Remarque
- Cet article contient les événements disponibles dans la dernière version de GitHub Enterprise Server. Certains des événements peuvent ne pas être disponibles dans les versions précédentes.
- Cet article contient les événements qui peuvent apparaître dans le journal de sécurité de votre compte d'utilisateur. Pour les événements qui peuvent apparaître dans le journal d’audit d’une organisation ou dans le journal d’audit d’une entreprise, consultez Événements du journal d’audit pour votre organisation et Événements du journal d’audit pour votre entreprise.
Informations sur les événements du journal de sécurité
Le nom de chaque entrée dans le journal d’audit est composé du qualificateur d’objet ou de catégorie, suivi d’un type d’opération. Par exemple, l’entrée repo.create fait référence à l’opération create sur la catégorie repo. Les informations de référence de cet article sont regroupées par catégories.
Audit log events
account
account.plan_change- The account's plan changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- How GitHub billing works
actions_cache
actions_cache.delete- A GitHub Actions cache was deleted using the REST API.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,actions_cache_id,actions_cache_key,actions_cache_version,actions_cache_scope,created_at,operation_type
artifact
artifact.destroy- A workflow run artifact was manually deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
billing
billing.change_billing_type- The way the account pays for GitHub was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- Managing your payment and billing information
billing.change_email- The billing email address changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,email- Référence
- Managing your payment and billing information
business
business.set_actions_fork_pr_approvals_policy- The policy for requiring approvals for workflows from public forks was changed for an enterprise.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,policy,created_at,operation_type- Référence
- Enforcing policies for GitHub Actions in your enterprise
business.set_actions_private_fork_pr_approvals_policy- The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,policy,created_at,operation_type- Référence
- Enforcing policies for GitHub Actions in your enterprise
business.set_actions_retention_limit- The retention period for GitHub Actions artifacts and logs was changed for an enterprise.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,limit,operation_type,created_at- Référence
- Enforcing policies for GitHub Actions in your enterprise
business.set_default_workflow_permissions- The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,created_at,operation_type- Référence
- Enforcing policies for GitHub Actions in your enterprise
business.set_fork_pr_workflows_policy- The policy for fork pull request workflows was changed for an enterprise.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,policy,operation_type,created_at- Référence
- Enforcing policies for GitHub Actions in your enterprise
business.set_workflow_permission_can_approve_pr- The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,created_at,operation_type- Référence
- Enforcing policies for GitHub Actions in your enterprise
checks
checks.auto_trigger_disabled- Automatic creation of check suites was disabled on a repository in the organization or enterprise.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,created_at,operation_type- Référence
- /rest/checks#update-repository-preferences-for-check-suites
checks.auto_trigger_enabled- Automatic creation of check suites was enabled on a repository in the organization or enterprise.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,operation_type,created_at,public_repo- Référence
- /rest/checks#update-repository-preferences-for-check-suites
checks.delete_logs- Logs in a check suite were deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
codespaces
codespaces.allow_permissions- A codespace using custom permissions from its devcontainer.json file was launched.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,origin_repository,created_at,operation_type
codespaces.connect- Credentials for a codespace were refreshed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,pull_request_id,owner,name,operation_type,created_at,public_repo,actor_is_bot,machine_type,devcontainer_path
codespaces.create- A codespace was created
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,pull_request_id,owner,name,operation_type,created_at,actor_is_bot,machine_type,devcontainer_path- Référence
- Creating a codespace for a repository
codespaces.destroy- A user deleted a codespace.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,pull_request_id,owner,name,operation_type,created_at- Référence
- Deleting a codespace
codespaces.export_environment- A codespace was exported to a branch on GitHub.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,owner,created_at,operation_type,public_repo
codespaces.restore- A codespace was restored.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,owner,public_repo,created_at,operation_type
codespaces.start_environment- A codespace was started.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,owner,pull_request_id,machine_type,devcontainer_path,public_repo,created_at,operation_type
codespaces.suspend_environment- A codespace was stopped.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,owner,operation_type,created_at,public_repo
codespaces.trusted_repositories_access_update- A personal account's access and security setting for Codespaces were updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Managing access to other repositories within your codespace
copilot
copilot.cfb_seat_added- A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
copilot.cfb_seat_assignment_created- A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- What is GitHub Copilot?
