エンタープライズの監査ログイベント

エンタープライズの監査ログに記録されたイベントを確認します。

この機能を使用できるユーザーについて

Enterprise owners

この記事の内容

メモ

この記事では、エンタープライズの監査ログに表示される可能性のあるイベントの一覧を示します。ユーザーアカウントのセキュリティログまたは organization の監査ログに記録できるイベントについては、「セキュリティログのイベント」と「組織の監査ログイベント」をご覧ください。

どのような種類のイベントが含まれますか?

Enterprise Managed Usersがない場合、監査ログには、エンタープライズアカウントとその中の組織に関連するイベントのみが含まれます。
Enterprise Managed Users では、監査ログには、ここに記載されていないユーザーイベントも含まれます。その一覧については、「セキュリティログのイベント」をご覧ください。

Audit log events

account

account.plan_change: The account's plan changed.
フィールド: actor, operation_type, _document_id, user_agent, created_at, actor_id, request_id, @timestamp, user, action, user_id, programmatic_access_type
リファレンス: How GitHub billing works

actions_cache

actions_cache.delete: A GitHub Actions cache was deleted using the REST API.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, user_id, user, repo_id, repo, org, org_id, actions_cache_id, actions_cache_key, actions_cache_version, actions_cache_scope, action, _document_id, @timestamp, created_at, operation_type, token_scopes, programmatic_access_type, request_access_security_header

advisory_credit

advisory_credit.accept: Credit was accepted for a security advisory.
フィールド: user_agent, request_id, actor, actor_id, ghsa_id, repo, repo_id, recipient, org, org_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory

advisory_credit.create: Someone was added to the credit section of a security advisory.
フィールド: user_agent, request_id, actor, actor_id, ghsa_id, repo, repo_id, recipient, org, org_id, action, operation_type, @timestamp, created_at, _document_id

advisory_credit.decline: Credit was declined for a security advisory.
フィールド: user_agent, request_id, actor, actor_id, ghsa_id, repo, repo_id, recipient, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo

advisory_credit.destroy: Someone was removed from the credit section of a security advisory.
フィールド: user_agent, request_id, actor, actor_id, ghsa_id, repo, repo_id, recipient, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo

api

api.request: An API request was made to an endpoint for the enterprise, or an enterprise owned resource. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.
フィールド: user_agent, request_id, request_method, query_string, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, request_body, status_code, url_path, business, business_id, org, org_id, repo, repo_id, public_repo, user, user_id, action, _document_id, @timestamp, created_at, operation_type, route, rate_limit_remaining, actor_is_bot
リファレンス: Streaming the audit log for your enterprise

artifact

artifact.destroy: A workflow run artifact was manually deleted.
フィールド: action, actor, user_agent, actor_id, repo, repo_id, request_id, @timestamp, created_at, _document_id, operation_type, programmatic_access_type

audit_log_streaming

audit_log_streaming.check: A manual check of the endpoint configured for audit log streaming was performed.
フィールド: user_agent, request_id, actor, actor_id, audit_log_stream_result, business_id, business, action, _document_id, @timestamp, created_at, operation_type, audit_log_stream_sink_details, request_access_security_header

audit_log_streaming.create: An endpoint was added for audit log streaming.
フィールド: user_agent, request_id, actor, actor_id, business_id, business, audit_log_stream_sink, action, _document_id, @timestamp, created_at, operation_type, audit_log_stream_id

audit_log_streaming.destroy: An audit log streaming endpoint was deleted.
フィールド: user_agent, request_id, actor, actor_id, business_id, business, action, _document_id, @timestamp, created_at, operation_type, audit_log_stream_id, audit_log_stream_sink_details

audit_log_streaming.update: An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.
フィールド: user_agent, request_id, actor, actor_id, audit_log_stream_enabled, business_id, business, audit_log_stream_sink, action, _document_id, @timestamp, created_at, operation_type, new_s3_bucket, old_s3_bucket, secrets_updated, new_s3_arn_role, old_s3_arn_role, new_azure_blob_container, old_azure_blob_container, new_event_hub_instance, old_event_hub_instance, new_splunk_domain, old_splunk_domain, ssl_verify, old_gc_bucket

auto_approve_personal_access_token_requests

auto_approve_personal_access_token_requests.disable: Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization

auto_approve_personal_access_token_requests.enable: Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization

billing

billing.budget_create: A billing budget was created for a business or organization. Includes details about the budget limit, alerting preferences, and recipients.
フィールド: actor, actor_id, user_agent, request_id, customer_id, target_amount, target_type, target_id, alert_enabled, status, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, pricing_target_type, pricing_target_id, budget_limit_type, alert_recipient_user_ids

