestamp, created_at, _document_id
Referência
Managing access to other repositories within your codespace

commit_comment

commit_comment.destroy
A commit comment was deleted.
Campos
actor, repo, org, org_id, created_at, @timestamp, operation_type, repo_id, actor_id, request_id, _document_id, user_agent, action, programmatic_access_type
commit_comment.update
A commit comment was updated.
Campos
_document_id, repo_id, actor, org, request_id, action, @timestamp, repo, org_id, actor_id, created_at, user_agent, operation_type, token_scopes, programmatic_access_type

copilot

copilot.access_revoked
Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.
Campos
actor, actor_id, user_agent, request_id, reason, plan, org_id, owner, org, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
copilot.cfb_enterprise_org_enablement_changed
The Copilot enablement policy changed at the enterprise level to either allow or disable access for all organizations, or to allow access for selected organizations.
Campos
actor, actor_id, user_agent, request_id, previous_value, current_value, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
copilot.cfb_enterprise_settings_changed
Copilot feature settings were changed at the enterprise level.
Campos
actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
copilot.cfb_org_settings_changed
Copilot feature settings were changed at the organization level.
Campos
actor, actor_id, user_agent, request_id, action, _document_id, @timestamp, created_at, operation_type
copilot.cfb_seat_added
A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.
Campos
user_agent, request_id, token_id, hashed_token, programmatic_access_type, actor, actor_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
copilot.cfb_seat_assignment_created
A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.
Campos
actor, actor_id, user_agent, request_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
What is GitHub Copilot?
copilot.cfb_seat_assignment_refreshed
A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.
Campos
user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
copilot.cfb_seat_assignment_reused
A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.
Campos
actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type
copilot.cfb_seat_assignment_unassigned
A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.
Campos
actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
copilot.cfb_seat_cancelled
A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.
Campos
actor, actor_id, user_agent, request_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, seat_assignment, request_access_security_header
copilot.cfb_seat_cancelled_by_staff
A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.
Campos
actor, actor_id, user_agent, request_id, user_id, user, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
copilot.cfb_seat_management_changed
The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.
Campos
actor, actor_id, user_agent, request_id, old_value, new_value, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
copilot.clickwrap_save_event
The GitHub Copilot Product Terms or Pre-Release Preview Terms were accepted.
Campos
actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
copilot.content_exclusion_changed
The excluded paths for GitHub Copilot were updated.
Campos
actor, actor_id, user_agent, request_id, excluded_paths, owner_type, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
copilot.enterprise_enablement_changed
Copilot access was enabled or disabled at the enterprise level.
Campos
actor, actor_id, user_agent, request_id, previous_value, current_value, business, business_id, action, _document_id, @timestamp, created_at, operation_type
copilot.knowledge_base_created
A knowledge base was created in the organization.
Campos
actor, actor_id, user_agent, request_id, knowledge_base_name, org_id, org, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
Creating and managing Copilot knowledge bases
copilot.knowledge_base_deleted
A knowledge base was deleted from the organization.
Campos
actor, actor_id, user_agent, request_id, knowledge_base_name, org_id, org, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
Creating and managing Copilot knowledge bases
copilot.knowledge_base_updated
A knowledge base was updated in the organization.
Campos
actor, actor_id, user_agent, request_id, knowledge_base_name, org_id, org, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
Creating and managing Copilot knowledge bases
copilot.plan_changed
The plan for GitHub Copilot was updated.
Campos
actor, actor_id, user_agent, request_id, old_plan, plan, business_id, business, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
Referência
About billing for GitHub Copilot
copilot.plan_downgrade_scheduled
The plan for GitHub Copilot was scheduled to be downgraded.
Campos
actor, actor_id, user_agent, request_id, org_id, owner, org, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, current_plan, scheduled_plan

custom_property_definition

custom_property_definition.create
A new custom property definition was created.
Campos
actor, actor_id, user_agent, request_id, property_name, action, _document_id, @timestamp, created_at, operation_type, business, business_id, value_type, required, default_value, definition_id
Referência
/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization
custom_property_definition.destroy
A custom property definition was deleted.
Campos
actor, actor_id, user_agent, request_id, property_name, action, _document_id, @timestamp, created_at, operation_type, business, business_id, value_type, required, default_value, definition_id, allowed_values
Referência
/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization
custom_property_definition.update
A custom property definition was updated.
Campos
actor, actor_id, user_agent, request_id, property_name, action, _document_id, @timestamp, created_at, operation_type, value_type, required, default_value, old_allowed_values, allowed_values, definition_id, old_required, old_default_value, old_value_type, old_values_editable_by, values_editable_by, request_access_security_header
Referência
/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

custom_property_value

custom_property_value.create
A repository's custom property value was manually set for the first time.
Campos
actor, actor_id, user_agent, request_id, definition_id, property_name, value, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization
custom_property_value.destroy
A repository's custom property value was deleted.
Campos
actor, actor_id, user_agent, request_id, repository, repository_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization
custom_property_value.update
A repository's custom property value was updated.
Campos
actor, actor_id, user_agent, request_id, repository, repository_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, definition_id
Referência
/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

dependabot_alerts

dependabot_alerts.disable
Dependabot alerts were disabled for all existing repositories.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories
dependabot_alerts.enable
Dependabot alerts were enabled for all existing repositories.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
Referência
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories

dependabot_alerts_new_repos

dependabot_alerts_new_repos.disable
Dependabot alerts were disabled for all new repositories.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
Referência
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added
dependabot_alerts_new_repos.enable
Dependabot alerts were enabled for all new repositories.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added

dependabot_repository_access

dependabot_repository_access.default_access_level_updated
The default repository access for Dependabot was updated.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, org, org_id, access_level, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
dependabot_repository_access.repositories_updated
The repositories that Dependabot can access were updated.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id

dependabot_security_updates

dependabot_security_updates.disable
Dependabot security updates were disabled for all existing repositories.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependabot_security_updates.enable
Dependabot security updates were enabled for all existing repositories.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id

dependabot_security_updates_new_repos

dependabot_security_updates_new_repos.disable
Dependabot security updates were disabled for all new repositories.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
Referência
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependabot_security_updates_new_repos.enable
Dependabot security updates were enabled for all new repositories.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id

dependency_graph

dependency_graph.disable
The dependency graph was disabled for all existing repositories.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
Referência
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependency_graph.enable
The dependency graph was enabled for all existing repositories.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id

dependency_graph_new_repos

dependency_graph_new_repos.disable
The dependency graph was disabled for all new repositories.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
Referência
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependency_graph_new_repos.enable
The dependency graph was enabled for all new repositories.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id, request_access_security_header

discussion_post

discussion_post.destroy
Triggered when a team discussion post is deleted.
Campos
request_id, team, created_at, user_id, @timestamp, number, org, title, actor, actor_id, user, action, user_agent, operation_type, _document_id
Referência
/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment
discussion_post.update
Triggered when a team discussion post is edited.
Campos
created_at, _document_id, title, user, user_agent, org, operation_type, actor_id, @timestamp, actor, team, action, org_id, request_id, user_id, number
Referência
/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment

discussion_post_reply

discussion_post_reply.destroy
Triggered when a reply to a team discussion post is deleted.
Campos
actor_id, action, @timestamp, user_agent, operation_type, user_id, actor, number, user, created_at, request_id, _document_id
Referência
/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment
discussion_post_reply.update
Triggered when a reply to a team discussion post is edited.
Campos
action, _document_id, request_id, org, @timestamp, actor_id, operation_type, user, user_id, org_id, user_agent, actor, number, team, created_at
Referência
/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment

enterprise_announcement

enterprise_announcement.create
A global announcement banner was created for the enterprise.
Campos
actor, actor_id, user_agent, request_id, owner, owner_type, business_id, message, action, _document_id, @timestamp, created_at, operation_type
Referência
Customizing user messages for your enterprise
enterprise_announcement.destroy
A global announcement banner was removed from the enterprise.
Campos
actor, actor_id, user_agent, request_id, owner, owner_type, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Customizing user messages for your enterprise
enterprise_announcement.update
A global announcement banner was updated for the enterprise.
Campos
actor, actor_id, user_agent, request_id, owner, owner_type, business_id, message, old_message, action, _document_id, @timestamp, created_at, operation_type
Referência
Customizing user messages for your enterprise

enterprise_domain

enterprise_domain.approve
A domain was approved for an enterprise.
Campos
user_agent, request_id, actor, actor_id, owner_type, domain_name, business_id, owner, action, operation_type, @timestamp, created_at, _document_id
Referência
Verifying or approving a domain for your enterprise
enterprise_domain.create
A domain was added to an enterprise.
Campos
user_agent, request_id, actor, actor_id, created_at, owner_type, domain_name, owner, action, operation_type, @timestamp, _document_id
Referência
Verifying or approving a domain for your enterprise
enterprise_domain.destroy
A domain was removed from an enterprise.
Campos
user_agent, request_id, actor, actor_id, created_at, owner_type, domain_name, owner, action, operation_type, @timestamp, _document_id
Referência
Verifying or approving a domain for your enterprise
enterprise_domain.verify
A domain was verified for an enterprise.
Campos
user_agent, request_id, actor, actor_id, owner_type, domain_name, owner, action, operation_type, @timestamp, created_at, _document_id
Referência
Verifying or approving a domain for your enterprise

enterprise_installation

enterprise_installation.create
The GitHub App associated with a GitHub Connect connection was created.
Campos
created_at, operation_type, @timestamp, _document_id, org_id, action, request_id, org, actor_id, user_agent, actor
Referência
Enabling GitHub Connect for GitHub.com
enterprise_installation.destroy
The GitHub App associated with a GitHub Connect connection was deleted.
Campos
created_at, _document_id, action, @timestamp, actor_id, actor, user_agent, org, operation_type, request_id, org_id
Referência
Enabling GitHub Connect for GitHub.com

enterprise

enterprise.register_self_hosted_runner
A new GitHub Actions self-hosted runner was registered.
Campos
user_agent, request_id, actor, actor_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
Referência
Adding self-hosted runners
enterprise.remove_self_hosted_runner
A GitHub Actions self-hosted runner was removed.
Campos
user_agent, request_id, actor, actor_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, request_access_security_header
Referência
Removing self-hosted runners
enterprise.runner_group_created
A GitHub Actions self-hosted runner group was created.
Campos
user_agent, request_id, actor, actor_id, runner_group_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, runner_group_restricted_to_workflows
Referência
Removing self-hosted runners
enterprise.runner_group_removed
A GitHub Actions self-hosted runner group was removed.
Campos
user_agent, request_id, actor, actor_id, runner_group_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id
Referência
Managing access to self-hosted runners using groups
enterprise.runner_group_renamed
A GitHub Actions self-hosted runner group was renamed.
Campos
user_agent, request_id, actor, actor_id, runner_group_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id
Referência
Managing access to self-hosted runners using groups
enterprise.runner_group_runner_removed
The REST API was used to remove a GitHub Actions self-hosted runner from a group.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, runner_group_id, runner_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization
enterprise.runner_group_runners_added
A GitHub Actions self-hosted runner was added to a group.
Campos
user_agent, request_id, actor, actor_id, runner_group_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
Referência
Managing access to self-hosted runners using groups
enterprise.runner_group_runners_updated
A GitHub Actions runner group's list of members was updated.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, runner_group_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization
enterprise.runner_group_updated
The configuration of a GitHub Actions self-hosted runner group was changed.
Campos
user_agent, request_id, actor, actor_id, runner_group_id, runner_group_name, runner_group_allow_public, business, business_id, action, operation_type, @timestamp, created_at, _document_id, runner_group_restricted_to_workflows, runner_group_selected_workflow_refs, network_configuration_id, request_access_security_header
Referência
Managing access to self-hosted runners using groups
enterprise.runner_group_visiblity_updated
The visibility of a GitHub Actions self-hosted runner group was updated via the REST API.
Campos
user_agent, request_id, actor, actor_id, runner_group_id, visibility, business, business_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/rest/actions#update-a-self-hosted-runner-group-for-an-organization
enterprise.self_hosted_runner_offline
The GitHub Actions runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Campos
business_id, runner_id, runner_name, action, _document_id, operation_type, created_at, @timestamp
Referência
Monitoring and troubleshooting self-hosted runners
enterprise.self_hosted_runner_online
The GitHub Actions runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Campos
business_id, runner_id, runner_name, action, _document_id, operation_type, created_at, @timestamp
Referência
Monitoring and troubleshooting self-hosted runners
enterprise.self_hosted_runner_updated
The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.
Campos
business_id, runner_id, runner_name, source_version, target_version, runner_group_id, runner_group_name, action, _document_id, operation_type, created_at, @timestamp
Referência
About self-hosted runners

enterprise_team

enterprise_team.add_member
A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.
Campos
actor, actor_id, user_agent, request_id, user_id, business_id, enterprise_team_id, enterprise_team, user, business, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
enterprise_team.copilot_assignment
A license for GitHub Copilot was assigned to an enterprise team.
Campos
actor, actor_id, user_agent, request_id, business_id, enterprise_team_id, enterprise_team, business, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
enterprise_team.copilot_unassignment
A license for GitHub Copilot was unassigned from an enterprise team.
Campos
actor, actor_id, user_agent, request_id, business_id, enterprise_team_id, enterprise_team, business, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
enterprise_team.create
A new enterprise team was created.
Campos
actor, actor_id, user_agent, request_id, business_id, enterprise_team_id, enterprise_team, business, action, _document_id, @timestamp, created_at, operation_type
enterprise_team.destroy
An enterprise team was deleted.
Campos
actor, actor_id, user_agent, request_id, business_id, enterprise_team_id, enterprise_team, business, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
enterprise_team.remove_member
A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.
Campos
actor, actor_id, user_agent, request_id, user_id, business_id, enterprise_team_id, enterprise_team, user, business, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
enterprise_team.rename
The name of an enterprise team was changed.
Campos
actor, actor_id, user_agent, request_id, name, business_id, enterprise_team_id, enterprise_team, business, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

environment

environment.add_protection_rule
A GitHub Actions deployment protection rule was created via the API.
Campos
user_agent, request_id, actor, actor_id, name, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header
Referência
Managing environments for deployment
environment.create_actions_secret
A secret was created for a GitHub Actions environment.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, key, visibility, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, public_repo, token_scopes, programmatic_access_type, request_access_security_header
Referência
Managing environments for deployment
environment.create_actions_variable
A variable was created for a GitHub Actions environment.
Campos
actor, actor_id, user_agent, request_id, key, visibility, environment_name, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
Store information in variables
environment.delete
An environment was deleted.
Campos
user_agent, request_id, actor, actor_id, name, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, token_scopes, programmatic_access_type, actor_is_bot, request_access_security_header
Referência
Managing environments for deployment
environment.remove_actions_secret
A secret was deleted for a GitHub Actions environment.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, key, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, public_repo, token_scopes, request_access_security_header
Referência
Managing environments for deployment
environment.remove_actions_variable
A variable was deleted for a GitHub Actions environment.
Campos
actor, actor_id, user_agent, request_id, key, environment_name, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Store information in variables
environment.remove_protection_rule
A GitHub Actions deployment protection rule was deleted via the API.
Campos
user_agent, request_id, actor, actor_id, name, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, request_access_security_header
Referência
Managing environments for deployment
environment.update_actions_secret
A secret was updated for a GitHub Actions environment.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, key, visibility, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, request_access_security_header
Referência
Managing environments for deployment
environment.update_actions_variable
A variable was updated for a GitHub Actions environment.
Campos
actor, actor_id, user_agent, request_id, key, visibility, environment_name, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Store information in variables
environment.update_protection_rule
A GitHub Actions deployment protection rule was updated via the API.
Campos
user_agent, request_id, actor, actor_id, repo, repo_id, org, org_id, action, @timestamp, _document_id, new_value, approvers_was, approvers, programmatic_access_type, can_admins_bypass, prevent_self_review
Referência
Managing environments for deployment

external_group

external_group.add_member
A user was added to an external group.
Campos
user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, external_group, external_group_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, scim_group_id, request_access_security_header
external_group.delete
An external group was deleted.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes, scim_group_id
external_group.link
An external group was linked to a GitHub team.
Campos
user_agent, request_id, actor, actor_id, external_group_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, external_group, programmatic_access_type, scim_group_id, request_access_security_header
external_group.provision
An external group was created.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes, programmatic_access_type, request_access_security_header
external_group.remove_member
A user was removed from an external group.
Campos
user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, external_group, external_group_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
external_group.scim_api_failure
Failed external group SCIM API request.
Campos
user_agent, request_id, request_method, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, query_string, api_request_body, route, status_code, url_path, scim_group_id, message, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
REST API endpoints for SCIM
external_group.scim_api_success
Successful external group SCIM API request. Excludes GET API requests.
Campos
user_agent, request_id, request_method, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, query_string, api_request_body, route, status_code, url_path, scim_group_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
REST API endpoints for SCIM
external_group.unlink
An external group was unlinked to a GitHub team.
Campos
user_agent, request_id, actor, actor_id, external_group_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, external_group
external_group.update
An external group was updated.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes, programmatic_access_type, scim_group_id, request_access_security_header
external_group.update_display_name
An external group's display name was updated.
Campos
user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, external_group_id, external_group, action, _document_id, @timestamp, created_at, operation_type, business, business_id, scim_group_id, request_access_security_header

external_identity

external_identity.deprovision
An external identity was deprovisioned, suspending the linked GitHub user.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, action, user_id, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, request_access_security_header
external_identity.provision
An external identity was created and linked to a GitHub user.
Campos
user_agent, request_id, action, user_id, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, scim_user_id, request_access_security_header
external_identity.scim_api_failure
Failed external identity SCIM API request.
Campos
user_agent, request_id, request_method, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, query_string, api_request_body, route, status_code, url_path, scim_user_id, message, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
REST API endpoints for SCIM
external_identity.scim_api_success
Successful external identity SCIM API request. Excludes GET API requests.
Campos
user_agent, request_id, request_method, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, query_string, api_request_body, route, status_code, url_path, scim_user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
REST API endpoints for SCIM
external_identity.update
An external identity was updated.
Campos
user_agent, request_id, action, user_id, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, scim_user_id, request_access_security_header

git

Note: Git events have special access requirements and retention policies that differ from other audit log events. For GitHub Enterprise Cloud, access Git events via the REST API only with 7-day retention. For GitHub Enterprise Server, Git events must be enabled in audit log configuration and are not included in search results.