copilot.cfb_seat_assignment_refreshed- A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
copilot.cfb_seat_assignment_reused- A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
copilot.cfb_seat_assignment_unassigned- A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
copilot.cfb_seat_cancelled- A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type,seat_assignment
copilot.cfb_seat_cancelled_by_staff- A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
dependabot_alerts
dependabot_alerts.disable- Dependabot alerts were disabled for all existing repositories.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories
dependabot_alerts.enable- Dependabot alerts were enabled for all existing repositories.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories
dependabot_alerts_new_repos
dependabot_alerts_new_repos.disable- Dependabot alerts were disabled for all new repositories.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added
dependabot_alerts_new_repos.enable- Dependabot alerts were enabled for all new repositories.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added
dependabot_repository_access
dependabot_repository_access.repositories_updated- The repositories that Dependabot can access were updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
dependabot_security_updates
dependabot_security_updates.disable- Dependabot security updates were disabled for all existing repositories.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependabot_security_updates.enable- Dependabot security updates were enabled for all existing repositories.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
dependabot_security_updates_new_repos
dependabot_security_updates_new_repos.disable- Dependabot security updates were disabled for all new repositories.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependabot_security_updates_new_repos.enable- Dependabot security updates were enabled for all new repositories.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
dependency_graph
dependency_graph.disable- The dependency graph was disabled for all existing repositories.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependency_graph.enable- The dependency graph was enabled for all existing repositories.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
dependency_graph_new_repos
dependency_graph_new_repos.disable- The dependency graph was disabled for all new repositories.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependency_graph_new_repos.enable- The dependency graph was enabled for all new repositories.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
environment
environment.add_protection_rule- A GitHub Actions deployment protection rule was created via the API.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,operation_type,created_at- Référence
- Managing environments for deployment
environment.create_actions_secret- A secret was created for a GitHub Actions environment.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,key,visibility,operation_type,created_at,public_repo- Référence
- Managing environments for deployment
environment.create_actions_variable- A variable was created for a GitHub Actions environment.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,visibility,environment_name,public_repo,created_at,operation_type,actor_is_bot- Référence
- Store information in variables
environment.delete- An environment was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,operation_type,created_at,public_repo,actor_is_bot- Référence
- Managing environments for deployment
environment.remove_actions_secret- A secret was deleted for a GitHub Actions environment.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,key,operation_type,created_at,public_repo- Référence
- Managing environments for deployment
environment.remove_actions_variable- A variable was deleted for a GitHub Actions environment.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,environment_name,public_repo,created_at,operation_type- Référence
- Store information in variables
environment.remove_protection_rule- A GitHub Actions deployment protection rule was deleted via the API.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,operation_type,created_at,public_repo- Référence
- Managing environments for deployment
environment.update_actions_secret- A secret was updated for a GitHub Actions environment.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,key,visibility,operation_type,created_at,public_repo- Référence
- Managing environments for deployment
environment.update_actions_variable- A variable was updated for a GitHub Actions environment.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,visibility,environment_name,public_repo,created_at,operation_type- Référence
- Store information in variables
environment.update_protection_rule- A GitHub Actions deployment protection rule was updated via the API.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,new_value,approvers_was,approvers,can_admins_bypass,prevent_self_review- Référence
- Managing environments for deployment
gist
gist.create- A gist was created.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,gist_id,created_at,operation_type,visibility
gist.destroy- A gist was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,gist_id,visibility,created_at,operation_type
gist.visibility_change- The visibility of a gist was updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,gist_id,visibility,created_at
git_signing_ssh_public_key
git_signing_ssh_public_key.create- An SSH key was added to a user account as a Git commit signing key.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,title,key,fingerprint,created_at,operation_type- Référence
- /authentication/managing-commit-signature-verification/telling-git-about-your-signing-key
git_signing_ssh_public_key.delete- An SSH key was removed from a user account as a Git commit signing key.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,title,key,fingerprint,explanation,created_at,operation_type- Référence
- /authentication/managing-commit-signature-verification/telling-git-about-your-signing-key
hook
hook.active_changed- A hook's active status was updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,name,events,active,active_was,hook_id,operation_type
hook.config_changed- A hook's configuration was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,name,hook_id,created_at,oauth_application_id,events
hook.create- A new hook was added.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application,oauth_application_id,hook_id,events,operation_type,name,created_at- Référence
- About webhooks
hook.destroy- A hook was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,events,created_at,name,operation_type,oauth_application_id,hook_id
hook.events_changed- A hook's configured events were changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,events,operation_type,name,events_were,created_at,hook_id,oauth_application_id
integration
integration.create- A GitHub App was created.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,name,integration,created_at,application_client_id
integration.destroy- A GitHub App was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,integration,operation_type,created_at
integration.manager_added- A member of an enterprise or organization was added as a GitHub App manager.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,name,manager,operation_type,integration- Référence
- /organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization
integration.manager_removed- A member of an enterprise or organization was removed from being a GitHub App manager.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,integration,name,created_at,manager- Référence
- /organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization
integration.remove_client_secret- A client secret for a GitHub App was removed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,integration,operation_type,created_at
integration.revoke_all_tokens- All user tokens for a GitHub App were requested to be revoked.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,integration,operation_type,created_at,application_client_id
integration.revoke_tokens- Token(s) for a GitHub App were revoked.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,integration,operation_type,created_at,application_client_id
integration.suspend- A GitHub App was suspended.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,integration,created_at,operation_type,application_client_id- Référence