billing.budget_delete: A billing budget was deleted for a business or organization. Includes details about the removed budget and any alerting settings.
フィールド: actor, actor_id, user_agent, request_id, customer_id, uuid, status, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

billing.budget_update: A billing budget was updated for a business or organization. Includes details about the updated limit and alerting settings.
フィールド: actor, actor_id, user_agent, request_id, customer_id, target_amount, target_type, target_id, alert_enabled, status, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header, old_target_amount, old_budget_limit_type, old_alert_enabled, old_target_id, old_pricing_target_type, old_pricing_target_id

billing.change_billing_type: The way the account pays for GitHub was changed.
フィールド: actor_id, user, @timestamp, actor, user_id, action, created_at, operation_type, _document_id, user_agent, request_id
リファレンス: Managing your payment and billing information

billing.change_email: The billing email address changed.
フィールド: actor, operation_type, actor_id, org_id, @timestamp, user_agent, request_id, created_at, _document_id, org, email, action, request_access_security_header
リファレンス: Managing your payment and billing information

billing.overage_policy_updated: The premium request paid usage policy for your GitHub account was changed.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: /copilot/how-tos/manage-and-track-spending/manage-request-allowances#setting-a-policy-for-paid-usage

billing_customer

billing_customer.azure_subscription_linked: Azure subscription has been linked on this account.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

billing_customer.azure_subscription_unlinked: Azure subscription has been unlinked on this account.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

business

business.add_admin: An enterprise owner was added to an enterprise.
フィールド: name, business, user, user_id, @timestamp, created_at, actor, actor_id, action, operation_type, request_id, business_id, _document_id, user_agent, programmatic_access_type, request_access_security_header
リファレンス: Inviting people to manage your enterprise

business.add_billing_manager: A billing manager was added to an enterprise.
フィールド: user_agent, user, actor, name, business, business_id, action, @timestamp, request_id, actor_id, operation_type, created_at, user_id, _document_id

business.add_disallowed_two_factor_method: An enterprise prevented access to resources by users with the given two-factor method.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, name, two_factor_method, business, business_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.add_organization: An organization was added to an enterprise.
フィールド: org_id, operation_type, @timestamp, actor, business_id, org, action, user_agent, actor_id, name, created_at, request_id, _document_id, business, organization_upgrade, request_access_security_header

business.add_support_entitlee: A support entitlement was added to a member of an enterprise.
フィールド: user_agent, request_id, actor, actor_id, name, business, business_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: Managing support entitlements for your enterprise

business.advanced_security_metered_usage_lock: Enablement for Advanced Security features on new repositories has been locked for this enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.advanced_security_metered_usage_unlock: Enablement for Advanced Security features on new repositories has been unlocked for this enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.advanced_security_policy_update: An enterprise owner created, updated, or removed a policy for GitHub Advanced Security.
フィールド: user_agent, request_id, actor, actor_id, name, new_policy, business, business_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
リファレンス: Enforcing policies for code security and analysis for your enterprise

business.audit_log_export: An export of the enterprise audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.
フィールド: user_agent, business, business_id, @timestamp, actor_id, operation_type, created_at, request_id, actor, action, _document_id, query_phrase
リファレンス: Exporting audit log activity for your enterprise

business.audit_log_git_event_export: An export of the enterprise's Git events was created.
フィールド: user_agent, request_id, actor, actor_id, created_at, start, end, business, business_id, action, operation_type, @timestamp, _document_id
リファレンス: Exporting audit log activity for your enterprise

business.cancel_admin_invitation: An invitation for someone to be an owner of an enterprise was canceled.
フィールド: user, actor_id, user_agent, invitation_id, user_id, _document_id, operation_type, created_at, name, request_id, actor, @timestamp, business, business_id, action

business.cancel_billing_manager_invitation: An invitation for someone to be an billing manager of an enterprise was canceled.
フィールド: business_id, action, @timestamp, actor, name, _document_id, actor_id, created_at, business, user_id, operation_type, request_id, user_agent, invitation_id, user

business.cancel_trial: The trial of GitHub Enterprise Cloud was canceled.
フィールド: user_agent, request_id, actor, actor_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Setting up a trial of GitHub Enterprise Cloud