git.clone
A repository was cloned.
Campos
transport_protocol, request_id, repository, repository_id, repository_public, actor, actor_id, org, org_id, business, business_id, user, user_id, transport_protocol_name
git.fetch
Changes were fetched from a repository.
Campos
action, transport_protocol, request_id, repository, repository_id, repository_public, actor, actor_id, org, org_id, business, business_id, user, user_id, transport_protocol_name
git.push
Changes were pushed to a repository.
Campos
transport_protocol, request_id, repository, repository_id, repository_public, actor, actor_id, org, org_id, business, business_id, user, user_id, transport_protocol_name

hook

hook.active_changed
A hook's active status was updated.
Campos
user_agent, request_id, actor, actor_id, created_at, name, events, active, active_was, hook_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, programmatic_access_type
hook.config_changed
A hook's configuration was changed.
Campos
actor_id, operation_type, @timestamp, _document_id, actor, name, org, user_agent, request_id, hook_id, repo, repo_id, created_at, oauth_application_id, action, events, org_id, token_scopes, programmatic_access_type
hook.create
A new hook was added.
Campos
oauth_application, _document_id, user_agent, actor, actor_id, oauth_application_id, repo_id, request_id, hook_id, events, repo, @timestamp, operation_type, name, action, created_at, org_id, org, token_scopes, programmatic_access_type
Referência
About webhooks
hook.destroy
A hook was deleted.
Campos
actor, events, repo, created_at, org, name, request_id, actor_id, repo_id, org_id, action, operation_type, oauth_application_id, user_agent, hook_id, @timestamp, _document_id, token_scopes, programmatic_access_type
hook.events_changed
A hook's configured events were changed.
Campos
actor, events, repo, operation_type, action, _document_id, actor_id, name, events_were, @timestamp, created_at, hook_id, repo_id, org_id, org, user_agent, request_id, oauth_application_id, token_scopes, programmatic_access_type

integration

integration.create
A GitHub App was created.
Campos
user, action, operation_type, @timestamp, actor, user_agent, actor_id, request_id, name, user_id, _document_id, integration, created_at, programmatic_access_type, request_access_security_header, application_client_id
integration.destroy
A GitHub App was deleted.
Campos
actor, user_id, actor_id, request_id, @timestamp, name, integration, user, _document_id, action, operation_type, created_at, user_agent
integration.manager_added
A member of an enterprise or organization was added as a GitHub App manager.
Campos
created_at, action, _document_id, name, org_id, manager, operation_type, actor, integration, org, @timestamp, actor_id, request_id, user_agent
Referência
/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization
integration.manager_removed
A member of an enterprise or organization was removed from being a GitHub App manager.
Campos
user_agent, request_id, actor_id, org, operation_type, integration, org_id, _document_id, action, actor, name, created_at, manager, @timestamp
Referência
/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization
integration.remove_client_secret
A client secret for a GitHub App was removed.
Campos
user_agent, request_id, actor, actor_id, name, integration, user, user_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
integration.revoke_all_tokens
All user tokens for a GitHub App were requested to be revoked.
Campos
user_agent, request_id, actor, actor_id, name, integration, user, user_id, action, operation_type, @timestamp, created_at, _document_id, application_client_id
integration.revoke_tokens
Token(s) for a GitHub App were revoked.
Campos
user_agent, request_id, actor, actor_id, name, integration, user, user_id, action, operation_type, @timestamp, created_at, _document_id, application_client_id
integration.suspend
A GitHub App was suspended.
Campos
actor, actor_id, user_agent, request_id, name, integration, user, user_id, action, _document_id, @timestamp, created_at, operation_type, application_client_id
Referência
/apps/maintaining-github-apps/suspending-a-github-app-installation
integration.transfer
Ownership of a GitHub App was transferred to another user or organization.
Campos
@timestamp, user_id, name, transfer_to_id, user, requester, action, requester_id, actor_id, created_at, _document_id, user_agent, transfer_to, operation_type, request_id, actor, integration, transfer_from, transfer_from_id, transfer_from_type, transfer_to_type
Referência
/apps/maintaining-github-apps/transferring-ownership-of-a-github-app
integration.unsuspend
A GitHub App was unsuspended.
Campos
actor, actor_id, user_agent, request_id, name, integration, user, user_id, action, _document_id, @timestamp, created_at, operation_type, application_client_id
Referência
/apps/maintaining-github-apps/suspending-a-github-app-installation

integration_installation

integration_installation.create
A GitHub App was installed.
Campos
operation_type, @timestamp, name, request_id, repository_selection, user_id, action, user_agent, user, created_at, integration, _document_id, programmatic_access_type, application_client_id
Referência
/apps/using-github-apps/authorizing-github-apps
integration_installation.destroy
A GitHub App was uninstalled.
Campos
@timestamp, request_id, actor, created_at, _document_id, repository_selection, integration, user_id, user, action, operation_type, name, actor_id, user_agent, programmatic_access_type, application_client_id
Referência
/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access
integration_installation.repositories_added
Repositories were added to a GitHub App.
Campos
user_id, repository_selection, name, user, request_id, integration, operation_type, actor_id, action, repositories_added, created_at, _document_id, @timestamp, actor, user_agent, token_scopes, repositories_added_names, programmatic_access_type, actor_is_bot, application_client_id
Referência
/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access
integration_installation.repositories_removed
Repositories were removed from a GitHub App.
Campos
user, operation_type, user_agent, actor, repository_selection, repositories_removed, integration, user_id, created_at, _document_id, request_id, @timestamp, name, action, actor_id, repositories_removed_names, programmatic_access_type, actor_is_bot, application_client_id
Referência
/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access
integration_installation.suspend
A GitHub App was suspended.
Campos
user_agent, request_id, name, repository_selection, actor_id, integration, user, user_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header, application_client_id
Referência
/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access
integration_installation.unsuspend
A GitHub App was unsuspended.
Campos
user_agent, request_id, name, repository_selection, actor_id, integration, user, user_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access
integration_installation.version_updated
Permissions for a GitHub App were updated.
Campos
integration, user_id, user_agent, name, user, operation_type, actor_id, action, _document_id, request_id, created_at, repository_selection, @timestamp, actor, application_client_id
Referência
/apps/using-github-apps/approving-updated-permissions-for-a-github-app

integration_installation_request

integration_installation_request.close
A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.
Campos
url, actor, actor_id, created_at, request_id, operation_type, @timestamp, integration, action, user_agent, reason, _document_id, org, org_id, request_access_security_header, application_client_id
Referência
/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner
integration_installation_request.create
A member requested that an owner install a GitHub App.
Campos
@timestamp, actor_id, org, _document_id, requester, action, user_agent, created_at, url, org_id, request_id, operation_type, actor, integration, request_access_security_header, application_client_id
Referência
/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner

ip_allow_list

ip_allow_list.disable
An IP allow list was disabled.
Campos
operation_type, actor, request_id, org, user_agent, _document_id, user_id, actor_id, created_at, org_id, action, @timestamp, user
ip_allow_list.disable_for_installed_apps
An IP allow list was disabled for installed GitHub Apps.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, business, business_id, action, operation_type, @timestamp, _document_id
ip_allow_list.disable_idp_ip_allowlist_for_web
Identity Provider based IP allow list for web interactions was disabled.
Campos
actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
ip_allow_list.disable_user_level_enforcement
IP allow list user level enforcement was disabled.
Campos
user_agent, request_id, actor, actor_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
ip_allow_list.enable
An IP allow list was enabled.
Campos
org_id, business, user_id, request_id, actor, user, business_id, _document_id, action, @timestamp, user_agent, actor_id, operation_type, org, created_at
ip_allow_list.enable_for_installed_apps
An IP allow list was enabled for installed GitHub Apps.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, business, business_id, action, operation_type, @timestamp, _document_id
ip_allow_list.enable_idp_ip_allowlist_for_web
Identity Provider based IP allow list for web interactions was enabled.
Campos
actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
ip_allow_list.enable_user_level_enforcement
IP allow list user level enforcement was enabled.
Campos
user_agent, request_id, actor, actor_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

ip_allow_list_entry

ip_allow_list_entry.create
An IP address was added to an IP allow list.
Campos
active, org, ip_allow_list_entry, @timestamp, _document_id, operation_type, created_at, user_agent, action, request_id, actor_id, business_id, org_id, business, actor, token_scopes, programmatic_access_type, request_access_security_header
ip_allow_list_entry.destroy
An IP address was deleted from an IP allow list.
Campos
_document_id, request_id, ip_allow_list_entry, org, operation_type, created_at, active, action, @timestamp, business, business_id, user_agent, org_id, actor, actor_id, token_scopes, programmatic_access_type, request_access_security_header
ip_allow_list_entry.update
An IP address or its description was changed.
Campos
request_id, _document_id, actor, org, action, operation_type, created_at, user_agent, actor_id, ip_allow_list_entry, active, org_id, @timestamp

issue_comment

issue_comment.destroy
A comment on an issue was deleted from the repository.
Campos
org_id, org, repo, actor_id, @timestamp, created_at, _document_id, action, operation_type, user_agent, repo_id, actor, request_id, oauth_application_id, token_scopes, programmatic_access_type
issue_comment.update
A comment on an issue (other than the initial one) changed.
Campos
repo, org, action, repo_id, org_id, created_at, operation_type, @timestamp, user_agent, request_id, _document_id, actor_id, actor, oauth_application_id, token_scopes, programmatic_access_type

issue

issue.destroy
An issue was deleted from the repository.
Campos
user, actor_id, created_at, title, @timestamp, _document_id, request_id, actor, user_id, action, operation_type, user_agent, repo, token_scopes, programmatic_access_type
Referência
Deleting an issue
issue.pinned
An issue was pinned to a repository.
Campos
_document_id, user_agent, actor_id, created_at, action, actor, operation_type, owner_type, @timestamp, repo_id, request_id, number, repo, event, user, user_id, request_access_security_header
Referência
Pinning an issue to your repository
issue.transfer
An issue was transferred to another repository.
Campos
user, user_id, @timestamp, user_agent, owner_type, actor_id, number, repo, operation_type, _document_id, repo_id, action, request_id, created_at, actor, programmatic_access_type
Referência
Transferring an issue to another repository
issue.unpinned
An issue was unpinned from a repository.
Campos
event, user_agent, actor_id, repo_id, actor, action, created_at, request_id, repo, operation_type, _document_id, number, owner_type, @timestamp, user, user_id, token_scopes, request_access_security_header
Referência
Pinning an issue to your repository

issues

issues.deletes_disabled
The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.
Campos
user_agent, action, @timestamp, operation_type, request_id, actor_id, user_id, created_at, _document_id, actor, user, org, org_id
Referência
Enforcing repository management policies in your enterprise
issues.deletes_enabled
The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.
Campos
actor_id, user, user_id, org, org_id, action, _document_id, request_id, actor, @timestamp, created_at, user_agent, operation_type
Referência
Enforcing repository management policies in your enterprise
issues.deletes_policy_cleared
An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.
Campos
user, request_id, actor, business_id, action, operation_type, user_agent, created_at, @timestamp, _document_id, business, user_id, actor_id
Referência
Enforcing repository management policies in your enterprise

marketplace_agreement_signature

marketplace_agreement_signature.create
The GitHub Marketplace Developer Agreement was signed.
Campos
request_id, actor, actor_id, @timestamp, _document_id, user_agent, operation_type, created_at, action, user, user_id, request_access_security_header

marketplace_listing

marketplace_listing.approve
A listing was approved for inclusion in GitHub Marketplace.
Campos
secondary_category, actor, primary_category, user, @timestamp, _document_id, user_id, user_agent, operation_type, created_at, request_id, actor_id, marketplace_listing, integration, action
marketplace_listing.change_category
A category for a listing for an app in GitHub Marketplace was changed.
Campos
primary_category, user_agent, request_id, actor, marketplace_listing, @timestamp, integration, org_id, action, org, secondary_category, operation_type, created_at, actor_id, _document_id
marketplace_listing.create
A listing for an app in GitHub Marketplace was created.
Campos
primary_category, _document_id, user, created_at, user_agent, oauth_application, action, request_id, marketplace_listing, user_id, secondary_category, oauth_application_id, actor, actor_id, operation_type, @timestamp
marketplace_listing.delist
A listing was removed from GitHub Marketplace.
Campos
org, actor, actor_id, user_agent, request_id, org_id, created_at, secondary_category, operation_type, marketplace_listing, action, @timestamp, _document_id, primary_category, integration
marketplace_listing.redraft
A listing was sent back to draft state.
Campos
_document_id, secondary_category, oauth_application_id, @timestamp, action, user_agent, user_id, operation_type, oauth_application, actor, created_at, marketplace_listing, request_id, actor_id, primary_category, user
marketplace_listing.reject
A listing was not accepted for inclusion in GitHub Marketplace.
Campos
user_agent, request_id, actor, actor_id, primary_category, secondary_category, marketplace_listing, oauth_application, oauth_application_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id

members_can_create_pages

For more information, see "Managing the publication of GitHub Pages sites for your organization."

members_can_create_pages.disable
The ability for members to publish GitHub Pages sites was disabled.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes
Referência
/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization
members_can_create_pages.enable
The ability for members to publish GitHub Pages sites was enabled.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes
Referência
/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization

members_can_create_public_pages

members_can_create_public_pages.disable
The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization
members_can_create_public_pages.enable
The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes
Referência
/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization

members_can_delete_repos

members_can_delete_repos.clear
An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.
Campos
_document_id, request_id, user, user_id, business, operation_type, user_agent, actor, actor_id, business_id, @timestamp, created_at, action
Referência
Enforcing repository management policies in your enterprise
members_can_delete_repos.disable
The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.
Campos
request_id, org, _document_id, actor_id, user, user_id, user_agent, actor, operation_type, org_id, action, @timestamp, created_at
Referência
Enforcing repository management policies in your enterprise
members_can_delete_repos.enable
The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.
Campos
action, org_id, user_id, business, actor_id, @timestamp, _document_id, request_id, user, business_id, created_at, actor, org, operation_type, user_agent
Referência
Enforcing repository management policies in your enterprise

members_can_view_dependency_insights

members_can_view_dependency_insights.clear
An enterprise owner cleared the policy setting for viewing dependency insights in any organizations in an enterprise.
Campos
@timestamp, _document_id, user_agent, actor_id, user, user_id, business, business_id, created_at, request_id, actor, action, operation_type
members_can_view_dependency_insights.disable
The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.
Campos
business, created_at, user_id, business_id, user, org, operation_type, request_id, actor, _document_id, action, user_agent, actor_id, org_id, @timestamp
Referência
Enforcing policies for code security and analysis for your enterprise
members_can_view_dependency_insights.enable
The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.
Campos
request_id, created_at, _document_id, user_agent, user, user_id, business, business_id, operation_type, @timestamp, action, actor, actor_id
Referência
Enforcing policies for code security and analysis for your enterprise

migration

migration.create
A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.
Campos
repo, org_id, _document_id, org, repo_id, action, actor, created_at, operation_type, @timestamp, user_agent, request_id, actor_id, token_scopes, programmatic_access_type, actor_is_bot, request_access_security_header
migration.destroy_file
A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.
Campos
org, @timestamp, org_id, action, operation_type, created_at, repo, _document_id, repo_id, request_access_security_header
migration.download
A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.
Campos
actor_id, org_id, request_id, oauth_application_id, repo_id, operation_type, @timestamp, user_agent, created_at, org, action, _document_id, repo, actor, token_scopes, programmatic_access_type, actor_is_bot, request_access_security_header

network_configuration

network_configuration.create
A network configuration for a hosted compute service was created.
Campos
actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, selected_service, network_settings_ids, previous_settings_ids, network_configuration_id
Referência
About networking for hosted compute products in your enterprise
network_configuration.delete
A network configuration for a hosted compute service was deleted.
Campos
actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, network_configuration_id
Referência
About networking for hosted compute products in your enterprise
network_configuration.update
A network configuration for a hosted compute service was updated.
Campos
actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, selected_service, network_settings_ids, previous_settings_ids
Referência
About networking for hosted compute products in your enterprise

oauth_application

oauth_application.create
An OAuth application was created.
Campos
org, created_at, oauth_application_id, operation_type, user_agent, actor_id, org_id, action, actor, oauth_application, @timestamp, _document_id, request_id, request_access_security_header
Referência
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.destroy
An OAuth application was deleted.
Campos
created_at, oauth_application_id, user_id, operation_type, @timestamp, user_agent, oauth_application, _document_id, actor, actor_id, request_id, action, user, request_access_security_header
Referência
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.generate_client_secret
An OAuth application's secret key was generated.
Campos
user_agent, request_id, actor, actor_id, oauth_application, oauth_application_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
Referência
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.remove_client_secret
An OAuth application's secret key was deleted.
Campos
user_agent, request_id, actor, actor_id, oauth_application, oauth_application_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
Referência
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.reset_secret
The secret key for an OAuth application was reset.
Campos
user, user_id, action, oauth_application, operation_type, request_id, actor_id, _document_id, created_at, actor, oauth_application_id, @timestamp, user_agent
Referência
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.revoke_all_tokens
All user tokens for an OAuth application were requested to be revoked.
Campos
user_agent, request_id, actor, actor_id, oauth_application, oauth_application_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
Referência
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.revoke_tokens
Token(s) for an OAuth application were revoked.
Campos
oauth_application_id, oauth_application, actor_id, user_agent, @timestamp, request_id, user_id, action, _document_id, actor, user, created_at, operation_type, request_access_security_header
Referência
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.transfer
An OAuth application was transferred from one account to another.
Campos
actor, operation_type, created_at, user_agent, oauth_application, actor_id, oauth_application_id, @timestamp, user_id, _document_id, request_id, user, action
Referência
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