- /apps/maintaining-github-apps/suspending-a-github-app-installation
integration.transfer- Ownership of a GitHub App was transferred to another user or organization.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,transfer_to_id,requester,requester_id,created_at,transfer_to,operation_type,integration,transfer_from,transfer_from_id,transfer_from_type,transfer_to_type- Référence
- /apps/maintaining-github-apps/transferring-ownership-of-a-github-app
integration.unsuspend- A GitHub App was unsuspended.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,integration,created_at,operation_type,application_client_id- Référence
- /apps/maintaining-github-apps/suspending-a-github-app-installation
integration_installation
integration_installation.create- A GitHub App was installed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,name,repository_selection,created_at,integration,application_client_id- Référence
- /apps/using-github-apps/authorizing-github-apps
integration_installation.destroy- A GitHub App was uninstalled.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,repository_selection,integration,operation_type,name,application_client_id- Référence
- /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access
integration_installation.repositories_added- Repositories were added to a GitHub App.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,repository_selection,name,integration,operation_type,repositories_added,created_at,repositories_added_names,actor_is_bot,application_client_id- Référence
- /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access
integration_installation.repositories_removed- Repositories were removed from a GitHub App.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,repository_selection,repositories_removed,integration,created_at,name,repositories_removed_names,actor_is_bot,application_client_id- Référence
- /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access
integration_installation.suspend- A GitHub App was suspended.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,repository_selection,integration,operation_type,created_at,application_client_id- Référence
- /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access
integration_installation.unsuspend- A GitHub App was unsuspended.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,repository_selection,integration,operation_type,created_at- Référence
- /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access
integration_installation.version_updated- Permissions for a GitHub App were updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,integration,name,operation_type,created_at,repository_selection,application_client_id- Référence
- /apps/using-github-apps/approving-updated-permissions-for-a-github-app
marketplace_agreement_signature
marketplace_agreement_signature.create- The GitHub Marketplace Developer Agreement was signed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
marketplace_listing
marketplace_listing.approve- A listing was approved for inclusion in GitHub Marketplace.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,secondary_category,primary_category,operation_type,created_at,marketplace_listing,integration
marketplace_listing.change_category- A category for a listing for an app in GitHub Marketplace was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,primary_category,marketplace_listing,integration,secondary_category,operation_type,created_at
marketplace_listing.create- A listing for an app in GitHub Marketplace was created.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,primary_category,created_at,oauth_application,marketplace_listing,secondary_category,oauth_application_id,operation_type
marketplace_listing.delist- A listing was removed from GitHub Marketplace.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,secondary_category,operation_type,marketplace_listing,primary_category,integration
marketplace_listing.redraft- A listing was sent back to draft state.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,secondary_category,oauth_application_id,operation_type,oauth_application,created_at,marketplace_listing,primary_category
marketplace_listing.reject- A listing was not accepted for inclusion in GitHub Marketplace.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,primary_category,secondary_category,marketplace_listing,oauth_application,oauth_application_id,operation_type,created_at
merge_queue
merge_queue.pull_request_dequeued- A pull request was removed from a merge queue.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,public_repo,created_at,operation_type
merge_queue.pull_request_queue_jump- A pull request was moved ahead in a merge queue.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,public_repo,created_at,operation_type
merge_queue.queue_cleared- A merge queue was cleared.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,public_repo,created_at,operation_type
merge_queue.update_settings- The settings for a merge queue were updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,max_entries_to_build,min_entries_to_merge,public_repo,created_at,operation_type
migration
migration.create- A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type,actor_is_bot
oauth_access
oauth_access.create- An OAuth access token was generated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,oauth_application_name- Référence
- /apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens
oauth_access.destroy- An OAuth access token was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,explanation,oauth_application_name- Référence
- /apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps
oauth_access.regenerate- An OAuth access token was regenerated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type,oauth_application_name
oauth_access.update- An OAuth access token was updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
oauth_application
oauth_application.create- An OAuth application was created.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,oauth_application_id,operation_type,oauth_application- Référence
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.destroy- An OAuth application was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,oauth_application_id,operation_type,oauth_application- Référence
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.generate_client_secret- An OAuth application's secret key was generated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application,oauth_application_id,operation_type,created_at- Référence
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.remove_client_secret- An OAuth application's secret key was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application,oauth_application_id,operation_type,created_at- Référence
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.reset_secret- The secret key for an OAuth application was reset.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application,operation_type,created_at,oauth_application_id- Référence
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.revoke_all_tokens- All user tokens for an OAuth application were requested to be revoked.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application,oauth_application_id,operation_type,created_at- Référence
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.revoke_tokens- Token(s) for an OAuth application were revoked.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,oauth_application,created_at,operation_type- Référence
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.transfer- An OAuth application was transferred from one account to another.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,oauth_application,oauth_application_id- Référence
- /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_authorization
oauth_authorization.create- An authorization for an OAuth application was created.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,actor_is_bot,oauth_application_name- Référence
- /apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps
oauth_authorization.destroy- An authorization for an OAuth application was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,explanation,actor_is_bot,oauth_application_name- Référence
- Reviewing and revoking authorization of GitHub Apps
org
org.add_member- A user joined an organization.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,permission,operation_type,created_at,actor_is_bot