business.change_seats_plan_type: The seats plan type was changed for an enterprise.
フィールド: actor, actor_id, user_agent, request_id, name, seats_plan_type_was, seats_plan_type, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.clear_actions_settings: An enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise.
フィールド: user_agent, request_id, actor, actor_id, name, business, business_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.clear_default_repository_permission: An enterprise owner cleared the base repository permission policy setting for an enterprise.
フィールド: name, operation_type, business_id, user_agent, actor_id, request_id, actor, _document_id, business, action, @timestamp, created_at
リファレンス: Enforcing repository management policies in your enterprise

business.clear_disallowed_two_factor_methods: Cleared two-factor authentication restrictions for an enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.clear_members_can_create_repos: An enterprise owner cleared a restriction on repository creation in organizations in the enterprise.
フィールド: user_agent, actor_id, business_id, action, _document_id, request_id, name, business, visibility, created_at, actor, operation_type, @timestamp
リファレンス: Enforcing repository management policies in your enterprise

business.code_scanning_autofix_policy_update: The policy for Code scanning autofix was updated for an enterprise.
フィールド: actor, actor_id, user_agent, request_id, name, new_policy, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

business.code_scanning_autofix_third_party_tools_policy_update: The policy for Code scanning autofix third party tools was updated for an enterprise.
フィールド: actor, actor_id, user_agent, request_id, name, new_policy, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
リファレンス: /code-security/getting-started/github-security-features#available-with-github-code-security

business.code_security_enablement_policy_update: The policy for Code Security enablement was updated for an enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, name, new_policy, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: /code-security/getting-started/github-security-features#available-with-github-code-security

business.code_security_metered_usage_lock: Enablement for Code Security features on new repositories has been locked for this enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.code_security_metered_usage_unlock: Enablement for Code Security features on new repositories has been unlocked for this enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.connect_usage_metrics_export: Server statistics were exported for the enterprise.
フィールド: user_agent, request_id, actor, actor_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Exporting Server Statistics

business.convert_trial: The enterprise account on a trial of GitHub Enterprise Cloud was upgraded to a paid enterprise account.
フィールド: name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Setting up a trial of GitHub Enterprise Cloud

business.create: An enterprise was created.
フィールド: actor_id, _document_id, action, @timestamp, request_id, name, business, business_id, operation_type, actor, created_at, user_agent, request_access_security_header

business.create_trial: A trial of GitHub Enterprise Cloud began.
フィールド: user_agent, request_id, actor, actor_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Setting up a trial of GitHub Enterprise Cloud

business.delete: The enterprise was deleted.
フィールド: actor_id, business, action, business_id, @timestamp, operation_type, _document_id, request_id, user_agent, actor, name, created_at
リファレンス: Deleting an enterprise account

business.disable_oidc: OIDC single sign-on was disabled for an enterprise.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Configuring OIDC for Enterprise Managed Users

business.disable_open_scim: SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

business.disable_saml: SAML single sign-on was disabled for an enterprise.
フィールド: request_id, business, action, created_at, actor, user_agent, business_id, operation_type, _document_id, issuer, @timestamp, actor_id, name, sso_url

business.disable_source_ip_disclosure: Display of IP addresses within audit log events for the enterprise was disabled.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Displaying IP addresses in the audit log for your enterprise

business.disable_two_factor_requirement: The requirement for members to have two-factor authentication enabled to access an enterprise was disabled.
フィールド: action, @timestamp, actor, business, operation_type, created_at, user_agent, business_id, actor_id, name, _document_id, request_id

business.enable_oidc: OIDC single sign-on was enabled for an enterprise.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Configuring OIDC for Enterprise Managed Users

business.enable_open_scim: SCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

business.enable_saml: SAML single sign-on was enabled for an enterprise.
フィールド: operation_type, name, sso_url, @timestamp, issuer, action, actor_id, _document_id, request_id, created_at, actor, business_id, business, user_agent

business.enable_source_ip_disclosure: Display of IP addresses within audit log events for the enterprise was enabled.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Displaying IP addresses in the audit log for your enterprise

business.enable_two_factor_requirement: The requirement for members to have two-factor authentication enabled to access an enterprise was enabled.
フィールド: actor_id, action, user_agent, actor, operation_type, created_at, business, business_id, name, _document_id, request_id, @timestamp

business.enterprise_server_license_download: A GitHub Enterprise Server license was downloaded.
フィールド: actor, business, user_agent, action, request_id, user, business_id, _document_id, actor_id, operation_type, created_at, user_id, @timestamp

business.expire_trial: The trial of GitHub Enterprise Cloud expired.
フィールド: name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Setting up a trial of GitHub Enterprise Cloud