org

org.accept_business_invitation
An invitation sent to an organization to join an enterprise was accepted.
Campos
user_agent, request_id, actor, actor_id, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Adding organizations to your enterprise
org.add_billing_manager
A billing manager was added to an organization.
Campos
operation_type, _document_id, user_agent, org, user_id, action, created_at, org_id, user, actor, actor_id, @timestamp, request_id, request_access_security_header
Referência
/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization
org.add_member
A user joined an organization.
Campos
permission, _document_id, org, operation_type, request_id, actor, user, @timestamp, created_at, user_agent, org_id, user_id, actor_id, action, programmatic_access_type, actor_is_bot
org.add_outside_collaborator
An outside collaborator was added to a repository.
Campos
actor, actor_id, user_agent, request_id, inviter, org, org_id, repo, repo_id, public_repo, permission, invitee, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
org.advanced_security_disabled_for_new_repos
GitHub Advanced Security was disabled for new repositories in an organization.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes
org.advanced_security_disabled_on_all_repos
GitHub Advanced Security was disabled for all repositories in an organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes
org.advanced_security_enabled_for_new_repos
GitHub Advanced Security was enabled for new repositories in an organization.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes
org.advanced_security_enabled_on_all_repos
GitHub Advanced Security was enabled for all repositories in an organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes
org.advanced_security_entity_policy_update
An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, new_policy, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
Enforcing policies for code security and analysis for your enterprise
org.advanced_security_policy_selected_member_disabled
An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id
Referência
Enforcing policies for code security and analysis for your enterprise
org.advanced_security_policy_selected_member_enabled
An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, actor_is_bot
Referência
Enforcing policies for code security and analysis for your enterprise
org.audit_log_export
An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.
Campos
org_id, operation_type, @timestamp, request_id, _document_id, actor, org, action, created_at, user_agent, actor_id
Referência
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log
org.audit_log_git_event_export
An export of the organization's Git events was created.
Campos
user_agent, request_id, actor, actor_id, created_at, start, end, org, org_id, action, operation_type, @timestamp, _document_id, business, business_id
Referência
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization
org.block_user
An organization owner blocked a user from accessing the organization's repositories.
Campos
actor, user_agent, org_id, created_at, _document_id, blocked_user, action, operation_type, actor_id, org, @timestamp, request_id
Referência
/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization
org.cancel_business_invitation
An invitation for an organization to join an enterprise was revoked
Campos
user_agent, request_id, actor, actor_id, org, org_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, initiated_from
Referência
Adding organizations to your enterprise
org.cancel_invitation
An invitation sent to a user to join an organization was revoked.
Campos
actor_id, org_id, request_id, email, @timestamp, actor, action, operation_type, user_agent, org, invitation_id, _document_id, created_at, invitee_email, token_scopes, programmatic_access_type
org.code_scanning_autofix_disabled
Autofix for code scanning alerts was disabled for an organization.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
org.code_scanning_autofix_enabled
Autofix for code scanning alerts was enabled for an organization.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
org.code_scanning_autofix_third_party_tools_disabled
Autofix for third party tools for code scanning alerts was disabled for an organization.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
org.code_scanning_autofix_third_party_tools_enabled
Autofix for third party tools for code scanning alerts was enabled for an organization.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
org.codeql_disabled
Code scanning using the default setup was disabled for an organization.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale
org.codeql_enabled
Code scanning using the default setup was enabled for an organization.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale
org.codespaces_access_updated
Access to use Codespaces on internal and private repositories was updated for an organization.
Campos
actor, actor_id, user_agent, request_id, enablement, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization
org.codespaces_ownership_updated
Ownership and payment for codespaces was updated for an organization.
Campos
actor, actor_id, user_agent, request_id, owner_type, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
Referência
/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization
org.codespaces_team_access_allowed
A team has been allowed to use Codespaces for an organization.
Campos
actor, actor_id, user_agent, request_id, org, org_id, team, action, _document_id, @timestamp, created_at, operation_type
org.codespaces_team_access_revoked
A team has been prevented from using Codespaces for an organization.
Campos
actor, actor_id, user_agent, request_id, org, org_id, team, action, _document_id, @timestamp, created_at, operation_type
org.codespaces_trusted_repo_access_granted
GitHub Codespaces was granted trusted repository access to all other repositories in an organization.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header
Referência
Managing access to other repositories within your codespace
org.codespaces_trusted_repo_access_revoked
GitHub Codespaces trusted repository access to all other repositories in an organization was revoked.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
Referência
Managing access to other repositories within your codespace
org.codespaces_user_access_allowed
A user has been allowed to use Codespaces for an organization.
Campos
actor, actor_id, user_agent, request_id, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
org.codespaces_user_access_revoked
A user has been prevented from using Codespaces for an organization.
Campos
actor, actor_id, user_agent, request_id, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
org.config.disable_collaborators_only
The interaction limit for collaborators only for an organization was disabled.
Campos
request_id, org, action, operation_type, _document_id, actor, actor_id, @timestamp, user_agent, org_id, created_at
Referência
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization
org.config.disable_contributors_only
The interaction limit for prior contributors only for an organization was disabled.
Campos
operation_type, @timestamp, created_at, user_agent, action, actor_id, org, _document_id, actor, org_id, request_id
Referência
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization
org.config.disable_sockpuppet_disallowed
The interaction limit for existing users only for an organization was disabled.
Campos
_document_id, operation_type, actor_id, org_id, action, created_at, actor, org, @timestamp, user_agent, request_id
Referência
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization
org.config.enable_collaborators_only
The interaction limit for collaborators only for an organization was enabled.
Campos
@timestamp, created_at, _document_id, actor_id, actor, org, org_id, request_id, operation_type, action, user_agent
Referência
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization
org.config.enable_contributors_only
The interaction limit for prior contributors only for an organization was enabled.
Campos
actor, actor_id, org_id, action, operation_type, @timestamp, user_agent, request_id, org, created_at, _document_id
Referência
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization
org.config.enable_sockpuppet_disallowed
The interaction limit for existing users only for an organization was enabled.
Campos
actor_id, request_id, action, created_at, user_agent, actor, _document_id, org_id, operation_type, org, @timestamp
Referência
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization
org.confirm_business_invitation
An invitation for an organization to join an enterprise was confirmed.
Campos
user_agent, request_id, actor, actor_id, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Adding organizations to your enterprise
org.create
An organization was created.
Campos
request_id, org, actor_id, actor, action, @timestamp, _document_id, user_agent, operation_type, org_id, created_at, request_access_security_header
Referência
/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch
org.create_actions_secret
A GitHub Actions secret was created for an organization.
Campos
user_agent, request_id, actor, actor_id, key, org, org_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header
Referência
Using secrets in GitHub Actions
org.create_actions_variable
A GitHub Actions variable was created for an organization.
Campos
actor, actor_id, user_agent, request_id, key, visibility, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Store information in variables
org.create_integration_secret
A Codespaces or Dependabot secret was created for an organization.
Campos
user_agent, request_id, actor, actor_id, key, visibility, integration, org, org_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes
org.delete
An organization was deleted by a user or staff.
Campos
user_agent, @timestamp, _document_id, created_at, actor, org_id, org, action, actor_id, operation_type, request_id, request_access_security_header
org.disable_member_team_creation_permission
Team creation was limited to owners.
Campos
actor, @timestamp, _document_id, user, user_id, action, created_at, actor_id, user_agent, org, org_id, operation_type, request_id, request_access_security_header
Referência
/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization
org.disable_oauth_app_restrictions
Third-party application access restrictions for an organization were disabled.
Campos
actor_id, org_id, action, _document_id, request_id, @timestamp, actor, org, operation_type, user_agent, created_at
Referência
/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization
org.disable_reader_discussion_creation_permission
An organization owner limited discussion creation to users with at least triage permission in an organization.
Campos
user_agent, request_id, actor, actor_id, org, org_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization
org.disable_saml
SAML single sign-on was disabled for an organization.
Campos
org_id, sso_url, issuer, action, @timestamp, _document_id, created_at, org, operation_type
org.disable_two_factor_requirement
A two-factor authentication requirement was disabled for the organization.
Campos
created_at, org, org_id, action, actor, actor_id, operation_type, request_id, @timestamp, _document_id, user_agent
org.display_commenter_full_name_disabled
An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.
Campos
actor, user_id, user, action, operation_type, @timestamp, _document_id, created_at, user_agent, org, actor_id, org_id, request_id
org.display_commenter_full_name_enabled
An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.
Campos
org, user_agent, request_id, actor, _document_id, user_id, operation_type, @timestamp, created_at, user, action, actor_id, org_id
org.enable_member_team_creation_permission
Team creation by members was allowed.
Campos
org_id, user, actor, operation_type, _document_id, user_id, created_at, user_agent, actor_id, org, request_id, action, @timestamp
Referência
/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization
org.enable_oauth_app_restrictions
Third-party application access restrictions for an organization were enabled.
Campos
actor_id, operation_type, org, created_at, _document_id, actor, org_id, action, user_agent, request_id, @timestamp
Referência
/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization
org.enable_reader_discussion_creation_permission
An organization owner allowed users with read access to create discussions in an organization
Campos
user_agent, request_id, actor, actor_id, created_at, org, org_id, user, user_id, action, operation_type, @timestamp, _document_id
Referência
/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization
org.enable_saml
SAML single sign-on was enabled for the organization.
Campos
actor_id, action, operation_type, actor, sso_url, org, created_at, @timestamp, issuer, org_id, _document_id, user_agent, request_id
Referência
Enabling and testing SAML single sign-on for your organization
org.enable_two_factor_requirement
Two-factor authentication is now required for the organization.
Campos
actor_id, action, _document_id, org, @timestamp, actor, user_agent, org_id, operation_type, created_at, request_id
Referência
/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization
org.integration_manager_added
An organization owner granted a member access to manage all GitHub Apps owned by an organization.
Campos
user_agent, org_id, manager, @timestamp, request_id, actor, operation_type, _document_id, actor_id, org, action, created_at
org.integration_manager_removed
An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.
Campos
org_id, @timestamp, org, user_agent, request_id, action, actor, actor_id, manager, operation_type, created_at, _document_id
org.invite_member
A new user was invited to join an organization.
Campos
org, user_id, invitation_id, org_id, user, action, operation_type, _document_id, actor, @timestamp, created_at, user_agent, actor_id, request_id, invitee_email, token_scopes, programmatic_access_type
Referência
/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization
org.invite_to_business
An organization was invited to join an enterprise.
Campos
user_agent, request_id, actor, actor_id, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
org.members_can_update_protected_branches.disable
The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.
Campos
user_agent, request_id, actor, actor_id, org, org_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id
org.members_can_update_protected_branches.enable
The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.
Campos
org, org_id, user_agent, actor_id, user_id, operation_type, @timestamp, created_at, request_id, _document_id, actor, user, action
org.oauth_app_access_approved
Access to an organization was granted for an OAuth App.
Campos
url, actor, user_agent, request_id, actor_id, operation_type, org_id, _document_id, org, action, created_at, @timestamp, request_access_security_header, oauth_application_name
Referência
/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization
org.oauth_app_access_denied
Access was disabled for an OAuth App that was previously approved.
Campos
request_id, url, created_at, org_id, action, @timestamp, _document_id, user_agent, org, operation_type, actor, actor_id, oauth_application_name
Referência
/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization
org.oauth_app_access_requested
An organization member requested that an owner grant an OAuth App access to an organization.
Campos
actor, operation_type, created_at, user_agent, actor_id, _document_id, request_id, url, org_id, action, @timestamp, org, request_access_security_header, oauth_application_name
org.recovery_code_failed
An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.
Campos
actor, actor_id, user_agent, request_id, reason, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
Accessing your organization if your identity provider is unavailable
org.recovery_code_used
An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.
Campos
actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
Referência
Accessing your organization if your identity provider is unavailable
org.recovery_codes_downloaded
An organization owner downloaded the organization's SSO recovery codes.
Campos
actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
Downloading your organization's SAML single sign-on recovery codes
org.recovery_codes_generated
An organization owner generated the organization's SSO recovery codes.
Campos
actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
Downloading your organization's SAML single sign-on recovery codes
org.recovery_codes_printed
An organization owner printed the organization's SSO recovery codes.
Campos
actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
Downloading your organization's SAML single sign-on recovery codes
org.recovery_codes_viewed
An organization owner viewed the organization's SSO recovery codes.
Campos
actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
Downloading your organization's SAML single sign-on recovery codes
org.register_self_hosted_runner
A new self-hosted runner was registered.
Campos
actor, operation_type, @timestamp, _document_id, request_id, org, org_id, action, created_at, user_agent, actor_id, actor_is_bot, request_access_security_header
Referência
Adding self-hosted runners
org.remove_actions_secret
A GitHub Actions secret was removed from an organization.
Campos
user_agent, request_id, actor, actor_id, key, org, org_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header
Referência
Using secrets in GitHub Actions
org.remove_actions_variable
A GitHub Actions variable was removed from an organization.
Campos
actor, actor_id, user_agent, request_id, key, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
Referência
Store information in variables
org.remove_billing_manager
A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.
Campos
user_id, user_agent, org_id, user, action, _document_id, operation_type, @timestamp, actor, org, actor_id, request_id, created_at
Referência
/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization
org.remove_integration_secret
A Codespaces or Dependabot secret was removed from an organization.
Campos
user_agent, request_id, actor, actor_id, key, integration, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes
org.remove_member
A member was removed from an organization, either manually or due to a two-factor authentication requirement.
Campos
_document_id, request_id, actor_id, user_agent, actor, action, user_id, @timestamp, created_at, user, operation_type, org_id, org, token_scopes, programmatic_access_type
org.remove_outside_collaborator
An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.
Campos
org, user, org_id, created_at, request_id, @timestamp, action, operation_type, user_agent, _document_id, actor, actor_id, user_id, programmatic_access_type, request_access_security_header
org.remove_self_hosted_runner
A self-hosted runner was removed.
Campos
operation_type, org_id, @timestamp, _document_id, user_agent, request_id, actor_id, org, created_at, actor, action, programmatic_access_type
Referência
Removing self-hosted runners
org.rename
An organization was renamed.
Campos
user_agent, _document_id, @timestamp, org, action, actor, old_login, org_id, request_id, actor_id, operation_type, created_at, request_access_security_header
org.required_workflow_create
Triggered when a required workflow is created.
Campos
actor, actor_id, user_agent, request_id, org, action, _document_id, @timestamp, created_at, operation_type
Referência
/actions/using-workflows/required-workflows
org.required_workflow_delete
Triggered when a required workflow is deleted.
Campos
actor, actor_id, user_agent, request_id, org, action, _document_id, @timestamp, created_at, operation_type
Referência
/actions/using-workflows/required-workflows
org.required_workflow_update
Triggered when a required workflow is updated.
Campos
actor, actor_id, user_agent, request_id, org, action, _document_id, @timestamp, created_at, operation_type
Referência
/actions/using-workflows/required-workflows
org.restore_member
An organization member was restored.
Campos
user, actor, user_id, _document_id, action, created_at, org_id, operation_type, request_id, @timestamp, user_agent, org, actor_id, request_access_security_header
Referência
/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization
org.runner_group_created
A self-hosted runner group was created.
Campos
user_agent, request_id, actor, actor_id, runner_group_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, runner_group_restricted_to_workflows, runner_group_selected_workflow_refs, programmatic_access_type, network_configuration_id
Referência
Managing access to self-hosted runners using groups
org.runner_group_removed
A self-hosted runner group was removed.
Campos
user_agent, request_id, actor, actor_id, runner_group_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, programmatic_access_type
Referência
Managing access to self-hosted runners using groups
org.runner_group_renamed
A self-hosted runner group was renamed.
Campos
user_agent, request_id, actor, actor_id, runner_group_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id
Referência
Managing access to self-hosted runners using groups
org.runner_group_runner_removed
The REST API was used to remove a self-hosted runner from a group.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, runner_group_id, runner_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, request_access_security_header
Referência
/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization
org.runner_group_runners_added
A self-hosted runner was added to a group.
Campos
user_agent, request_id, actor, actor_id, runner_group_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes, programmatic_access_type, request_access_security_header
Referência
Managing access to self-hosted runners using groups
org.runner_group_runners_updated
A runner group's list of members was updated.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, runner_group_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization
org.runner_group_updated
The configuration of a self-hosted runner group was changed.
Campos
user_agent, request_id, actor, actor_id, runner_group_id, runner_group_name, runner_group_allow_public, org, org_id, action, operation_type, @timestamp, created_at, _document_id, runner_group_restricted_to_workflows, runner_group_selected_workflow_refs, programmatic_access_type, network_configuration_id, request_access_security_header
Referência
Managing access to self-hosted runners using groups
org.runner_group_visiblity_updated
The visibility of a self-hosted runner group was updated via the REST API.
Campos
user_agent, request_id, actor, actor_id, runner_group_id, visibility, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id
Referência
/rest/actions#update-a-self-hosted-runner-group-for-an-organization
org.secret_scanning_custom_pattern_push_protection_disabled
Push protection for a custom pattern for secret scanning was disabled for an organization.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
Defining custom patterns for secret scanning
org.secret_scanning_custom_pattern_push_protection_enabled
Push protection for a custom pattern for secret scanning was enabled for an organization.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
Referência
Defining custom patterns for secret scanning
org.secret_scanning_push_protection_custom_message_disabled
The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, programmatic_access_type
Referência
About push protection
org.secret_scanning_push_protection_custom_message_enabled
The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, programmatic_access_type
Referência
About push protection
org.secret_scanning_push_protection_custom_message_updated
The custom message triggered by an attempted push to a push-protected repository was updated for an organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, programmatic_access_type
Referência
About push protection
org.secret_scanning_push_protection_disable
Push protection for secret scanning was disabled.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
About push protection
org.secret_scanning_push_protection_enable
Push protection for secret scanning was enabled.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
About push protection
org.secret_scanning_push_protection_new_repos_disable
Push protection for secret scanning was disabled for all new repositories in the organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, token_scopes
Referência
About push protection
org.secret_scanning_push_protection_new_repos_enable
Push protection for secret scanning was enabled for all new repositories in the organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, token_scopes
Referência
About push protection
org.self_hosted_runner_offline
The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Campos
org_id, org, runner_id, runner_name, action, _document_id, operation_type, created_at, @timestamp
Referência
Monitoring and troubleshooting self-hosted runners
org.self_hosted_runner_online
The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Campos
org_id, org, runner_id, runner_name, action, _document_id, operation_type, created_at, @timestamp
Referência
Monitoring and troubleshooting self-hosted runners
org.self_hosted_runner_updated
The runner application was updated. This event is not included in the JSON/CSV export.
Campos
org_id, runner_id, runner_name, source_version, target_version, runner_group_id, runner_group_name
Referência
About self-hosted runners
org.set_actions_fork_pr_approvals_policy
The setting for requiring approvals for workflows from public forks was changed for an organization.
Campos
user_agent, request_id, actor, actor_id, policy, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks
org.set_actions_private_fork_pr_approvals_policy
The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.
Campos
actor, actor_id, user_agent, request_id, policy, org, org_id, action, _document_id, @timestamp, created_at, operation_type
Referência
/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks
org.set_actions_retention_limit
The retention period for GitHub Actions artifacts and logs in an organization was changed.
Campos
user_agent, request_id, actor, actor_id, limit, org, org_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization
org.set_default_workflow_permissions
The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.
Campos
actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization
org.set_fork_pr_workflows_policy
The policy for workflows on private repository forks was changed.
Campos
user_agent, request_id, actor, actor_id, policy, org, org_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks
org.set_workflow_permission_can_approve_pr
The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.
Campos
actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests
org.sso_response
A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Campos
action, user_agent, actor, actor_id, org_id, @timestamp, org, issuer, business, operation_type, created_at, request_id, business_id, _document_id, actor_is_bot, request_access_security_header
org.transfer
An organization was transferred between enterprise accounts.
Campos
actor, actor_id, user_agent, request_id, from_business, to_business, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
Adding organizations to your enterprise
org.transfer_outgoing
An organization was transferred between enterprise accounts.
Campos
actor, actor_id, user_agent, request_id, org, org_id, business, business_id, from_business, to_business, action, _document_id, @timestamp, created_at, operation_type
Referência
Adding organizations to your enterprise
org.unblock_user
A user was unblocked from an organization.
Campos
oauth_application_id, _document_id, blocked_user, action, operation_type, @timestamp, request_id, created_at, actor, actor_id, org, org_id, user_agent
Referência
/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization
org.update_actions_secret
A GitHub Actions secret was updated for an organization.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, created_at, key, org, org_id, action, operation_type, @timestamp, _document_id, programmatic_access_type
Referência
Using secrets in GitHub Actions
org.update_actions_settings
An organization owner or site administrator updated GitHub Actions policy settings for an organization.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, new_policy, updated_allowed_types, old_policy, updated_access_policy, programmatic_access_type, request_access_security_header
Referência
/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization
org.update_actions_variable
A GitHub Actions variable was updated for an organization.
Campos
actor, actor_id, user_agent, request_id, key, visibility, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Store information in variables
org.update_default_repository_permission
The default repository permission level for organization members was changed.
Campos
actor, action, operation_type, created_at, org, org_id, request_id, @timestamp, user_agent, permission, actor_id, old_permission, _document_id, programmatic_access_type
org.update_integration_secret
A Codespaces or Dependabot secret was updated for an organization.
Campos
user_agent, request_id, actor, actor_id, key, visibility, integration, org, org_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header
org.update_member
A person's role was changed from owner to member or member to owner.
Campos
@timestamp, org_id, created_at, _document_id, user, user_id, action, request_id, actor_id, old_permission, permission, actor, user_agent, operation_type, org
org.update_member_repository_creation_permission
The create repository permission for organization members was changed.
Campos
actor, action, @timestamp, request_id, actor_id, permission, created_at, user_agent, org, org_id, _document_id, visibility, operation_type
org.update_member_repository_invitation_permission
An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.
Campos
actor_id, permission, action, org_id, actor, created_at, _document_id, business_id, operation_type, org, user_agent, request_id, business, @timestamp
Referência
Setting permissions for adding outside collaborators
org.update_new_repository_default_branch_setting
The name of the default branch was changed for new repositories in the organization.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization
org.update_saml_provider_settings
An organization's SAML provider settings were updated.
Campos
user_agent, sso_url, actor_id, operation_type, @timestamp, issuer, org, _document_id, actor, org_id, created_at, request_id, action
org.update_terms_of_service
An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.
Campos
request_id, org_id, actor, actor_id, user_agent, operation_type, _document_id, org, action, @timestamp, created_at, request_access_security_header
Referência
/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement

org_credential_authorization

org_credential_authorization.deauthorize
A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.
Campos
user_agent, request_id, operation_type, created_at, actor_id, org_id, business, action, @timestamp, org, _document_id, business_id, actor, token_scopes, programmatic_access_type, actor_is_bot, oauth_credential_type, managed_oauth_access_id, managed_token_id, managed_oauth_scopes, managed_token_scopes, managed_hashed_token
Referência
Authorizing a personal access token for use with single sign-on
org_credential_authorization.grant
A member authorized credentials for use with SAML or OIDC single sign-on.
Campos
user_agent, actor, @timestamp, created_at, org_id, business_id, operation_type, request_id, _document_id, action, actor_id, business, org, token_scopes, programmatic_access_type, actor_is_bot, oauth_credential_type, request_access_security_header, managed_oauth_access_id, managed_token_id, managed_oauth_scopes, managed_token_scopes, managed_hashed_token
Referência
Authenticating with single sign-on
org_credential_authorization.revoke
An owner revoked authorized credentials.
Campos
actor, org, @timestamp, owner, oauth_application_id, org_id, operation_type, action, business, request_id, created_at, business_id, actor_id, _document_id, user_agent, oauth_credential_type, managed_oauth_access_id, managed_token_id, managed_oauth_scopes, managed_token_scopes, managed_hashed_token
Referência
Viewing and managing a member's SAML access to your organization

org_secret_scanning_automatic_validity_checks

org_secret_scanning_automatic_validity_checks.disabled
Automatic partner validation checks have been disabled at the organization level
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization
org_secret_scanning_automatic_validity_checks.enabled
Automatic partner validation checks have been enabled at the organization level
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization

org_secret_scanning_custom_pattern

org_secret_scanning_custom_pattern.create
A custom pattern was created for secret scanning in an organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
Defining custom patterns for secret scanning
org_secret_scanning_custom_pattern.delete
A custom pattern was removed from secret scanning in an organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
Referência
Defining custom patterns for secret scanning
org_secret_scanning_custom_pattern.publish
A custom pattern was published for secret scanning in an organization.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
Defining custom patterns for secret scanning
org_secret_scanning_custom_pattern.update
Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
Defining custom patterns for secret scanning

org_secret_scanning_generic_secrets

org_secret_scanning_generic_secrets.disabled
Generic secrets have been disabled at the organization level
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
org_secret_scanning_generic_secrets.enabled
Generic secrets have been enabled at the organization level
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header

org_secret_scanning_non_provider_patterns

org_secret_scanning_non_provider_patterns.disabled
Secret scanning for non-provider patterns was disabled at the organization level.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
Supported secret scanning patterns
org_secret_scanning_non_provider_patterns.enabled
Secret scanning for non-provider patterns was enabled at the organization level.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
Supported secret scanning patterns

org_secret_scanning_push_protection_bypass_list

org_secret_scanning_push_protection_bypass_list.add
A role or team was added to the push protection bypass list at the organization level.
Campos
actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
About push protection
org_secret_scanning_push_protection_bypass_list.disable
Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Specific roles or teams" to "Anyone with write access" at the organization level.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
About push protection
org_secret_scanning_push_protection_bypass_list.enable
Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Anyone with write access" to "Specific roles or teams" at the organization level.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
About push protection
org_secret_scanning_push_protection_bypass_list.remove
A role or team was removed from the push protection bypass list at the organization level.
Campos
actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
About push protection

org_secret_scanning_push_protection_pattern_configuration

org_secret_scanning_push_protection_pattern_configuration.push_protection_setting_changed
The push protection setting was changed for a secret type for your org.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, secret_type, secret_type_display_name, push_protection_setting
Referência
Managing GitHub Advanced Security features for your enterprise
org_secret_scanning_push_protection_pattern_configuration.updated
The push protection pattern configuration was updated for your org.
Campos
actor, actor_id, user_agent, request_id, user, user_id, org, org_id, business, business_id, action, _document_id, @timestamp
Referência
Managing GitHub Advanced Security features for your enterprise

organization_default_label

organization_default_label.create
A default label was created for repositories in an organization.
Campos
request_id, actor_id, actor, org, org_id, operation_type, _document_id, action, created_at, @timestamp, user_agent, request_access_security_header
Referência
/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label
organization_default_label.destroy
A default label was deleted for repositories in an organization.
Campos
operation_type, request_id, actor, @timestamp, _document_id, actor_id, org_id, org, action, created_at, user_agent
Referência
/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label
organization_default_label.update
A default label was edited for repositories in an organization.
Campos
org, created_at, @timestamp, actor, action, user_agent, actor_id, org_id, operation_type, request_id, _document_id
Referência
/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label

organization_domain

organization_domain.approve
A domain was approved for an organization.
Campos
user_agent, request_id, actor, actor_id, owner_type, domain_name, org_id, business_id, owner, action, operation_type, @timestamp, created_at, _document_id
Referência
/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization
organization_domain.create
A domain was added to an organization.
Campos
created_at, _document_id, domain_name, action, request_id, actor_id, operation_type, @timestamp, user_agent, actor
Referência
/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization
organization_domain.destroy
A domain was removed from an organization.
Campos
action, domain_name, @timestamp, _document_id, user_agent, request_id, actor, actor_id, operation_type, created_at
Referência
/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain
organization_domain.verify
A domain was verified for an organization.
Campos
operation_type, domain_name, @timestamp, user_agent, request_id, actor, action, created_at, _document_id, actor_id
Referência
/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization

organization_projects_change

organization_projects_change.clear
An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.
Campos
actor, business_id, @timestamp, actor_id, user, user_id, action, user_agent, _document_id, created_at, operation_type, request_id, business
Referência
Enforcing policies for projects in your enterprise
organization_projects_change.disable
Organization projects were disabled for all organizations in an enterprise.
Campos
org_id, action, user, org, created_at, user_agent, request_id, actor_id, operation_type, @timestamp, actor, user_id, _document_id
Referência
Enforcing policies for projects in your enterprise
organization_projects_change.enable
Organization projects were enabled for all organizations in an enterprise.
Campos
actor_id, org_id, created_at, user_id, org, @timestamp, _document_id, user_agent, actor, request_id, user, action, operation_type
Referência
Enforcing policies for projects in your enterprise

organization_role

organization_role.assign
An organization role was assigned to a user or team.
Campos
actor, actor_id, user_agent, request_id, organization_role_id, organization_role_name, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
Referência
About custom organization roles
organization_role.create
A custom organization role was created in an organization.
Campos
user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, name, owner, role_permissions, base_role, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
Referência
About custom organization roles
organization_role.destroy
A custom organization role was deleted in an organization.
Campos
user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, name, owner, role_permissions, base_role, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
About custom organization roles
organization_role.revoke
A user or team was unassigned an organization role.
Campos
actor, actor_id, user_agent, request_id, organization_role_id, organization_role_name, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type
Referência
About custom organization roles
organization_role.update
A custom organization role was edited in an organization.
Campos
user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, name, owner, role_permissions, base_role, old_role_permissions, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, old_base_role
Referência
About custom organization roles

organization_wide_project_base_role

organization_wide_project_base_role.update
An organization's default project base role was updated.
Campos
actor, actor_id, user_agent, request_id, old_project_base_role, new_project_base_role, business, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

packages

packages.package_deleted
An entire package was deleted.
Campos
actor_id, actor, org, org_id, repo, repo_id, package, action, operation_type, @timestamp, created_at, _document_id, business, business_id, actor_is_bot
Referência
/packages/learn-github-packages/deleting-and-restoring-a-package
packages.package_published
A package was published or republished to an organization.
Campos
actor_id, actor, org, org_id, repo, repo_id, package, ecosystem, version_count, is_republished, action, operation_type, @timestamp, created_at, _document_id, business, business_id, actor_is_bot
packages.package_version_deleted
A specific package version was deleted.
Campos
actor_id, actor, org, org_id, repo, repo_id, package, version, action, operation_type, @timestamp, created_at, _document_id, business, business_id, ecosystem, actor_is_bot
Referência
/packages/learn-github-packages/deleting-and-restoring-a-package
packages.package_version_published
A specific package version was published or republished to a package.
Campos
org_id, ecosystem, package, version, actor_id, user_agent, is_republished, actor, action, operation_type, @timestamp, created_at, _document_id, business, business_id, actor_is_bot

pages_protected_domain

pages_protected_domain.create
A GitHub Pages verified domain was created for an organization or enterprise.
Campos
user_agent, request_id, actor, actor_id, owner, owner_type, domain, state, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages
pages_protected_domain.delete
A GitHub Pages verified domain was deleted from an organization or enterprise.
Campos
user_agent, request_id, actor, actor_id, owner, owner_type, domain, state, action, _document_id, @timestamp, created_at, operation_type
Referência
/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages
pages_protected_domain.verify
A GitHub Pages domain was verified for an organization or enterprise.
Campos
user_agent, request_id, actor, actor_id, owner, owner_type, domain, state, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

payment_method

payment_method.create
A new payment method was added, such as a new credit card or PayPal account.
Campos
user_agent, request_id, user, operation_type, user_id, _document_id, action, actor, actor_id, @timestamp, created_at, request_access_security_header
payment_method.remove
A payment method was removed.
Campos
user, created_at, actor_id, @timestamp, user_id, action, operation_type, actor, _document_id, request_access_security_header
payment_method.update
An existing payment method was updated.
Campos
operation_type, request_id, org_id, created_at, actor_id, @timestamp, action, actor, org, user_agent, _document_id, request_access_security_header

personal_access_token

personal_access_token.access_granted
A fine-grained personal access token was granted access to resources.
Campos
user_agent, request_id, actor, actor_id, user_programmatic_access_id, user_programmatic_access_name, repository_selection, user, user_id, action, _document_id, @timestamp, created_at, operation_type
Referência
/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization
personal_access_token.access_restriction_disabled
The configured restriction for access to resources via personal access tokens was disabled.
Campos
actor, actor_id, user_agent, request_id, programmatic_access_type, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
personal_access_token.access_restriction_enabled
The configured restriction for access to resources via personal access tokens was enabled.
Campos
actor, actor_id, user_agent, request_id, programmatic_access_type, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
personal_access_token.access_restriction_reset
The configured restriction for access to resources via personal access tokens was reset and delegated to organizations.
Campos
actor, actor_id, user_agent, request_id, programmatic_access_type, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
personal_access_token.access_revoked
A fine-grained personal access token was revoked. The token can still read public organization resources.
Campos
user_agent, request_id, actor, actor_id, user_programmatic_access_id, user_programmatic_access_name, repository_selection, user, user_id, action, _document_id, @timestamp, created_at, operation_type
Referência
/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization
personal_access_token.auto_approve_grant_requests_disabled
Triggered when fine-grained personal access tokens can access organization resources without prior approval.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
personal_access_token.auto_approve_grant_requests_enabled
Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
personal_access_token.auto_approve_grant_requests_reset
Triggered when the enterprise delegates to the organizations when to require approval for fine-grained personal access tokens before the tokens can access organization resources.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
personal_access_token.expiration_limit_set
A personal access token expiration limit was set.
Campos
actor, actor_id, user_agent, request_id, programmatic_access_type, token_expiration, old_token_expiration, exempt_administrators, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
personal_access_token.expiration_limit_unset
A personal access token expiration limit was unset.
Campos
actor, actor_id, user_agent, request_id, programmatic_access_type, old_token_expiration, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
personal_access_token.request_cancelled
A pending request for a fine-grained personal access token to access organization resources was canceled.
Campos
user_agent, request_id, actor, actor_id, user_programmatic_access_name, org, org_id, repository_selection, action, _document_id, @timestamp, created_at, operation_type, user_programmatic_access_request_id
personal_access_token.request_created
Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.
Campos
user_agent, request_id, actor, actor_id, user_programmatic_access_id, user_programmatic_access_name, user, user_id, repository_selection, action, _document_id, @timestamp, created_at, operation_type, user_programmatic_access_request_id
Referência
/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization
personal_access_token.request_denied
A request for a fine-grained personal access token to access organization resources was denied.
Campos
actor, actor_id, user_agent, request_id, user_programmatic_access_name, org, org_id, repository_selection, action, _document_id, @timestamp, created_at, operation_type, user_programmatic_access_request_id
Referência
/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization

prebuild_configuration

prebuild_configuration.create
A GitHub Codespaces prebuild configuration for a repository was created.
Campos
user_agent, request_id, actor, actor_id, branch, repository, repository_id, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, public_repo
Referência
/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds
prebuild_configuration.destroy
A GitHub Codespaces prebuild configuration for a repository was deleted.
Campos
user_agent, request_id, actor, actor_id, branch, repository, repository_id, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, public_repo
Referência
/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds
prebuild_configuration.run_triggered
A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.
Campos
user_agent, request_id, actor, actor_id, branch, repository, repository_id, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, public_repo
Referência
/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds
prebuild_configuration.update
A GitHub Codespaces prebuild configuration for a repository was edited.
Campos
user_agent, request_id, actor, actor_id, branch, repository, repository_id, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, public_repo
Referência
/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds

private_repository_forking

private_repository_forking.clear
An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.
Campos
user_agent, user_id, action, operation_type, @timestamp, business_id, actor_id, user, business, request_id, actor, created_at, _document_id
private_repository_forking.disable
An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.
Campos
repo_id, created_at, actor_id, _document_id, actor, user, repo, action, user_agent, @timestamp, org, operation_type, request_id, user_id, org_id, programmatic_access_type, request_access_security_header
private_repository_forking.enable
An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.
Campos
actor_id, user_id, operation_type, _document_id, action, @timestamp, repo, org, business, user_agent, request_id, actor, repo_id, user, org_id, created_at, business_id

profile_picture

profile_picture.update
A profile picture was updated.
Campos
user, actor_id, user_id, @timestamp, created_at, owner, action, _document_id, request_id, user_agent, actor, operation_type
Referência
/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile

project

project.access
A project board visibility was changed.
Campos
actor_id, actor, user_agent, operation_type, user, created_at, user_id, action, request_id, _document_id, @timestamp
project.close
A project board was closed.
Campos
org_id, user_agent, request_id, operation_type, @timestamp, created_at, repo_id, org, _document_id, project_id, action, actor, actor_id, repo, project_kind
Referência
Closing a project (classic)
project.create
A project board was created.
Campos
operation_type, user, _document_id, request_id, user_id, user_agent, @timestamp, actor_id, action, created_at, actor
project.delete
A project board was deleted.
Campos
request_id, action, actor_id, operation_type, actor, user_id, @timestamp, created_at, _document_id, user_agent, user
project.link
A repository was linked to a project board.
Campos
repo_id, action, actor_id, org_id, user_agent, request_id, actor, operation_type, @timestamp, _document_id, created_at, org, repo
project.open
A project board was reopened.
Campos
actor, request_id, actor_id, action, user_id, project_id, _document_id, user_agent, operation_type, user, @timestamp, created_at, project_kind, project_name
Referência
Reopening a closed project (classic)
project.rename
A project board was renamed.
Campos
action, created_at, request_id, actor_id, old_name, operation_type, @timestamp, repo, _document_id, user_agent, org_id, business_id, actor, repo_id, org, business
project.unlink
A repository was unlinked from a project board.
Campos
repo, repo_id, operation_type, actor, action, created_at, actor_id, _document_id, request_id, @timestamp, user_agent, org, org_id
project.update_org_permission
The project's base-level permission for all organization members was changed or removed.
Campos
actor, org, @timestamp, _document_id, operation_type, created_at, request_id, actor_id, action, org_id, user_agent
project.update_team_permission
A team's project board permission level was changed or when a team was added or removed from a project board.
Campos
created_at, org_id, operation_type, org, actor_id, _document_id, request_id, team, @timestamp, action, user_agent, actor
project.update_user_permission
A user was added to or removed from a project board or had their permission level changed.
Campos
request_id, user_id, operation_type, @timestamp, actor_id, user, user_agent, actor, created_at, org, _document_id, org_id, action, programmatic_access_type
project.visibility_private
A project's visibility was changed from public to private.
Campos
user_agent, request_id, actor, actor_id, project_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, project_kind, project_name
project.visibility_public
A project's visibility was changed from private to public.
Campos
user_agent, request_id, actor, actor_id, project_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, project_kind, project_name, request_access_security_header

project_base_role

project_base_role.update
A project's base role was updated.
Campos
actor, actor_id, user_agent, request_id, old_project_base_role, new_project_base_role, project_number, public_project, business, project_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

project_collaborator

project_collaborator.add
A collaborator was added to a project.
Campos
actor, actor_id, user_agent, request_id, collaborator_type, org, org_id, collaborator, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, public_project, project_name, project_role, old_project_role, request_access_security_header
project_collaborator.remove
A collaborator was removed from a project.
Campos
actor, actor_id, user_agent, request_id, collaborator_type, user, user_id, collaborator, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
project_collaborator.update
A project collaborator's permission level was changed.
Campos
actor, actor_id, user_agent, request_id, public_project, project_name, collaborator_type, project_role, old_project_role, project_id, user, user_id, collaborator, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

project_field

project_field.create
A field was created in a project board.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/issues/planning-and-tracking-with-projects/understanding-fields
project_field.delete
A field was deleted in a project board.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields

project_view

project_view.create
A view was created in a project board.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views
project_view.delete
A view was deleted in a project board.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views

protected_branch

protected_branch.authorized_users_teams
The users, teams, or integrations allowed to bypass a branch protection were changed.
Campos
repo, action, org_id, user_agent, name, created_at, _document_id, operation_type, actor, repo_id, org, request_id, actor_id, oauth_application_id, @timestamp, programmatic_access_type
Referência
/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches
protected_branch.branch_allowances
A protected branch allowance was given to a specific user, team or integration.
Campos
user_agent, request_id, token_id, hashed_token, programmatic_access_type, actor, actor_id, name, authorized_actors, policy, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
protected_branch.create
Branch protection was enabled on a branch.
Campos
operation_type, repo_id, user_id, @timestamp, user_agent, repo, name, org_id, user, _document_id, request_id, actor, actor_id, org, action, created_at, authorized_actor_names, token_scopes, required_deployments_enforcement_level, merge_queue_enforcement_level, create_protected
protected_branch.destroy
Branch protection was disabled on a branch.
Campos
name, repo, @timestamp, actor, org, actor_id, request_id, repo_id, org_id, operation_type, action, user_agent, created_at, _document_id, token_scopes, required_deployments_enforcement_level, merge_queue_enforcement_level, create_protected
protected_branch.dismiss_stale_reviews
Enforcement of dismissing stale pull requests was updated on a branch.
Campos
user_agent, dismiss_stale_reviews_on_push, org_id, action, created_at, request_id, _document_id, @timestamp, actor_id, repo_id, operation_type, actor, repo, org, name, programmatic_access_type
protected_branch.dismissal_restricted_users_teams
Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.
Campos
repo, repo_id, actor, oauth_application_id, authorized_actors_only, authorized_actors, created_at, user_agent, name, _document_id, org_id, request_id, @timestamp, actor_id, org, action, operation_type, programmatic_access_type
protected_branch.policy_override
A branch protection requirement was overridden by a repository administrator.
Campos
repo_id, created_at, actor, reasons, @timestamp, before, after, actor_id, repo, operation_type, user_agent, branch, overridden_codes, org, org_id, action, _document_id, request_id, referrer, business, business_id, deploy_key_fingerprint, token_scopes, programmatic_access_type, compliant_pull_request_ids, rule_suite_id
protected_branch.rejected_ref_update
A branch update attempt was rejected.
Campos
repo, org, @timestamp, created_at, _document_id, business, org_id, operation_type, request_id, repo_id, actor, branch, before, overridden_codes, after, action, reasons, actor_id, business_id, deploy_key_fingerprint, token_scopes, programmatic_access_type, compliant_pull_request_ids, actor_is_bot, rule_suite_id
protected_branch.update_admin_enforced
Branch protection was enforced for repository administrators.
Campos
request_id, actor_id, admin_enforced, operation_type, user_agent, actor, org, name, repo, @timestamp, action, repo_id, org_id, _document_id, created_at, token_scopes, programmatic_access_type
protected_branch.update_allow_force_pushes_enforcement_level
Force pushes were enabled or disabled for a branch.
Campos
org_id, actor_id, name, _document_id, actor, repo, operation_type, request_id, allow_force_pushes_enforcement_level, @timestamp, org, action, created_at, user_agent, repo_id, token_scopes, programmatic_access_type
protected_branch.update_ignore_approvals_from_contributors
Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.
Campos
actor, actor_id, user_agent, request_id, name, ignore_approvals_from_contributors, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule
protected_branch.update_lock_allows_fetch_and_merge
Fork syncing was enabled or disabled for a read-only branch
Campos
actor, actor_id, user_agent, request_id, name, lock_allows_fetch_and_merge, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, programmatic_access_type, request_access_security_header
Referência
repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch
protected_branch.update_lock_branch_enforcement_level
The enforcement of a branch lock was updated.
Campos
actor, actor_id, user_agent, request_id, name, enforcement_level, lock_branch_enforcement_level, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, programmatic_access_type, request_access_security_header
Referência
/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch
protected_branch.update_merge_queue_enforcement_level
Enforcement of the merge queue was modified for a branch.
Campos
actor, actor_id, user_agent, request_id, name, merge_queue_enforcement_level, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type
Referência
/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue
protected_branch.update_name
A branch name pattern was updated for a branch.
Campos
user_agent, request_id, actor, actor_id, name, old_name, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, request_access_security_header
protected_branch.update_pull_request_reviews_enforcement_level
Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).
Campos
name, org_id, _document_id, actor_id, @timestamp, business_id, request_id, pull_request_reviews_enforcement_level, org, repo, action, business, user_agent, created_at, repo_id, operation_type, actor, token_scopes, programmatic_access_type
protected_branch.update_require_code_owner_review
Enforcement of required code owner review was updated for a branch.
Campos
org_id, created_at, require_code_owner_review, operation_type, name, user_agent, action, @timestamp, actor, actor_id, repo, request_id, org, repo_id, _document_id, programmatic_access_type
protected_branch.update_require_last_push_approval
Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.
Campos
actor, actor_id, user_agent, request_id, name, require_last_push_approval, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, programmatic_access_type, request_access_security_header
Referência
/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging
protected_branch.update_required_approving_review_count
Enforcement of the required number of approvals before merging was updated on a branch.
Campos
required_approving_review_count, repo, request_id, repo_id, created_at, actor, operation_type, user_agent, name, org_id, action, actor_id, _document_id, org, @timestamp, programmatic_access_type
protected_branch.update_required_status_checks_enforcement_level
Enforcement of required status checks was updated for a branch.
Campos
actor, org_id, user_agent, @timestamp, _document_id, name, repo, action, business_id, repo_id, business, actor_id, operation_type, created_at, request_id, required_status_checks_enforcement_level, org, token_scopes, programmatic_access_type
protected_branch.update_signature_requirement_enforcement_level
Enforcement of required commit signing was updated for a branch.
Campos
operation_type, name, @timestamp, created_at, _document_id, request_id, repo_id, org, org_id, action, actor, actor_id, signature_requirement_enforcement_level, repo, user_agent, programmatic_access_type
protected_branch.update_strict_required_status_checks_policy
Enforcement of required status checks was updated for a branch.
Campos
request_id, actor_id, _document_id, org, @timestamp, created_at, repo_id, org_id, user_agent, name, actor, repo, operation_type, action, strict_required_status_checks_policy, programmatic_access_type

public_key

public_key.create
An SSH key was added to a user account or a deploy key was added to a repository.
Campos
read_only, user_agent, actor_id, operation_type, created_at, _document_id, key, fingerprint, actor, action, user, user_id, @timestamp, request_id, title, token_scopes, programmatic_access_type
Referência
/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account
public_key.delete
An SSH key was removed from a user account or a deploy key was removed from a repository.
Campos
fingerprint, user_agent, read_only, explanation, repo, @timestamp, action, key, operation_type, _document_id, actor, title, request_id, actor_id, repo_id, created_at, token_scopes, programmatic_access_type
Referência
/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys
public_key.unverification_failure
A user account's SSH key or a repository's deploy key was unable to be unverified.
Campos
user_agent, request_id, title, key, fingerprint, read_only, user, user_id, action, _document_id, @timestamp, created_at, operation_type, token_scopes
Referência
/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.unverify
A user account's SSH key or a repository's deploy key was unverified.
Campos
created_at, operation_type, _document_id, title, request_id, key, action, actor, read_only, explanation, repo_id, @timestamp, actor_id, repo, user_agent, fingerprint
Referência
/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.update
A user account's SSH key or a repository's deploy key was updated.
Campos
actor, user_agent, key, fingerprint, read_only, repo_id, operation_type, created_at, actor_id, repo, action, _document_id, request_id, title, @timestamp, programmatic_access_type
Referência
/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.verification_failure
A user account's SSH key or a repository's deploy key was unable to be verified.
Campos
repo_id, actor, key, fingerprint, @timestamp, request_id, actor_id, oauth_application_id, title, action, user_agent, created_at, repo, read_only, operation_type, _document_id, user, user_id, programmatic_access_type
Referência
/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.verify
A user account's SSH key or a repository's deploy key was verified.
Campos
operation_type, user, @timestamp, _document_id, action, created_at, key, fingerprint, actor_id, actor, title, user_agent, user_id, request_id, read_only, token_scopes, programmatic_access_type
Referência
/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

pull_request

pull_request.close
A pull request was closed without being merged.
Campos
user_agent, request_id, actor, actor_id, pull_request_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type, actor_is_bot
Referência
/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request
pull_request.converted_to_draft
A pull request was converted to a draft.
Campos
user_agent, request_id, actor, actor_id, pull_request_id, business_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, token_scopes, programmatic_access_type, request_access_security_header
Referência
/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft
pull_request.create
A pull request was created.
Campos
user_agent, request_id, actor, actor_id, pull_request_id, user_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type, actor_is_bot
Referência
/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request
pull_request.create_review_request
A review was requested on a pull request.
Campos
user_agent, request_id, actor, actor_id, pull_request_id, business_id, org_id, reviewer_type, reviewer, reviewer_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type
Referência
/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews
pull_request.in_progress
A pull request was marked as in progress.
Campos
user_agent, request_id, actor, actor_id, pull_request_id, business_id, action, operation_type, @timestamp, created_at, _document_id
pull_request.indirect_merge
A pull request was considered merged because the pull request's commits were merged into the target branch.
Campos
user_agent, request_id, actor, actor_id, pull_request_id, business_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type
pull_request.merge
A pull request was merged.
Campos
user_agent, request_id, actor, actor_id, pull_request_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, token_scopes, programmatic_access_type, actor_is_bot
Referência
/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request
pull_request.ready_for_review
A pull request was marked as ready for review.
Campos
user_agent, request_id, actor, actor_id, pull_request_id, business_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, token_scopes, programmatic_access_type, request_access_security_header
Referência
/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review
pull_request.remove_review_request
A review request was removed from a pull request.
Campos
user_agent, request_id, actor, actor_id, pull_request_id, business_id, org_id, reviewer_type, reviewer, reviewer_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type
Referência
/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews
pull_request.reopen
A pull request was reopened after previously being closed.
Campos
user_agent, request_id, actor, actor_id, pull_request_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type

pull_request_review_comment

pull_request_review_comment.create
A review comment was added to a pull request.
Campos
user_agent, request_id, actor, actor_id, comment_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, request_access_security_header
Referência
/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews
pull_request_review_comment.delete
A review comment on a pull request was deleted.
Campos
user_agent, actor, @timestamp, _document_id, repo, created_at, request_id, comment_id, actor_id, repo_id, action, operation_type, token_scopes, programmatic_access_type
pull_request_review_comment.update
A review comment on a pull request was changed.
Campos
operation_type, user_agent, request_id, actor_id, action, created_at, actor, _document_id, @timestamp, comment_id, token_scopes, programmatic_access_type

pull_request_review

pull_request_review.delete
A review on a pull request was deleted.
Campos
user_agent, request_id, actor, actor_id, pull_request_id, review_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, token_scopes, programmatic_access_type, request_access_security_header
pull_request_review.dismiss
A review on a pull request was dismissed.
Campos
user_agent, request_id, actor, actor_id, pull_request_id, business_id, review_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type
Referência
/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review
pull_request_review.submit
A review on a pull request was submitted.
Campos
user_agent, request_id, actor, actor_id, pull_request_id, review_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type
Referência
/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review