org.add_outside_collaborator- An outside collaborator was added to a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,inviter,public_repo,permission,invitee,created_at,operation_type
org.advanced_security_disabled_for_new_repos- GitHub Advanced Security was disabled for new repositories in an organization.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
org.advanced_security_disabled_on_all_repos- GitHub Advanced Security was disabled for all repositories in an organization.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
org.advanced_security_enabled_for_new_repos- GitHub Advanced Security was enabled for new repositories in an organization.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
org.advanced_security_enabled_on_all_repos- GitHub Advanced Security was enabled for all repositories in an organization.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
org.remove_member- A member was removed from an organization, either manually or due to a two-factor authentication requirement.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
org.security_center_export_coverage- A CSV export was requested on the Coverage page.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,query,filename,requested_at,created_at,operation_type,actor_is_bot
org.security_center_export_overview_dashboard- A CSV export was requested on the Overview Dashboard page.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,query,filename,requested_at,start_date,end_date,created_at,operation_type,actor_is_bot
org.security_center_export_risk- A CSV export was requested on the Risk page.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,query,filename,requested_at,created_at,operation_type,actor_is_bot
org.set_actions_fork_pr_approvals_policy- The setting for requiring approvals for workflows from public forks was changed for an organization.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,policy,created_at,operation_type- Référence
- /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks
org.set_actions_private_fork_pr_approvals_policy- The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,policy,created_at,operation_type- Référence
- /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks
org.set_actions_retention_limit- The retention period for GitHub Actions artifacts and logs in an organization was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,limit,operation_type,created_at- Référence
- /organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization
org.set_default_workflow_permissions- The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization
org.set_fork_pr_workflows_policy- The policy for workflows on private repository forks was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,policy,operation_type,created_at- Référence
- /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks
org.set_workflow_permission_can_approve_pr- The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests
org.update_member- A person's role was changed from owner to member or member to owner.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,old_permission,permission,operation_type
org.update_member_repository_creation_permission- The create repository permission for organization members was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,permission,created_at,visibility,operation_type
org.update_member_repository_invitation_permission- An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,permission,created_at,operation_type- Référence
- Setting permissions for adding outside collaborators
pages_protected_domain
pages_protected_domain.create- A GitHub Pages verified domain was created for an organization or enterprise.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,owner,owner_type,domain,state,created_at,operation_type- Référence
- /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages
pages_protected_domain.delete- A GitHub Pages verified domain was deleted from an organization or enterprise.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,owner,owner_type,domain,state,created_at,operation_type- Référence
- /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages
pages_protected_domain.verify- A GitHub Pages domain was verified for an organization or enterprise.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,owner,owner_type,domain,state,created_at,operation_type- Référence
- /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages
passkey
passkey.register- A new passkey was added.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,nickname,created_at,operation_type
passkey.remove- A new passkey was removed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,nickname,created_at,operation_type
payment_method
payment_method.create- A new payment method was added, such as a new credit card or PayPal account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
payment_method.remove- A payment method was removed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
payment_method.update- An existing payment method was updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
personal_access_token
personal_access_token.access_granted- A fine-grained personal access token was granted access to resources.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,user_programmatic_access_id,user_programmatic_access_name,repository_selection,created_at,operation_type- Référence
- /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization
personal_access_token.access_revoked- A fine-grained personal access token was revoked. The token can still read public organization resources.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,user_programmatic_access_id,user_programmatic_access_name,repository_selection,created_at,operation_type- Référence
- /organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization
personal_access_token.create- Triggered when you create a fine-grained personal access token.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,user_programmatic_access_name,repository_selection,created_at,operation_type
personal_access_token.credential_regenerated- Triggered when you regenerate a fine-grained personal access token.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,user_programmatic_access_name,created_at,operation_type
personal_access_token.credential_revoked- A fine-grained personal access token was revoked by GitHub Advanced Security.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,user_programmatic_access_name,created_at,operation_type- Référence
- /code-security/getting-started/github-security-features#secret-scanning-alerts-for-users
personal_access_token.destroy- Triggered when you delete a fine-grained personal access token.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,user_programmatic_access_name,explanation,created_at,operation_type
personal_access_token.request_cancelled- A pending request for a fine-grained personal access token to access organization resources was canceled.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,user_programmatic_access_name,repository_selection,created_at,operation_type,user_programmatic_access_request_id
personal_access_token.request_created- Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,user_programmatic_access_id,user_programmatic_access_name,repository_selection,created_at,operation_type,user_programmatic_access_request_id- Référence
- /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization
personal_access_token.request_denied- A request for a fine-grained personal access token to access organization resources was denied.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,user_programmatic_access_name,repository_selection,created_at,operation_type,user_programmatic_access_request_id- Référence
- /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization
personal_access_token.update- A fine-grained personal access token was updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,user_programmatic_access_name,repository_selection,created_at,operation_type- Référence
- /authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens
profile_picture
profile_picture.update- A profile picture was updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,owner,operation_type- Référence
- Personalize your profile
project
project.access- A project board visibility was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
project.close- A project board was closed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,project_id,project_kind- Référence
- Closing a project (classic)
project.create- A project board was created.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
project.delete- A project board was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
project.link- A repository was linked to a project board.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
project.open- A project board was reopened.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,project_id,operation_type,created_at,project_kind,project_name- Référence
- Reopening a closed project (classic)
project.rename- A project board was renamed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,old_name,operation_type
project.unlink- A repository was unlinked from a project board.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
project.update_org_permission- The project's base-level permission for all organization members was changed or removed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
project.update_team_permission- A team's project board permission level was changed or when a team was added or removed from a project board.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type,team
project.update_user_permission- A user was added to or removed from a project board or had their permission level changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
project.visibility_private- A project's visibility was changed from public to private.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,project_id,created_at,operation_type,project_kind,project_name
project.visibility_public- A project's visibility was changed from private to public.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,project_id,created_at,operation_type,project_kind,project_name
project_collaborator
project_collaborator.add- A collaborator was added to a project.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,collaborator_type,collaborator,created_at,operation_type,actor_is_bot,public_project,project_name,project_role,old_project_role
project_collaborator.remove- A collaborator was removed from a project.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,collaborator_type,collaborator,created_at,operation_type
project_collaborator.update- A project collaborator's permission level was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,public_project,project_name,collaborator_type,project_role,old_project_role,project_id,collaborator,created_at,operation_type
project_field
project_field.create- A field was created in a project board.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /issues/planning-and-tracking-with-projects/understanding-fields
project_field.delete- A field was deleted in a project board.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields
project_view
project_view.create- A view was created in a project board.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views
project_view.delete- A view was deleted in a project board.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views
protected_branch
protected_branch.update_merge_queue_enforcement_level- Enforcement of the merge queue was modified for a branch.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,merge_queue_enforcement_level,public_repo,created_at,operation_type- Référence
- /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue
public_key
public_key.create- An SSH key was added to a user account or a deploy key was added to a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,read_only,operation_type,created_at,key,fingerprint,title- Référence
- /authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account
public_key.delete- An SSH key was removed from a user account or a deploy key was removed from a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,fingerprint,read_only,explanation,key,operation_type,title,created_at- Référence
- /authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys
public_key.unverification_failure- A user account's SSH key or a repository's deploy key was unable to be unverified.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,title,key,fingerprint,read_only,created_at,operation_type- Référence
- /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.unverify- A user account's SSH key or a repository's deploy key was unverified.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type,title,key,read_only,explanation,fingerprint- Référence
- /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.update- A user account's SSH key or a repository's deploy key was updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,fingerprint,read_only,operation_type,created_at,title- Référence
- /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.verification_failure- A user account's SSH key or a repository's deploy key was unable to be verified.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,fingerprint,oauth_application_id,title,created_at,read_only,operation_type- Référence
- /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.verify- A user account's SSH key or a repository's deploy key was verified.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,key,fingerprint,title,read_only- Référence
- /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
repo
repo.access- The visibility of a repository changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,visibility,previous_visibility- Référence
- /repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility
repo.actions_enabled- GitHub Actions was enabled for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api
repo.add_member- A collaborator was added to a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,created_at,operation_type,oauth_application_id- Référence
- Inviting collaborators to a personal repository
repo.add_topic- A topic was added to a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,topic,created_at,operation_type- Référence
- /repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics
repo.advanced_security_disabled- GitHub Advanced Security was disabled for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,actor_is_bot- Référence
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository
repo.advanced_security_enabled- GitHub Advanced Security was enabled for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,public_repo,actor_is_bot- Référence
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository
repo.archived- A repository was archived.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type,visibility- Référence
- /repositories/archiving-a-github-repository
repo.change_merge_setting- Pull request merge options were changed for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,created_at,operation_type,public_repo,actor_is_bot
repo.code_scanning_analysis_deleted- Code scanning analysis for a repository was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,operation_type,created_at,public_repo,tool,category- Référence
- /rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository
repo.code_scanning_configuration_for_branch_deleted- A code scanning configuration for a branch of a repository was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,tool,branch,category,public_repo,created_at,operation_type- Référence
- Resolving code scanning alerts
repo.config.disable_collaborators_only- The interaction limit for collaborators only was disabled.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.disable_contributors_only- The interaction limit for prior contributors only was disabled in a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.disable_sockpuppet_disallowed- The interaction limit for existing users only was disabled in a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.enable_collaborators_only- The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,created_at,operation_type- Référence
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.enable_contributors_only- The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.enable_sockpuppet_disallowed- The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.configure_self_hosted_jit_runner- A new just-in-time GitHub Actions self-hosted runner was configured
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,public_repo,created_at,operation_type- Référence
- /rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository
repo.create- A repository was created.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,operation_type,request_category,created_at,oauth_application_id,request_method,public_repo,actor_is_bot- Référence
- /repositories/creating-and-managing-repositories/creating-a-new-repository