repo

repo.access
The visibility of a repository changed.
Campos
repo_id, user, request_id, operation_type, @timestamp, actor_id, user_id, created_at, user_agent, actor, action, repo, visibility, _document_id, previous_visibility, programmatic_access_type
Referência
/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility
repo.actions_enabled
GitHub Actions was enabled for a repository.
Campos
user_agent, request_id, actor, actor_id, created_at, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, token_scopes, programmatic_access_type
Referência
organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api
repo.add_member
A collaborator was added to a repository.
Campos
visibility, repo, created_at, user_agent, operation_type, @timestamp, _document_id, actor, actor_id, repo_id, user, request_id, action, user_id, oauth_application_id, org, org_id, token_scopes, programmatic_access_type
Referência
/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository
repo.add_topic
A topic was added to a repository.
Campos
action, user_agent, actor, repo, repo_id, user, org, org_id, request_id, actor_id, topic, @timestamp, _document_id, user_id, created_at, operation_type, programmatic_access_type
Referência
/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics
repo.advanced_security_disabled
GitHub Advanced Security was disabled for a repository.
Campos
user_agent, request_id, actor, actor_id, org, org_id, repository, repository_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, actor_is_bot, request_access_security_header
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository
repo.advanced_security_enabled
GitHub Advanced Security was enabled for a repository.
Campos
user_agent, request_id, actor, actor_id, org, org_id, repository, repository_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, actor_is_bot
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository
repo.archived
A repository was archived.
Campos
repo_id, user_agent, user_id, created_at, @timestamp, repo, user, operation_type, visibility, action, actor_id, actor, _document_id, request_id, token_scopes, programmatic_access_type
Referência
/repositories/archiving-a-github-repository
repo.change_merge_setting
Pull request merge options were changed for a repository.
Campos
actor, oauth_application_id, user_agent, request_id, created_at, @timestamp, _document_id, actor_id, operation_type, action, public_repo, token_scopes, programmatic_access_type, actor_is_bot
repo.code_scanning_analysis_deleted
Code scanning analysis for a repository was deleted.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, tool, category, request_access_security_header
Referência
/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository
repo.code_scanning_autofix_disabled
Autofix for code scanning alerts was disabled for a repository.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
repo.code_scanning_autofix_enabled
Autofix for code scanning alerts was enabled for a repository.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
repo.code_scanning_autofix_third_party_tools_disabled
Autofix for third party tools for code scanning alerts was disabled for a repository.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
repo.code_scanning_autofix_third_party_tools_enabled
Autofix for third party tools for code scanning alerts was enabled for a repository.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
repo.code_scanning_configuration_for_branch_deleted
A code scanning configuration for a branch of a repository was deleted.
Campos
actor, actor_id, user_agent, request_id, tool, branch, category, repo, repo_id, public_repo, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Resolving code scanning alerts
repo.code_scanning_delegated_alert_dismissal_disabled
Prevention of direct alert dismissal for code scanning was disabled for a repository.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type
repo.code_scanning_delegated_alert_dismissal_enabled
Prevention of direct alert dismissal for code scanning was enabled for a repository.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type
repo.codeql_disabled
Code scanning using the default setup was disabled for a repository.
Campos
user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning
repo.codeql_enabled
Code scanning using the default setup was enabled for a repository.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, query_suite, threat_model, languages, request_access_security_header
Referência
/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning
repo.codeql_updated
Code scanning using the default setup was updated for a repository.
Campos
actor, actor_id, user_agent, request_id, query_suite, threat_model, languages, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning
repo.codespaces_trusted_repo_access_granted
GitHub Codespaces was granted trusted repository access to this repository.
Campos
user_agent, request_id, actor, actor_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo
repo.codespaces_trusted_repo_access_revoked
GitHub Codespaces trusted repository access to this repository was revoked.
Campos
user_agent, request_id, actor, actor_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
repo.config.disable_collaborators_only
The interaction limit for collaborators only was disabled.
Campos
user_agent, actor, actor_id, repo_id, _document_id, action, created_at, repo, operation_type, @timestamp, request_id
Referência
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.disable_contributors_only
The interaction limit for prior contributors only was disabled in a repository.
Campos
repo, @timestamp, request_id, actor, _document_id, user_agent, actor_id, repo_id, action, operation_type, created_at
Referência
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.disable_sockpuppet_disallowed
The interaction limit for existing users only was disabled in a repository.
Campos
actor, request_id, repo_id, action, user_agent, _document_id, @timestamp, created_at, actor_id, repo, operation_type
Referência
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.enable_collaborators_only
The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.
Campos
actor, oauth_application_id, created_at, action, request_id, repo_id, repo, @timestamp, _document_id, user_agent, actor_id, operation_type
Referência
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.enable_contributors_only
The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.
Campos
user_agent, request_id, operation_type, created_at, actor, org, action, actor_id, repo, repo_id, org_id, @timestamp, _document_id
Referência
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.enable_sockpuppet_disallowed
The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.
Campos
actor, operation_type, created_at, user_agent, request_id, action, actor_id, repo, repo_id, @timestamp, _document_id
Referência
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.create
A repository was created.
Campos
repo, user_id, visibility, repo_id, user, request_id, actor_id, action, operation_type, request_category, @timestamp, created_at, _document_id, actor, user_agent, org, oauth_application_id, org_id, request_method, business, business_id, public_repo, token_scopes, programmatic_access_type, actor_is_bot
Referência
/repositories/creating-and-managing-repositories/creating-a-new-repository
repo.create_actions_secret
A GitHub Actions secret was created for a repository.
Campos
user_agent, request_id, actor, actor_id, key, repo, repo_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type
Referência
Using secrets in GitHub Actions
repo.create_actions_variable
A GitHub Actions variable was created for a repository.
Campos
actor, actor_id, user_agent, request_id, key, visibility, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
Referência
Store information in variables
repo.create_integration_secret
A Codespaces or Dependabot secret was created for a repository.
Campos
user_agent, request_id, actor, actor_id, key, visibility, integration, repo, repo_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, request_access_security_header
repo.destroy
A repository was deleted.
Campos
repo, _document_id, user_agent, user_id, actor, action, user, repo_id, operation_type, request_category, actor_id, visibility, request_id, created_at, @timestamp, request_method, oauth_application_id, token_scopes, programmatic_access_type, actor_is_bot
Referência
/repositories/creating-and-managing-repositories/deleting-a-repository
repo.download_zip
A source code archive of a repository was downloaded as a ZIP file.
Campos
user_agent, request_id, actor, actor_id, visibility, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, public_repo, token_scopes, programmatic_access_type, actor_is_bot
Referência
/repositories/working-with-files/using-files/downloading-source-code-archives
repo.pages_cname
A GitHub Pages custom domain was modified in a repository.
Campos
actor, @timestamp, visibility, repo, repo_id, user, request_id, actor_id, cname, user_agent, user_id, created_at, _document_id, action, operation_type, old_cname, programmatic_access_type
repo.pages_create
A GitHub Pages site was created.
Campos
actor_id, user, _document_id, user_id, visibility, action, user_agent, operation_type, repo_id, created_at, @timestamp, request_id, actor, repo, programmatic_access_type
repo.pages_destroy
A GitHub Pages site was deleted.
Campos
created_at, user_id, action, request_id, user, repo, user_agent, _document_id, actor_id, @timestamp, actor, visibility, operation_type, repo_id, programmatic_access_type
repo.pages_https_redirect_disabled
HTTPS redirects were disabled for a GitHub Pages site.
Campos
user, actor_id, repo_id, _document_id, user_agent, actor, visibility, user_id, request_id, repo, @timestamp, operation_type, action, created_at, programmatic_access_type, request_access_security_header
repo.pages_https_redirect_enabled
HTTPS redirects were enabled for a GitHub Pages site.
Campos
request_id, @timestamp, user_agent, user_id, created_at, visibility, actor, actor_id, user, operation_type, repo_id, action, repo, _document_id, request_access_security_header
repo.pages_private
A GitHub Pages site visibility was changed to private.
Campos
user_agent, request_id, actor, actor_id, visibility, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
repo.pages_public
A GitHub Pages site visibility was changed to public.
Campos
user_agent, request_id, actor, actor_id, visibility, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header
repo.pages_soft_delete
A GitHub Pages site was soft-deleted because its owner's plan changed.
Campos
visibility, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
repo.pages_soft_delete_restore
A GitHub Pages site that was previously soft-deleted was restored.
Campos
actor, actor_id, user_agent, request_id, visibility, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
repo.pages_source
A GitHub Pages source was modified.
Campos
user_id, actor_id, operation_type, user_agent, actor, @timestamp, repo_id, user, _document_id, request_id, visibility, repo, created_at, action, programmatic_access_type
repo.register_self_hosted_runner
A new self-hosted runner was registered.
Campos
actor_id, repo, operation_type, action, @timestamp, actor, user_agent, created_at, _document_id, request_id, repo_id, request_access_security_header
Referência
Adding self-hosted runners
repo.remove_actions_secret
A GitHub Actions secret was deleted for a repository.
Campos
user_agent, request_id, actor, actor_id, key, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type
Referência
Using secrets in GitHub Actions
repo.remove_actions_variable
A GitHub Actions variable was deleted for a repository.
Campos
actor, actor_id, user_agent, request_id, key, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
Referência
Store information in variables
repo.remove_integration_secret
A Codespaces or Dependabot secret was deleted for a repository.
Campos
user_agent, request_id, actor, actor_id, key, integration, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, request_access_security_header
repo.remove_member
A collaborator was removed from a repository.
Campos
request_id, user, business, action, actor_id, org, org_id, actor, created_at, repo_id, user_agent, business_id, user_id, operation_type, @timestamp, _document_id, visibility, repo, token_scopes, programmatic_access_type
Referência
/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository
repo.remove_self_hosted_runner
A self-hosted runner was removed.
Campos
request_id, actor_id, repo_id, @timestamp, _document_id, repo, org_id, action, operation_type, user_agent, actor, created_at, org, token_scopes, programmatic_access_type
Referência
Removing self-hosted runners
repo.remove_topic
A topic was removed from a repository.
Campos
user, action, repo_id, user_agent, topic, operation_type, user_id, org, org_id, actor, business, request_id, repo, @timestamp, created_at, _document_id, actor_id, business_id, programmatic_access_type
repo.rename
A repository was renamed.
Campos
user_agent, @timestamp, request_id, actor_id, actor, old_name, repo, user_id, created_at, user, action, operation_type, visibility, repo_id, _document_id, programmatic_access_type
Referência
/repositories/creating-and-managing-repositories/renaming-a-repository
repo.self_hosted_runner_offline
The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Campos
repo_id, repo, org_id, org, runner_id, runner_name, action, _document_id, operation_type, created_at, @timestamp
Referência
Monitoring and troubleshooting self-hosted runners
repo.self_hosted_runner_online
The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Campos
repo_id, repo, org_id, org, runner_id, runner_name, action, _document_id, operation_type, created_at, @timestamp
Referência
Monitoring and troubleshooting self-hosted runners
repo.self_hosted_runner_updated
The runner application was updated. This event is not included in the JSON/CSV export.
Campos
repo_id, runner_id, runner_name, source_version, target_version, runner_group_id, runner_group_name
Referência
About self-hosted runners
repo.set_actions_fork_pr_approvals_policy
The setting for requiring approvals for workflows from public forks was changed for a repository.
Campos
user_agent, request_id, actor, actor_id, visibility, policy, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, public_repo
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks
repo.set_actions_private_fork_pr_approvals_policy
The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.
Campos
actor, actor_id, user_agent, request_id, visibility, policy, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories
repo.set_actions_retention_limit
The retention period for GitHub Actions artifacts and logs in a repository was changed.
Campos
user_agent, request_id, actor, actor_id, visibility, limit, repo, repo_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository
repo.set_default_workflow_permissions
The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.
Campos
actor, actor_id, user_agent, request_id, visibility, repo, repo_id, public_repo, user, user_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository
repo.set_fork_pr_workflows_policy
Triggered when the policy for workflows on private repository forks is changed.
Campos
user_agent, request_id, actor, actor_id, visibility, policy, repo, repo_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks
repo.set_workflow_permission_can_approve_pr
The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.
Campos
actor, actor_id, user_agent, request_id, visibility, repo, repo_id, public_repo, user, user_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests
repo.staff_unlock
An enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.
Campos
@timestamp, _document_id, user_agent, actor_id, created_at, actor, repo_id, action, org, org_id, request_id, repo, operation_type
repo.temporary_access_granted
Temporary access was enabled for a repository.
Campos
actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
Accessing user-owned repositories in your enterprise
repo.transfer
A user accepted a request to receive a transferred repository.
Campos
@timestamp, user_id, _document_id, request_id, actor_id, repo_id, owner, user, old_user, action, operation_type, created_at, user_agent, repo, visibility, repo_was, actor
Referência
/repositories/creating-and-managing-repositories/transferring-a-repository
repo.transfer_outgoing
A repository was transferred to another repository network.
Campos
user_agent, request_id, actor, actor_id, repo, repo_id, new_nwo, visibility, org, org_id, action, _document_id, @timestamp, created_at, operation_type, public_repo, request_access_security_header
repo.transfer_start
A user sent a request to transfer a repository to another user or organization.
Campos
@timestamp, _document_id, operation_type, user_id, request_id, user, action, user_agent, created_at, actor, visibility, repo_id, actor_id, repo, request_access_security_header
repo.unarchived
A repository was unarchived.
Campos
actor, request_id, actor_id, repo, operation_type, created_at, _document_id, repo_id, user, @timestamp, visibility, user_agent, user_id, action, programmatic_access_type
Referência
/repositories/archiving-a-github-repository
repo.update_actions_access_settings
The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.
Campos
user_agent, request_id, actor, actor_id, visibility, policy, old_policy, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
repo.update_actions_secret
A GitHub Actions secret was updated for a repository.
Campos
user_agent, request_id, actor, actor_id, oauth_application_id, key, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes, programmatic_access_type
Referência
Using secrets in GitHub Actions
repo.update_actions_settings
A repository administrator changed GitHub Actions policy settings for a repository.
Campos
user_agent, request_id, actor, actor_id, visibility, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, new_policy, old_policy, updated_access_policy, programmatic_access_type, actor_is_bot
repo.update_actions_variable
A GitHub Actions variable was updated for a repository.
Campos
actor, actor_id, user_agent, request_id, key, visibility, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
Referência
Store information in variables
repo.update_default_branch
The default branch for a repository was changed.
Campos
user_agent, request_id, actor, actor_id, visibility, repo, repo_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, actor_is_bot
repo.update_integration_secret
A Codespaces or Dependabot secret was updated for a repository.
Campos
user_agent, request_id, actor, actor_id, key, visibility, integration, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, token_scopes, programmatic_access_type, request_access_security_header
repo.update_member
A user's permission to a repository was changed.
Campos
user_agent, action, _document_id, actor, repo_id, created_at, oauth_application_id, user, @timestamp, repo, operation_type, request_id, org_id, actor_id, visibility, old_permission, org, user_id, old_base_role, old_repo_permission, old_repo_base_role, new_repo_base_role, new_repo_permission, token_scopes, programmatic_access_type, actor_is_bot

repository_advisory

repository_advisory.close
Someone closed a security advisory.
Campos
actor, repo, @timestamp, business, business_id, user_agent, actor_id, request_id, action, operation_type, created_at, repo_id, _document_id, org, org_id, request_access_security_header
Referência
/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories
repository_advisory.cve_request
Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.
Campos
repo_id, repo, org_id, actor, action, request_id, org, operation_type, @timestamp, user_agent, actor_id, _document_id, created_at
repository_advisory.github_broadcast
GitHub made a security advisory public in the GitHub Advisory Database.
Campos
user_agent, request_id, actor, actor_id, repo, repo_id, action, operation_type, @timestamp, created_at, _document_id, public_repo
repository_advisory.github_withdraw
GitHub withdrew a security advisory that was published in error.
Campos
user_agent, request_id, actor, actor_id, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
repository_advisory.open
Someone opened a draft security advisory.
Campos
operation_type, user_agent, actor_id, actor, repo, created_at, _document_id, repo_id, action, @timestamp, request_id, request_access_security_header
repository_advisory.publish
Someone published a security advisory.
Campos
operation_type, user_agent, actor_id, @timestamp, actor, repo_id, _document_id, repo, business_id, business, request_id, action, created_at, org_id, org
repository_advisory.reopen
Someone reopened as draft security advisory.
Campos
operation_type, user_agent, repo, action, created_at, @timestamp, request_id, actor_id, _document_id, actor, repo_id, public_repo
repository_advisory.update
Someone edited a draft or published security advisory.
Campos
actor_id, repo_id, org_id, business, actor, user_agent, created_at, _document_id, business_id, repo, action, operation_type, org, @timestamp, request_id

repository_branch_protection_evaluation

repository_branch_protection_evaluation.disable
Branch protections were disabled for the repository.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, org, org_id, business_id, user, user_id, business, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule
repository_branch_protection_evaluation.enable
Branch protections were enabled for this repository.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, org, org_id, business_id, user, user_id, business, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule

repository_code_security

repository_code_security.disable
Code security was disabled for a repository.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
repository_code_security.enable
Code security was enabled for a repository.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot

repository_content_analysis

repository_content_analysis.disable
Data use settings were disabled for a private repository.
Campos
user, repo_id, request_id, actor_id, created_at, user_agent, action, operation_type, actor, repo, user_id, @timestamp, _document_id
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories
repository_content_analysis.enable
Data use settings were enabled for a private repository.
Campos
user, org, user_id, repo_id, @timestamp, request_id, actor, action, operation_type, created_at, actor_id, repo, user_agent, org_id, _document_id
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories

repository_dependency_graph

repository_dependency_graph.disable
The dependency graph was disabled for a private repository.
Campos
repo_id, operation_type, user_id, repo, _document_id, actor, user, action, @timestamp, org_id, actor_id, org, created_at, user_agent, request_id, programmatic_access_type, request_access_security_header
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-fea, tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories
repository_dependency_graph.enable
The dependency graph was enabled for a private repository.
Campos
request_id, user, org, org_id, action, repo, user_id, created_at, user_agent, actor_id, repo_id, operation_type, actor, @timestamp, _document_id, public_repo, token_scopes, programmatic_access_type, actor_is_bot

repository_image

repository_image.create
An image to represent a repository was uploaded.
Campos
user_agent, operation_type, created_at, actor_id, repo_id, action, request_id, actor, content_type, repo, @timestamp, _document_id, user, user_id, request_access_security_header
repository_image.destroy
An image to represent a repository was deleted.
Campos
content_type, created_at, actor_id, user_id, operation_type, request_id, _document_id, actor, repo_id, user_agent, repo, user, action, @timestamp, request_access_security_header

repository_invitation

repository_invitation.accept
An invitation to join a repository was accepted.
Campos
actor_id, created_at, request_id, repo, invitee, operation_type, actor, repo_id, _document_id, action, user_agent, inviter, @timestamp, token_scopes, programmatic_access_type
repository_invitation.cancel
An invitation to join a repository was canceled.
Campos
inviter, action, operation_type, _document_id, repo_id, repo, @timestamp, user_agent, invitee, created_at, request_id, actor, actor_id, request_access_security_header
repository_invitation.create
An invitation to join a repository was sent.
Campos
_document_id, actor, actor_id, @timestamp, invitee, action, request_id, inviter, repo, created_at, user_agent, repo_id, operation_type, token_scopes, programmatic_access_type
repository_invitation.reject
An invitation to join a repository was declined.
Campos
repo, _document_id, actor, invitee, action, @timestamp, request_id, actor_id, operation_type, created_at, inviter, user_agent, repo_id