repo.create_actions_secret- A GitHub Actions secret was created for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,operation_type,created_at- Référence
- Using secrets in GitHub Actions
repo.create_actions_variable- A GitHub Actions variable was created for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,visibility,public_repo,created_at,operation_type- Référence
- Store information in variables
repo.create_integration_secret- A Codespaces or Dependabot secret was created for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,visibility,integration,operation_type,created_at,public_repo
repo.destroy- A repository was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,request_category,visibility,created_at,request_method,oauth_application_id,actor_is_bot- Référence
- /repositories/creating-and-managing-repositories/deleting-a-repository
repo.pages_cname- A GitHub Pages custom domain was modified in a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,cname,created_at,operation_type,old_cname
repo.pages_create- A GitHub Pages site was created.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,operation_type,created_at
repo.pages_destroy- A GitHub Pages site was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,visibility,operation_type
repo.pages_https_redirect_disabled- HTTPS redirects were disabled for a GitHub Pages site.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,operation_type,created_at
repo.pages_https_redirect_enabled- HTTPS redirects were enabled for a GitHub Pages site.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,visibility,operation_type
repo.pages_private- A GitHub Pages site visibility was changed to private.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,operation_type,created_at
repo.pages_public- A GitHub Pages site visibility was changed to public.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,operation_type,created_at
repo.pages_soft_delete- A GitHub Pages site was soft-deleted because its owner's plan changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,public_repo,created_at,operation_type
repo.pages_soft_delete_restore- A GitHub Pages site that was previously soft-deleted was restored.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,public_repo,created_at,operation_type
repo.pages_source- A GitHub Pages source was modified.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,visibility,created_at
repo.register_self_hosted_runner- A new self-hosted runner was registered.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Adding self-hosted runners
repo.remove_actions_secret- A GitHub Actions secret was deleted for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,operation_type,created_at- Référence
- Using secrets in GitHub Actions
repo.remove_actions_variable- A GitHub Actions variable was deleted for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,public_repo,created_at,operation_type- Référence
- Store information in variables
repo.remove_integration_secret- A Codespaces or Dependabot secret was deleted for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,integration,operation_type,created_at,public_repo
repo.remove_member- A collaborator was removed from a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type,visibility- Référence
- Removing a collaborator from a personal repository
repo.remove_self_hosted_runner- A self-hosted runner was removed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Removing self-hosted runners
repo.remove_topic- A topic was removed from a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,topic,operation_type,created_at
repo.rename- A repository was renamed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,old_name,created_at,operation_type,visibility- Référence
- /repositories/creating-and-managing-repositories/renaming-a-repository
repo.set_actions_fork_pr_approvals_policy- The setting for requiring approvals for workflows from public forks was changed for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,policy,created_at,operation_type,public_repo- Référence
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks
repo.set_actions_private_fork_pr_approvals_policy- The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,policy,public_repo,created_at,operation_type- Référence
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories
repo.set_actions_retention_limit- The retention period for GitHub Actions artifacts and logs in a repository was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,limit,operation_type,created_at- Référence
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository
repo.set_default_workflow_permissions- The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,public_repo,created_at,operation_type- Référence
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository
repo.set_fork_pr_workflows_policy- Triggered when the policy for workflows on private repository forks is changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,policy,operation_type,created_at- Référence
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks
repo.set_workflow_permission_can_approve_pr- The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,public_repo,created_at,operation_type- Référence
- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests
repo.staff_unlock- An enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
repo.temporary_access_granted- Temporary access was enabled for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,public_repo,created_at,operation_type- Référence
- Accessing user-owned repositories in your enterprise
repo.transfer- A user accepted a request to receive a transferred repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,owner,old_user,operation_type,created_at,visibility,repo_was- Référence
- /repositories/creating-and-managing-repositories/transferring-a-repository
repo.transfer_outgoing- A repository was transferred to another repository network.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,new_nwo,visibility,created_at,operation_type,public_repo
repo.transfer_start- A user sent a request to transfer a repository to another user or organization.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,visibility
repo.unarchived- A repository was unarchived.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,visibility- Référence
- /repositories/archiving-a-github-repository
repo.update_actions_access_settings- The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,policy,old_policy,created_at,operation_type
repo.update_actions_secret- A GitHub Actions secret was updated for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,key,operation_type,created_at- Référence
- Using secrets in GitHub Actions
repo.update_actions_settings- A repository administrator changed GitHub Actions policy settings for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,operation_type,created_at,new_policy,old_policy,updated_access_policy,actor_is_bot
repo.update_actions_variable- A GitHub Actions variable was updated for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,visibility,public_repo,created_at,operation_type- Référence
- Store information in variables
repo.update_default_branch- The default branch for a repository was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,visibility,operation_type,created_at,actor_is_bot
repo.update_integration_secret- A Codespaces or Dependabot secret was updated for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,visibility,integration,operation_type,created_at,public_repo
repo.update_member- A user's permission to a repository was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,oauth_application_id,operation_type,visibility,old_permission,old_base_role,old_repo_permission,old_repo_base_role,new_repo_base_role,new_repo_permission,actor_is_bot
repository_image
repository_image.create- An image to represent a repository was uploaded.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,content_type
repository_image.destroy- An image to represent a repository was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,content_type,created_at,operation_type
repository_invitation
repository_invitation.accept- An invitation to join a repository was accepted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,invitee,operation_type,inviter
repository_invitation.cancel- An invitation to join a repository was canceled.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,inviter,operation_type,invitee,created_at
repository_invitation.create- An invitation to join a repository was sent.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,invitee,inviter,created_at,operation_type