repository_projects_change

repository_projects_change.clear
The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.
Campos
request_id, created_at, _document_id, action, user_agent, user, business_id, business, operation_type, actor, actor_id, user_id, @timestamp
Referência
Enforcing policies for projects in your enterprise
repository_projects_change.disable
Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.
Campos
created_at, @timestamp, repo, action, operation_type, _document_id, actor_id, user, user_id, user_agent, repo_id, actor, request_id, programmatic_access_type
repository_projects_change.enable
Repository projects were enabled for a repository, all repositories in an organization, or all organizations in an enterprise.
Campos
@timestamp, actor, repo_id, org, request_id, user, user_agent, created_at, org_id, action, user_id, operation_type, _document_id, actor_id, repo

repository_ruleset

repository_ruleset.create
A repository ruleset was created.
Campos
actor, actor_id, user_agent, request_id, name, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules, ruleset_conditions, ruleset_bypass_actors, request_access_security_header
Referência
/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository
repository_ruleset.destroy
A repository ruleset was deleted.
Campos
actor, actor_id, user_agent, request_id, name, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules, ruleset_bypass_actors, request_access_security_header
Referência
/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset
repository_ruleset.update
A repository ruleset was edited.
Campos
actor, actor_id, user_agent, request_id, old_name, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules_updated, ruleset_conditions_added, ruleset_conditions_deleted, ruleset_old_enforcement, ruleset_rules_added, ruleset_rules_deleted, ruleset_old_name, ruleset_conditions_updated, ruleset_bypass_actors_added, ruleset_bypass_actors_deleted, ruleset_bypass_actors_updated, actor_is_bot
Referência
/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset

repository_secret_scanning_automatic_validity_checks

repository_secret_scanning_automatic_validity_checks.disabled
Automatic partner validation checks have been disabled at the repository level
Campos
actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository
repository_secret_scanning_automatic_validity_checks.enabled
Automatic partner validation checks have been enabled at the repository level
Campos
actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository

repository_secret_scanning_custom_pattern

repository_secret_scanning_custom_pattern.create
A custom pattern was created for secret scanning in a repository.
Campos
user_agent, request_id, actor, actor_id, user, user_id, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, public_repo
Referência
Defining custom patterns for secret scanning
repository_secret_scanning_custom_pattern.delete
A custom pattern was removed from secret scanning in a repository.
Campos
user_agent, request_id, actor, actor_id, user, user_id, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, public_repo
Referência
Defining custom patterns for secret scanning
repository_secret_scanning_custom_pattern.publish
A custom pattern was published for secret scanning in a repository.
Campos
actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
Defining custom patterns for secret scanning
repository_secret_scanning_custom_pattern.update
Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.
Campos
user_agent, request_id, actor, actor_id, user, user_id, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, public_repo
Referência
Defining custom patterns for secret scanning

repository_secret_scanning_custom_pattern_push_protection

repository_secret_scanning_custom_pattern_push_protection.disabled
Push protection for a custom pattern for secret scanning was disabled for your repository.
Campos
actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
Referência
Defining custom patterns for secret scanning
repository_secret_scanning_custom_pattern_push_protection.enabled
Push protection for a custom pattern for secret scanning was enabled for your repository.
Campos
actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
Defining custom patterns for secret scanning

repository_secret_scanning

repository_secret_scanning.disable
Secret scanning was disabled for a repository.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, public_repo, programmatic_access_type
Referência
About secret scanning
repository_secret_scanning.enable
Secret scanning was enabled for a repository.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, programmatic_access_type

repository_secret_scanning_generic_secrets

repository_secret_scanning_generic_secrets.disabled
Generic secrets have been disabled at the repository level
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
repository_secret_scanning_generic_secrets.enabled
Generic secrets have been enabled at the repository level
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot

repository_secret_scanning_non_provider_patterns

repository_secret_scanning_non_provider_patterns.disabled
Secret scanning for non-provider patterns was disabled at the repository level.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
Supported secret scanning patterns
repository_secret_scanning_non_provider_patterns.enabled
Secret scanning for non-provider patterns was enabled at the repository level.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
Supported secret scanning patterns

repository_secret_scanning_push_protection_bypass_list

repository_secret_scanning_push_protection_bypass_list.add
A role or team was added to the push protection bypass list at the repository level.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
About push protection
repository_secret_scanning_push_protection_bypass_list.disable
Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Specific roles or teams" to "Anyone with write access" at the repository level.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
About push protection
repository_secret_scanning_push_protection_bypass_list.enable
Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Anyone with write access" to "Specific roles or teams" at the repository level.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
About push protection
repository_secret_scanning_push_protection_bypass_list.remove
A role or team was removed from the push protection bypass list at the repository level.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
About push protection

repository_secret_scanning_push_protection

repository_secret_scanning_push_protection.disable
Secret scanning push protection was disabled for a repository.
Campos
user_agent, request_id, actor, actor_id, user, user_id, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, public_repo, programmatic_access_type, request_access_security_header
Referência
About push protection
repository_secret_scanning_push_protection.enable
Secret scanning push protection was enabled for a repository.
Campos
user_agent, request_id, actor, actor_id, user, user_id, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, public_repo, programmatic_access_type, request_access_security_header
Referência
About push protection

repository_security_configuration

repository_security_configuration.applied
A code security configuration was applied to a repository.
Campos
actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, repository_security_configuration_state, repository_security_configuration_failure_reason, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
repository_security_configuration.failed
A code security configuration failed to attach to the repository.
Campos
actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, repository_security_configuration_failure_reason, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
repository_security_configuration.removed
A code security configuration was removed from a repository.
Campos
actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, repository_security_configuration_state, repository_security_configuration_failure_reason, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
repository_security_configuration.removed_by_settings_change
A code security configuration was removed due to a change in repository or enterprise settings.
Campos
actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, repository_security_configuration_state, repository_security_configuration_failure_reason, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

repository_visibility_change

repository_visibility_change.clear
The repository visibility change setting was cleared for an organization or enterprise.
Campos
created_at, _document_id, request_id, actor_id, business, action, operation_type, user, user_id, business_id, @timestamp, user_agent, actor, request_access_security_header
Referência
/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, Enforcing repository management policies in your enterprise
repository_visibility_change.disable
The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.
Campos
user, org_id, created_at, user_agent, actor, actor_id, org, operation_type, _document_id, @timestamp, user_id, action, request_id, request_access_security_header
repository_visibility_change.enable
The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.
Campos
actor, operation_type, _document_id, @timestamp, user_agent, user, created_at, org, org_id, action, actor_id, user_id, request_id

repository_vulnerability_alert

repository_vulnerability_alert.auto_dismiss
A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.
Campos
actor, actor_id, user_agent, request_id, alert_id, alert_number, ghsa_id, action, repo, repo_id, public_repo, owner, org, org_id, _document_id, @timestamp, created_at, operation_type, business, business_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, request_access_security_header
Referência
About Dependabot auto-triage rules
repository_vulnerability_alert.auto_reopen
A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.
Campos
actor, actor_id, user_agent, request_id, alert_id, alert_number, ghsa_id, action, repo, repo_id, public_repo, owner, org, org_id, _document_id, @timestamp, created_at, operation_type, business, business_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, request_access_security_header
Referência
About Dependabot auto-triage rules
repository_vulnerability_alert.create
GitHub created a Dependabot alert because the repository uses a vulnerable dependency.
Campos
operation_type, request_id, repo_id, @timestamp, user_agent, alert_id, action, repo, created_at, _document_id, token_scopes, alert_number, programmatic_access_type
Referência
/code-security/dependabot/dependabot-alerts/about-dependabot-alerts
repository_vulnerability_alert.dismiss
A Dependabot alert was manually dismissed.
Campos
repo_id, org_id, user_id, request_id, @timestamp, operation_type, user_agent, alert_id, actor, repo, created_at, org, _document_id, action, actor_id, dismiss_reason, user, dismiss_comment, alert_number, actor_is_bot
repository_vulnerability_alert.reintroduce
A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.
Campos
user_agent, request_id, actor, actor_id, alert_id, created_at, action, repo, repo_id, public_repo, owner, _document_id, @timestamp, operation_type, token_scopes, alert_number
repository_vulnerability_alert.reopen
A Dependabot alert was manually reopened.
Campos
user_agent, request_id, actor, actor_id, alert_id, created_at, action, repo, repo_id, owner, org, org_id, _document_id, @timestamp, operation_type, business, business_id, public_repo, alert_number, request_access_security_header
repository_vulnerability_alert.resolve
Changes were pushed to update and resolve a Dependabot alert in a project dependency.
Campos
alert_id, repo, operation_type, action, repo_id, _document_id, user_agent, request_id, @timestamp, created_at, actor, actor_id, token_scopes, alert_number, programmatic_access_type
repository_vulnerability_alert.withdraw
A Dependabot alert was withdrawn.
Campos
alert_id, alert_number, ghsa_id, created_at, active, action, repository_id, repo, repo_id, public_repo, owner, org, org_id, _document_id, @timestamp, operation_type

repository_vulnerability_alerts

repository_vulnerability_alerts.authorized_users_teams
The list of people or teams authorized to receive Dependabot alerts for the repository was updated.
Campos
org, _document_id, repo, org_id, operation_type, created_at, actor, action, @timestamp, user_agent, repo_id, request_id, actor_id, request_access_security_header
Referência
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts
repository_vulnerability_alerts.disable
Dependabot alerts was disabled.
Campos
repo, request_id, repo_id, action, actor_id, @timestamp, created_at, actor, user_agent, org_id, user, org, _document_id, user_id, operation_type, token_scopes, programmatic_access_type
repository_vulnerability_alerts.enable
Dependabot alerts was enabled.
Campos
actor, user_agent, created_at, @timestamp, repo_id, action, user, repo, org, org_id, actor_id, _document_id, user_id, operation_type, request_id, token_scopes, programmatic_access_type, actor_is_bot

repository_vulnerability_alerts_auto_dismissal

repository_vulnerability_alerts_auto_dismissal.disable
Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.
Campos
actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
repository_vulnerability_alerts_auto_dismissal.enable
Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.
Campos
actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

required_status_check

required_status_check.create
A status check was marked as required for a protected branch.
Campos
org, actor_id, @timestamp, business, request_id, context, repo_id, action, repo, _document_id, operation_type, business_id, org_id, actor, created_at, user_agent, token_scopes, programmatic_access_type
Referência
/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging
required_status_check.destroy
A status check was no longer marked as required for a protected branch.
Campos
actor_id, actor, created_at, context, operation_type, @timestamp, request_id, org, user_agent, repo_id, org_id, action, _document_id, repo, programmatic_access_type
Referência
/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging

restrict_notification_delivery

restrict_notification_delivery.disable
Email notification restrictions for an organization or enterprise were disabled.
Campos
user_agent, request_id, actor, actor_id, business, business_id, owner, action, operation_type, @timestamp, created_at, _document_id
Referência
Restricting email notifications for your organization, Restricting email notifications for your enterprise
restrict_notification_delivery.enable
Email notification restrictions for an organization or enterprise were enabled.
Campos
user_agent, request_id, actor, actor_id, org, org_id, business_id, owner, action, operation_type, @timestamp, created_at, _document_id
Referência
Restricting email notifications for your organization, Restricting email notifications for your enterprise

role

role.create
A new custom repository role was created.
Campos
user_agent, request_id, actor, actor_id, created_at, name, owner, base_role, org, org_id, business, business_id, action, operation_type, @timestamp, _document_id, role_permissions, old_role_permissions
Referência
Managing custom repository roles for an organization
role.destroy
A custom repository role was deleted.
Campos
user_agent, request_id, actor, actor_id, created_at, name, owner, role_permissions, base_role, org, org_id, business, business_id, action, operation_type, @timestamp, _document_id
Referência
Managing custom repository roles for an organization
role.update
A custom repository role was edited.
Campos
user_agent, request_id, actor, actor_id, name, owner, role_permissions, base_role, org, org_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, old_role_permissions, old_base_role
Referência
Managing custom repository roles for an organization

secret_scanning_alert

secret_scanning_alert.create
GitHub detected a secret and created a secret scanning alert.
Campos
repo_id, repo, actor_id, actor, org_id, org, business, business_id, number, secret_type, secret_type_display_name, publicly_leaked, multi_repo
Referência
/code-security/secret-scanning/managing-alerts-from-secret-scanning
secret_scanning_alert.public_leak
A secret scanning alert was leaked in a public repo.
Campos
repo_id, repo, actor_id, actor, org_id, org, business, business_id, number, secret_type, secret_type_display_name, publicly_leaked, multi_repo, created_at
Referência
/code-security/secret-scanning/managing-alerts-from-secret-scanning
secret_scanning_alert.reopen
A secret scanning alert was reopened.
Campos
user_agent, request_id, actor, actor_id, number, user, user_id, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, token_scopes, secret_type_display_name
secret_scanning_alert.report
A leaked secret was reported to the secret's provider by secret scanning.
Campos
repo_id, repo, actor_id, actor, org_id, org, business, business_id, number, secret_type, created_at, secret_type_display_name, secret_type_provider, report_result
Referência
/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts
secret_scanning_alert.resolve
A secret scanning alert was resolved.
Campos
user_agent, request_id, actor, actor_id, number, resolution, user, user_id, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, token_scopes, secret_type, secret_type_display_name, publicly_leaked, multi_repo, request_access_security_header
secret_scanning_alert.revoke
A secret scanning alert was revoked.
Campos
user_agent, request_id, actor, actor_id, number, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
secret_scanning_alert.validate
A secret scanning alert was validated.
Campos
repo_id, repo, actor_id, actor, org_id, org, business, business_id, number, created_at, previous_validity, current_validity, secret_type, secret_type_display_name, publicly_leaked, multi_repo
Referência
/code-security/secret-scanning/managing-alerts-from-secret-scanning

secret_scanning_closure_request

secret_scanning_closure_request.approve
A request to close a secret scanning alert was approved by a user.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, number, alert_number, request_reviewer_comment, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
secret_scanning_closure_request.deny
A request to close a secret scanning alert was denied by a user.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, number, alert_number, request_reviewer_comment, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot

secret_scanning

secret_scanning.disable
Secret scanning was disabled for all existing repositories.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
Referência
About secret scanning
secret_scanning.enable
Secret scanning was enabled for all existing repositories.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
Referência
About secret scanning

secret_scanning_new_repos

secret_scanning_new_repos.disable
Secret scanning was disabled for all new repositories.
Campos
user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes
Referência
About secret scanning
secret_scanning_new_repos.enable
Secret scanning was enabled for all new repositories.
Campos
user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
Referência
About secret scanning

secret_scanning_push_protection

secret_scanning_push_protection.bypass
Triggered when a user bypasses the push protection on a secret detected by secret scanning.
Campos
repo_id, repo, actor_id, actor, org_id, org, business, business_id, number, created_at, push_protection_bypass_reason, secret_type, secret_type_display_name, publicly_leaked, multi_repo, request_reviewer, request_reviewer_id
Referência
About push protection

secret_scanning_push_protection_request

secret_scanning_push_protection_request.approve
A request to bypass secret scanning push protection was approved by a user.
Campos
actor, actor_id, user_agent, request_id, number, repository, repository_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
About push protection
secret_scanning_push_protection_request.cancel
A user canceled a request to bypass secret scanning push protection.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, number, repository, repository_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
Working with secret scanning and push protection
secret_scanning_push_protection_request.complete
A user pushed a commit containing a secret for which there is an approved secret scanning push protection bypass request.
Campos
actor, actor_id, user_agent, request_id, request_access_security_header, number, repository, repository_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
Referência
Working with secret scanning and push protection
secret_scanning_push_protection_request.deny
A request to bypass secret scanning push protection was denied by a user.
Campos
actor, actor_id, user_agent, request_id, number, repository, repository_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header, request_reviewer_comment
Referência
About push protection
secret_scanning_push_protection_request.request
A user requested to bypass secret scanning push protection.
Campos
actor, actor_id, user_agent, request_id, number, repository, repository_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
Referência
Working with secret scanning and push protection

secret_scanning_scan

secret_scanning_scan.completed
A secret scanning scan has completed on this repository.
Campos
repo_id, org_id, business_id, source, type, source_slug, type_slug, started_at, completed_at, repo, public_repo, org, business, action, _document_id, @timestamp, created_at, operation_type, secret_types, custom_pattern_name, custom_pattern_scope
Referência
About secret scanning

security_configuration

security_configuration.create
A security configuration was created
Campos
actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, security_configuration_description, security_configuration_created_at, security_configuration_updated_at, security_configuration_enable_ghas, security_configuration_private_vulnerability_reporting, security_configuration_dependency_graph, security_configuration_dependabot_alerts, security_configuration_dependabot_security_updates, security_configuration_code_scanning, security_configuration_secret_scanning, security_configuration_secret_scanning_push_protection, security_configuration_secret_scanning_validity_checks, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, security_configuration_dependency_graph_autosubmit_action, security_configuration_secret_scanning_non_provider_patterns, security_configuration_secret_scanning_delegated_bypass, security_configuration_secret_scanning_generic_secrets, security_configuration_secret_scanning_delegated_alert_dismissal, security_configuration_code_scanning_delegated_alert_dismissal, security_configuration_code_security_sku_enabled, security_configuration_secret_protection_sku_enabled
security_configuration.delete
A security configuration was deleted
Campos
actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, security_configuration_description, security_configuration_created_at, security_configuration_updated_at, security_configuration_enable_ghas, security_configuration_private_vulnerability_reporting, security_configuration_dependency_graph, security_configuration_dependabot_alerts, security_configuration_dependabot_security_updates, security_configuration_code_scanning, security_configuration_secret_scanning, security_configuration_secret_scanning_push_protection, security_configuration_secret_scanning_validity_checks, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, security_configuration_dependency_graph_autosubmit_action, security_configuration_secret_scanning_non_provider_patterns, security_configuration_secret_scanning_delegated_bypass, security_configuration_secret_scanning_delegated_alert_dismissal, security_configuration_code_scanning_delegated_alert_dismissal, security_configuration_code_security_sku_enabled, security_configuration_secret_protection_sku_enabled
security_configuration.update
A security configuration was updated
Campos
actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, security_configuration_description, security_configuration_created_at, security_configuration_updated_at, security_configuration_enable_ghas, security_configuration_private_vulnerability_reporting, security_configuration_dependency_graph, security_configuration_dependabot_alerts, security_configuration_dependabot_security_updates, security_configuration_code_scanning, security_configuration_secret_scanning, security_configuration_secret_scanning_push_protection, security_configuration_secret_scanning_validity_checks, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, security_configuration_dependency_graph_autosubmit_action, security_configuration_secret_scanning_non_provider_patterns, security_configuration_secret_scanning_delegated_bypass, security_configuration_secret_scanning_generic_secrets, security_configuration_secret_scanning_delegated_alert_dismissal, security_configuration_code_scanning_delegated_alert_dismissal, security_configuration_code_security_sku_enabled, security_configuration_secret_protection_sku_enabled

security_configuration_default

security_configuration_default.delete
A default security configuration setting for new repositories was removed.
Campos
actor, actor_id, user_agent, request_id, default_for_new_private_repos, default_for_new_public_repos, security_configuration_name, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
security_configuration_default.update
A default security configuration setting for new repositories was updated.
Campos
actor, actor_id, user_agent, request_id, default_for_new_private_repos, default_for_new_public_repos, security_configuration_name, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot

security_configuration_policy

security_configuration_policy.update
A security configuration policy was updated
Campos
actor, actor_id, user_agent, request_id, enforcement, security_configuration_name, action, _document_id, @timestamp, created_at, operation_type

sponsors

sponsors.agreement_sign
A GitHub Sponsors agreement was signed on behalf of an organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, sponsors_listing_id, action, _document_id, @timestamp, created_at, operation_type
sponsors.custom_amount_settings_change
Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.
Campos
user_agent, request_id, actor, actor_id, org, org_id, sponsors_listing_id, action, operation_type, @timestamp, created_at, _document_id
Referência
/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers
sponsors.fiscal_host_change
The fiscal host for a GitHub Sponsors listing was updated.
Campos
user_agent, request_id, actor, actor_id, org, org_id, sponsors_listing_id, action, _document_id, @timestamp, created_at, operation_type
sponsors.repo_funding_links_file_action
The FUNDING file in a repository was changed.
Campos
@timestamp, action, created_at, _document_id, request_id, repository, repository_id, actor, user_agent, actor_id, operation_type
Referência
/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository
sponsors.sponsor_sponsorship_cancel
A sponsorship was canceled.
Campos
operation_type, _document_id, created_at, actor, user, action, actor_id, user_id, @timestamp
Referência
Downgrading a sponsorship
sponsors.sponsor_sponsorship_create
A sponsorship was created, by sponsoring an account.
Campos
actor, user_id, action, @timestamp, user_agent, request_id, user, operation_type, created_at, actor_id, _document_id
Referência
/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes
sponsors.sponsor_sponsorship_payment_complete
After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.
Campos
active, user, user_id, actor, actor_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
Referência
/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes
sponsors.sponsor_sponsorship_preference_change
The option to receive email updates from a sponsored account was changed.
Campos
actor_id, action, @timestamp, request_id, user_id, created_at, user, _document_id, user_agent, actor, operation_type
Referência
/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship
sponsors.sponsor_sponsorship_tier_change
A sponsorship was upgraded or downgraded.
Campos
user_id, actor, actor_id, action, user, operation_type, @timestamp, _document_id, created_at
Referência
Upgrading a sponsorship, Downgrading a sponsorship
sponsors.sponsored_developer_approve
A GitHub Sponsors account was approved.
Campos
user_id, action, user_agent, request_id, actor, user, operation_type, @timestamp, created_at, actor_id, _document_id
Referência
/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.sponsored_developer_create
A GitHub Sponsors account was created.
Campos
user_id, operation_type, request_id, actor_id, @timestamp, _document_id, user, action, created_at, user_agent, actor
Referência
/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.sponsored_developer_disable
A GitHub Sponsors account was disabled.
Campos
user_agent, request_id, actor, actor_id, user, user_id, sponsors_listing_id, action, operation_type, @timestamp, created_at, _document_id
sponsors.sponsored_developer_profile_update
The profile for GitHub Sponsors account was edited.
Campos
@timestamp, actor_id, operation_type, created_at, user_agent, request_id, actor, action, _document_id, request_access_security_header
Referência
/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors
sponsors.sponsored_developer_redraft
A GitHub Sponsors account was returned to draft state from approved state.
Campos
@timestamp, created_at, request_id, user, action, user_agent, operation_type, _document_id, actor, actor_id, user_id
sponsors.sponsored_developer_request_approval
An application for GitHub Sponsors was submitted for approval.
Campos
user_agent, user, @timestamp, actor_id, user_id, request_id, _document_id, actor, action, operation_type, created_at
Referência
/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.sponsored_developer_tier_description_update
The description for a sponsorship tier was changed.
Campos
operation_type, request_id, actor, user_id, action, @timestamp, _document_id, user_agent, actor_id, user, created_at
Referência
/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers
sponsors.sponsors_patreon_user_create
A Patreon account was linked to a user account for use with GitHub Sponsors.
Campos
actor, actor_id, user_agent, request_id, patreon_email, patreon_username, user, user_id, action, _document_id, @timestamp, created_at, operation_type
Referência
/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account
sponsors.sponsors_patreon_user_destroy
A Patreon account for use with GitHub Sponsors was unlinked from a user account.
Campos
actor, actor_id, user_agent, request_id, patreon_email, patreon_username, user, user_id, action, _document_id, @timestamp, created_at, operation_type
Referência
Unlinking your Patreon account from GitHub
sponsors.update_tier_repository
A GitHub Sponsors tier changed access for a repository.
Campos
user_agent, request_id, actor, actor_id, user, user_id, sponsors_listing_id, repo, repo_id, action, _document_id, @timestamp, created_at, operation_type
sponsors.update_tier_welcome_message
The welcome message for a GitHub Sponsors tier for an organization was updated.
Campos
user_agent, request_id, actor, actor_id, user, user_id, sponsors_listing_id, action, _document_id, @timestamp, created_at, operation_type
sponsors.withdraw_agreement_signature
A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.
Campos
user_agent, request_id, actor, actor_id, user, user_id, sponsors_listing_id, action, _document_id, @timestamp, created_at, operation_type

ssh_certificate_authority

ssh_certificate_authority.create
An SSH certificate authority for an organization or enterprise was created.
Campos
@timestamp, _document_id, fingerprint, operation_type, openssh_public_key, org_id, actor, created_at, org, action, user_agent, actor_id, request_id
Referência
Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise
ssh_certificate_authority.destroy
An SSH certificate authority for an organization or enterprise was deleted.
Campos
created_at, _document_id, fingerprint, operation_type, actor, org_id, openssh_public_key, org, action, user_agent, actor_id, @timestamp, request_id
Referência
Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise

ssh_certificate_requirement

ssh_certificate_requirement.disable
The requirement for members to use SSH certificates to access an organization resources was disabled.
Campos
user, user_agent, operation_type, _document_id, request_id, org, org_id, created_at, actor, action, user_id, business, business_id, @timestamp, actor_id
Referência
Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise
ssh_certificate_requirement.enable
The requirement for members to use SSH certificates to access an organization resources was enabled.
Campos
actor_id, user_id, org, operation_type, request_id, @timestamp, _document_id, actor, user, action, org_id, created_at, user_agent
Referência
Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise

sso_redirect

Note: Automatically redirecting users to sign in is currently in beta for Enterprise Managed Users and subject to change.

sso_redirect.disable
Automatic redirects for users to single sign-on (SSO) was disabled.
Campos
user_agent, request_id, actor, actor_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
sso_redirect.enable
Automatic redirects for users to single sign-on (SSO) was enabled.
Campos
user_agent, request_id, actor, actor_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

staff

staff.set_domain_token_expiration
The verification code expiry time for an organization or enterprise domain was set.
Campos
user_agent, request_id, actor, actor_id, owner_type, domain_name, business_id, token_expires_at, owner, action, operation_type, @timestamp, created_at, _document_id
staff.unverify_domain
An organization or enterprise domain was unverified.
Campos
user_agent, request_id, actor, actor_id, created_at, owner_type, domain_name, owner, action, operation_type, @timestamp, _document_id
staff.verify_domain
An organization or enterprise domain was verified.
Campos
user_agent, request_id, actor, actor_id, domain_name, action, operation_type, @timestamp, created_at, _document_id

team

team.add_member
A member of an organization was added to a team.
Campos
user_agent, request_id, org_id, user_id, team, user, @timestamp, actor_id, created_at, operation_type, _document_id, org, action, actor, programmatic_access_type
Referência
/organizations/organizing-members-into-teams/adding-organization-members-to-a-team
team.add_repository
A team was given access and permissions to a repository.
Campos
actor, team, action, operation_type, request_id, created_at, @timestamp, org, repo, actor_id, _document_id, repo_id, user_agent, org_id, token_scopes, programmatic_access_type, actor_is_bot
team.change_parent_team
A child team was created or a child team's parent was changed.
Campos
org, @timestamp, created_at, _document_id, team, action, operation_type, actor, request_id, actor_id, user_agent, org_id, programmatic_access_type, request_access_security_header
Referência
/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy
team.change_privacy
A team's privacy level was changed.
Campos
user_agent, request_id, org, action, team, created_at, operation_type, actor_id, org_id, @timestamp, actor, _document_id
Referência
/organizations/organizing-members-into-teams/changing-team-visibility
team.create
A new team is created.
Campos
request_id, actor_id, oauth_application_id, action, operation_type, @timestamp, org_id, user_agent, team, org, actor, created_at, _document_id, token_scopes, programmatic_access_type
team.demote_maintainer
A user was demoted from a team maintainer to a team member.
Campos
user_agent, request_id, actor, actor_id, team, org, org_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes
Referência
/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member
team.destroy
A team was deleted.
Campos
created_at, org, team, org_id, actor_id, actor, action, @timestamp, user_agent, request_id, operation_type, _document_id, programmatic_access_type
team.promote_maintainer
A user was promoted from a team member to a team maintainer.
Campos
user_agent, request_id, actor, actor_id, team, org, org_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header
Referência
/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer
team.remove_member
An organization member was removed from a team.
Campos
request_id, operation_type, created_at, actor_id, org, org_id, team, user_id, actor, user, action, @timestamp, user_agent, _document_id, token_scopes, programmatic_access_type
Referência
/organizations/organizing-members-into-teams/removing-organization-members-from-a-team
team.remove_repository
A repository was removed from a team's control.
Campos
request_id, org_id, repo, repo_id, action, _document_id, actor, @timestamp, actor_id, user_agent, created_at, team, org, operation_type, programmatic_access_type
team.rename
A team's name was changed.
Campos
name, user_agent, created_at, team, operation_type, actor_id, org, action, request_id, actor, org_id, @timestamp, _document_id, programmatic_access_type, request_access_security_header
team.update_repository_permission
A team's permission to a repository was changed.
Campos
actor_id, team, org_id, @timestamp, org, _document_id, old_permission, request_id, repo, action, repo_id, actor, operation_type, created_at, user_agent, permission, new_repo_permission, new_repo_base_role, old_repo_permission, old_repo_base_role, token_scopes, programmatic_access_type

team_discussions

team_discussions.clear
An organization owner cleared the setting to allow team discussions for an organization or enterprise.
Campos
business_id, operation_type, @timestamp, user_agent, actor, actor_id, user, business, action, request_id, created_at, user_id, _document_id
team_discussions.disable
Team discussions were disabled for an organization.
Campos
org_id, action, operation_type, request_id, actor, org, created_at, actor_id, user, user_id, @timestamp, user_agent, _document_id
Referência
Organizations and teams documentation
team_discussions.enable
Team discussions were enabled for an organization.
Campos
actor_id, @timestamp, action, _document_id, user_agent, user_id, business_id, request_id, user, business, operation_type, actor, created_at

team_sync_tenant

team_sync_tenant.disabled
Team synchronization with a tenant was disabled.
Campos
action, created_at, actor, request_id, org_id, actor_id, operation_type, _document_id, @timestamp, org, user_agent
Referência
Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise
team_sync_tenant.enabled
Team synchronization with a tenant was enabled.
Campos
org_id, business_id, actor, created_at, user_agent, @timestamp, operation_type, business, actor_id, org, request_id, action, _document_id
Referência
Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise
team_sync_tenant.update_okta_credentials
The Okta credentials for team synchronization with a tenant were changed.
Campos
user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id

user_email

user_email.confirm_claim
An enterprise managed user claimed an email address.
Campos
actor, actor_id, user_agent, request_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

vulnerability_alert_rule

vulnerability_alert_rule.create
A Dependabot rule was created.
Campos
actor, actor_id, user_agent, request_id, repo_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, action, _document_id, @timestamp, created_at, operation_type
vulnerability_alert_rule.delete
A Dependabot rule was deleted.
Campos
actor, actor_id, user_agent, request_id, repo_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, action, _document_id, @timestamp, created_at, operation_type
vulnerability_alert_rule.disable
A Dependabot rule was disabled for a single repository or disabled by default for an organization.
Campos
actor, actor_id, user_agent, request_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type
vulnerability_alert_rule.enable
A Dependabot rule was enabled for a single repository or enabled by default for an organization.
Campos
actor, actor_id, user_agent, request_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
vulnerability_alert_rule.force_disable
A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.
Campos
actor, actor_id, user_agent, request_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, action, org, org_id, _document_id, @timestamp, created_at, operation_type, business, business_id
vulnerability_alert_rule.force_enable
A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.
Campos
actor, actor_id, user_agent, request_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, action, org, org_id, _document_id, @timestamp, created_at, operation_type, business, business_id
vulnerability_alert_rule.update
A Dependabot rule's conditions, actions, or metadata changed.
Campos
actor, actor_id, user_agent, request_id, repo_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, action, _document_id, @timestamp, created_at, operation_type

workflows

workflows.approve_workflow_job
A workflow job was approved.
Campos
user_agent, request_id, actor, actor_id, workflow_run_id, run_number, user, user_id, repo, repo_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, token_scopes, programmatic_access_type, request_access_security_header
Referência
Reviewing deployments
workflows.cancel_workflow_run
A workflow run was cancelled.
Campos
user_agent, request_id, actor, actor_id, created_at, started_at, event, name, workflow_run_id, head_branch, head_sha, run_number, cancelled_at, workflow_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, business, business_id, trigger_id, public_repo, programmatic_access_type, request_access_security_header
Referência
Canceling a workflow
workflows.completed_workflow_run
A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Campos
user_agent, request_id, actor, actor_id, created_at, started_at, event, name, workflow_run_id, head_branch, head_sha, completed_at, conclusion, run_number, workflow_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, business, business_id, trigger_id, run_attempt, programmatic_access_type, actor_is_bot
Referência
Viewing workflow run history
workflows.created_workflow_run
A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Campos
user_agent, request_id, actor, actor_id, created_at, started_at, event, name, workflow_run_id, head_branch, head_sha, workflow_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, business, business_id, trigger_id, public_repo, programmatic_access_type, actor_is_bot, request_access_security_header
Referência
Understanding GitHub Actions
workflows.delete_workflow_run
A workflow run was deleted.
Campos
user_agent, request_id, actor, actor_id, repo, repo_id, action, operation_type, @timestamp, created_at, _document_id, workflow_run_id, started_at, head_branch, head_sha, trigger_id, programmatic_access_type
Referência
Deleting a workflow run
workflows.disable_workflow
A workflow was disabled.
Campos
user_agent, request_id, actor, actor_id, repo, repo_id, workflow_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, actor_is_bot, request_access_security_header
workflows.enable_workflow
A workflow was enabled, after previously being disabled by disable_workflow.
Campos
user_agent, request_id, actor, actor_id, repo, repo_id, workflow_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, request_access_security_header
workflows.pin_workflow
A workflow was pinned.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, workflow_id, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
workflows.prepared_workflow_job
A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Campos
repo_id, repo, org_id, org, business_id, business, workflow_run_id, job_name, runner_labels, is_hosted_runner, environment_name, secrets_passed, action, _document_id, operation_type, created_at, @timestamp, runner_owner_type, job_workflow_ref, calling_workflow_refs, calling_workflow_shas, imposer_repo
Referência
Events that trigger workflows
workflows.reject_workflow_job
A workflow job was rejected.
Campos
user_agent, request_id, actor, actor_id, workflow_run_id, run_number, user, user_id, repo, repo_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, request_access_security_header
Referência
Reviewing deployments
workflows.rerun_workflow_run
A workflow run was re-run.
Campos
user_agent, request_id, actor, actor_id, created_at, started_at, event, name, workflow_run_id, head_branch, head_sha, run_number, workflow_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, business, business_id, trigger_id, run_attempt, rerun_type, check_run_id, programmatic_access_type, actor_is_bot
Referência
Re-running workflows and jobs
workflows.unpin_workflow
A workflow was unpinned after previously being pinned.
Campos
actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, workflow_id, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header