repository_invitation.reject- An invitation to join a repository was declined.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,invitee,operation_type,created_at,inviter
repository_ruleset
repository_ruleset.create- A repository ruleset was created.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,public_repo,created_at,operation_type,ruleset_id,ruleset_name,ruleset_enforcement,ruleset_source_type,ruleset_rules,ruleset_conditions,ruleset_bypass_actors- Référence
- /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository
repository_ruleset.destroy- A repository ruleset was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,name,public_repo,created_at,operation_type,ruleset_id,ruleset_name,ruleset_enforcement,ruleset_source_type,ruleset_rules,ruleset_bypass_actors- Référence
- /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset
repository_ruleset.update- A repository ruleset was edited.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,old_name,public_repo,created_at,operation_type,ruleset_id,ruleset_name,ruleset_enforcement,ruleset_source_type,ruleset_rules_updated,ruleset_conditions_added,ruleset_conditions_deleted,ruleset_old_enforcement,ruleset_rules_added,ruleset_rules_deleted,ruleset_old_name,ruleset_conditions_updated,ruleset_bypass_actors_added,ruleset_bypass_actors_deleted,ruleset_bypass_actors_updated,actor_is_bot- Référence
- /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset
security_key
security_key.register- A security key was registered for an account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
security_key.remove- A security key was removed from an account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
sponsors
sponsors.agreement_sign- A GitHub Sponsors agreement was signed on behalf of an organization.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,sponsors_listing_id,created_at,operation_type
sponsors.custom_amount_settings_change- Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,sponsors_listing_id,operation_type,created_at- Référence
- /sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers
sponsors.fiscal_host_change- The fiscal host for a GitHub Sponsors listing was updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,sponsors_listing_id,created_at,operation_type
sponsors.repo_funding_links_file_action- The FUNDING file in a repository was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository
sponsors.sponsor_sponsorship_cancel- A sponsorship was canceled.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Downgrading a sponsorship
sponsors.sponsor_sponsorship_create- A sponsorship was created, by sponsoring an account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes
sponsors.sponsor_sponsorship_payment_complete- After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,active,created_at,operation_type- Référence
- /sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes
sponsors.sponsor_sponsorship_preference_change- The option to receive email updates from a sponsored account was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /sponsors/sponsoring-open-source-contributors/managing-your-sponsorship
sponsors.sponsor_sponsorship_tier_change- A sponsorship was upgraded or downgraded.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Upgrading a sponsorship, Downgrading a sponsorship
sponsors.sponsored_developer_approve- A GitHub Sponsors account was approved.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.sponsored_developer_create- A GitHub Sponsors account was created.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.sponsored_developer_disable- A GitHub Sponsors account was disabled.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,sponsors_listing_id,operation_type,created_at
sponsors.sponsored_developer_profile_update- The profile for GitHub Sponsors account was edited.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors
sponsors.sponsored_developer_redraft- A GitHub Sponsors account was returned to draft state from approved state.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
sponsors.sponsored_developer_request_approval- An application for GitHub Sponsors was submitted for approval.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.sponsored_developer_tier_description_update- The description for a sponsorship tier was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers
sponsors.sponsored_developer_update_newsletter_send- Triggered when you send an email update to your sponsors.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors
sponsors.sponsors_patreon_user_create- A Patreon account was linked to a user account for use with GitHub Sponsors.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,patreon_email,patreon_username,created_at,operation_type- Référence
- /sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account
sponsors.sponsors_patreon_user_destroy- A Patreon account for use with GitHub Sponsors was unlinked from a user account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,patreon_email,patreon_username,created_at,operation_type- Référence
- Unlinking your Patreon account from GitHub
sponsors.update_tier_repository- A GitHub Sponsors tier changed access for a repository.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,sponsors_listing_id,created_at,operation_type
sponsors.update_tier_welcome_message- The welcome message for a GitHub Sponsors tier for an organization was updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,sponsors_listing_id,created_at,operation_type
sponsors.waitlist_join- You join the waitlist to join GitHub Sponsors.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- /sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.withdraw_agreement_signature- A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,sponsors_listing_id,created_at,operation_type
sub_issues
sub_issues.parent_issue_add- A parent issue was added to an issue.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,title,public_repo,created_at,operation_type,actor_is_bot
sub_issues.parent_issue_remove- A parent issue was removed from an issue.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,title,public_repo,created_at,operation_type,actor_is_bot
sub_issues.sub_issue_add- A sub-issue was added to an issue.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,title,public_repo,created_at,operation_type,actor_is_bot
sub_issues.sub_issue_remove- A sub-issue was removed from an issue.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,title,public_repo,created_at,operation_type,actor_is_bot
successor_invitation
successor_invitation.accept- Triggered when you accept a succession invitation.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Maintaining ownership continuity of your personal account's repositories
successor_invitation.cancel- Triggered when you cancel a succession invitation.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Maintaining ownership continuity of your personal account's repositories
successor_invitation.create- Triggered when you create a succession invitation.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Maintaining ownership continuity of your personal account's repositories
successor_invitation.decline- Triggered when you decline a succession invitation.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Maintaining ownership continuity of your personal account's repositories
successor_invitation.revoke- Triggered when you revoke a succession invitation.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Maintaining ownership continuity of your personal account's repositories
trusted_device
trusted_device.register- A new trusted device was added.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
trusted_device.remove- A trusted device was removed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
two_factor_authentication
two_factor_authentication.add_factor- A secondary authentication factor was added to a user account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication
two_factor_authentication.disabled- Two-factor authentication was disabled for a user account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- Disabling two-factor authentication for your personal account
two_factor_authentication.enabled- Two-factor authentication was enabled for a user account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Configuring two-factor authentication
two_factor_authentication.password_reset_fallback_sms- A one-time password code was sent to a user account fallback phone number.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
two_factor_authentication.recovery_codes_regenerated- Two factor recovery codes were regenerated for a user account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
two_factor_authentication.remove_factor- A secondary authentication factor was removed from a user account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication
two_factor_authentication.sign_in_fallback_sms- A one-time password code was sent to a user account fallback phone number.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
two_factor_authentication.update_fallback- The two-factor authentication fallback for a user account was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
user
user.add_email- An email address was added to a user account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,email,created_at- Référence
- Adding an email address to your GitHub account
user.async_delete- An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
user.audit_log_export- Audit log entries were exported.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
user.block_user- A user was blocked by another user.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,blocked_user,operation_type,created_at
user.change_password- A user changed their password.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
user.codespaces_trusted_repo_access_granted- Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Managing access to other repositories within your codespace
user.codespaces_trusted_repo_access_revoked- Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Managing access to other repositories within your codespace
user.create- A new user account was created.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,email,operation_type,created_at
user.create_integration_secret- A user secret for Codespaces was created.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,visibility,integration,created_at,operation_type
user.creation_rate_limit_exceeded- The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type,oauth_application_id
user.delete- A user account was destroyed by an asynchronous job.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
user.demote- A site administrator was demoted to an ordinary user account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,created_at,operation_type
user.destroy- A user deleted his or her account, triggering user.async_delete.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
user.failed_login- A user tried to sign in with an incorrect username, password, or two-factor authentication code.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
user.forgot_password- A user requested a password reset.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,email,created_at- Référence
- /authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials
user.hide_private_contributions_count- A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- Manage visibility settings for private contributions
user.login- A user signed in.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,passkey_nickname
user.logout- A user signed out.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
user.new_device_used- A user signed in from a new device.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
user.promote- An ordinary user account was promoted to a site administrator.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,oauth_application_id,operation_type
user.recreate- A user's account was restored.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
user.remove_email- An email address was removed from a user account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,email
user.remove_integration_secret- A user secret for Codespaces was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,integration,created_at,operation_type
user.rename- A username was changed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,old_login,created_at,operation_type
user.reset_password- A user reset their account password.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
user.show_private_contributions_count- A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now shown.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at- Référence
- Manage visibility settings for private contributions
user.sign_in_from_unrecognized_device- A user signed in from an unrecognized device.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
user.sign_in_from_unrecognized_device_and_location- A user signed in from an unrecognized device and location.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
user.suspend- A user account was suspended.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,operation_type,created_at
user.two_factor_challenge_failure- A 2FA challenge issued for a user account failed.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
user.two_factor_challenge_success- A 2FA challenge issued for a user account succeeded.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
user.two_factor_recover- A user used their 2FA recovery codes.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
user.two_factor_recovery_codes_downloaded- A user downloaded 2FA recovery codes for their account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
user.two_factor_recovery_codes_printed- A user printed 2FA recovery codes for their account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at
user.two_factor_recovery_codes_viewed- A user viewed 2FA recovery codes for their account.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type
user.two_factor_requested- A user was prompted for a two-factor authentication code.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type- Référence
- /authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication
user.unblock_user- A user was unblocked by another user.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,blocked_user,operation_type,created_at
user.unsuspend- A user account was unsuspended.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,oauth_application_id,operation_type,created_at
user.update_integration_secret- A user secret for Codespaces was updated.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,key,visibility,integration,created_at,operation_type
user_email
user_email.confirm_claim- An enterprise managed user claimed an email address.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,created_at,operation_type,actor_is_bot
user_status
user_status.destroy- Triggered when you clear the status on your profile.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,message,created_at,limited_availability,emoji,operation_type
user_status.update- Triggered when you set or change the status on your profile.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,limited_availability,message,created_at,emoji,operation_type- Référence
- Personalize your profile
workflows
workflows.approve_workflow_job- A workflow job was approved.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,workflow_run_id,run_number,operation_type,created_at,public_repo- Référence
- Reviewing deployments
workflows.delete_workflow_run- A workflow run was deleted.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,operation_type,created_at,workflow_run_id,started_at,head_branch,head_sha,trigger_id- Référence
- Deleting a workflow run
workflows.disable_workflow- A workflow was disabled.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,workflow_id,operation_type,created_at,public_repo,actor_is_bot
workflows.enable_workflow- A workflow was enabled, after previously being disabled by disable_workflow.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,workflow_id,operation_type,created_at,public_repo
workflows.pin_workflow- A workflow was pinned.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,public_repo,workflow_id,created_at,operation_type,actor_is_bot
workflows.reject_workflow_job- A workflow job was rejected.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,workflow_run_id,run_number,operation_type,created_at,public_repo- Référence
- Reviewing deployments
workflows.unpin_workflow- A workflow was unpinned after previously being pinned.
- Fields
@timestamp,_document_id,action,actor,actor_id,business,business_id,hashed_token,org,org_id,programmatic_access_type,repo,repo_id,repository,repository_id,request_access_security_header,request_id,token_id,token_scopes,user,user_id,user_agent,public_repo,workflow_id,created_at,operation_type,actor_is_bot