business.github_models_billing_disabled: GitHub Models billing was disabled for the business.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.github_models_billing_enabled: GitHub Models billing was enabled for the business.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.import_license_usage: License usage information was imported from a GitHub Enterprise Server instance to an enterprise account on GitHub.com.
フィールド: name, actor, business_id, created_at, request_id, user_agent, operation_type, business, action, @timestamp, _document_id, actor_id
リファレンス: Syncing license usage from GitHub Enterprise Server to Cloud

business.invite_admin: An invitation for someone to be an enterprise owner of an enterprise was sent.
フィールド: action, name, request_id, business, invitation_id, business_id, user_id, user_agent, actor, actor_id, _document_id, @timestamp, user, operation_type, created_at

business.invite_billing_manager: An invitation for someone to be an billing manager of an enterprise was sent.
フィールド: user, operation_type, user_agent, invitation_id, _document_id, business, actor, user_id, action, @timestamp, name, request_id, actor_id, business_id, created_at

business.members_can_update_protected_branches.clear: An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.
フィールド: user_id, action, created_at, actor, actor_id, @timestamp, request_id, business, name, operation_type, user, user_agent, business_id, _document_id

business.members_can_update_protected_branches.disable: The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.
フィールド: user_agent, request_id, actor, actor_id, name, business, business_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id

business.members_can_update_protected_branches.enable: The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.
フィールド: name, actor, operation_type, _document_id, business_id, user, @timestamp, business, actor_id, created_at, action, user_agent, request_id, user_id

business.proxy_security_header_disabled: The proxy security header was disabled for an enterprise. All users on the network can now access GitHub, unless blocked by other means.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.proxy_security_header_enabled: The proxy security header was enabled for an enterprise. When the header is provided in requests, only Enterprise Managed Users matching the header will be able to access GitHub.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.proxy_security_header_unsatisfied: A user outside the enterprise tried to access GitHub while the proxy security header was enabled and provided in the request.
フィールド: user_agent, request_id, programmatic_access_type, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.recovery_code_failed: An enterprise owner failed to sign into a enterprise with an external identity provider (IdP) using a recovery code.
フィールド: actor, actor_id, user_agent, request_id, name, reason, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Accessing your enterprise account if your identity provider is unavailable

business.recovery_code_used: An enterprise owner successfully signed into an enterprise with an external identity provider (IdP) using a recovery code.
フィールド: actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Accessing your enterprise account if your identity provider is unavailable

business.recovery_codes_downloaded: An enterprise owner downloaded the enterprise's SSO recovery codes.
フィールド: actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Downloading your enterprise account's single sign-on recovery codes

business.recovery_codes_generated: An enterprise owner generated the enterprise's SSO recovery codes.
フィールド: actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Downloading your enterprise account's single sign-on recovery codes

business.recovery_codes_printed: An enterprise owner printed the enterprise's SSO recovery codes.
フィールド: actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Downloading your enterprise account's single sign-on recovery codes

business.recovery_codes_viewed: An enterprise owner viewed the enterprise's SSO recovery codes.
フィールド: actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Downloading your enterprise account's single sign-on recovery codes

business.remove_admin: An enterprise owner was removed from an enterprise.
フィールド: actor, operation_type, user_agent, business, business_id, @timestamp, created_at, request_id, action, name, actor_id, user_id, _document_id, user
リファレンス: Inviting people to manage your enterprise

business.remove_billing_manager: A billing manager was removed from an enterprise.
フィールド: actor_id, business, actor, user_id, user_agent, request_id, action, _document_id, operation_type, @timestamp, name, business_id, user, created_at

business.remove_disallowed_two_factor_method: Removed a two-factor authentication method restriction for an enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, name, two_factor_method, business, business_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.remove_member: A member was removed from an enterprise.
フィールド: user_agent, @timestamp, business_id, actor_id, actor, operation_type, user, created_at, business, user_id, action, _document_id, request_id, request_access_security_header

business.remove_organization: An organization was removed from an enterprise.
フィールド: org_id, action, business, actor, actor_id, request_id, created_at, user_agent, business_id, operation_type, @timestamp, _document_id, name, org

business.remove_support_entitlee: A support entitlement was removed from a member of an enterprise.
フィールド: user_agent, request_id, actor, actor_id, name, business, business_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: Managing support entitlements for your enterprise

business.rename_slug: The slug for the enterprise URL was renamed.
フィールド: request_id, name, business_id, user_agent, action, actor_id, operation_type, actor, @timestamp, created_at, business, _document_id

business.restore: The deleted enterprise was restored.
フィールド: actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

business.revoke_external_identity: The external identity for a member in an enterprise was revoked.
フィールド: request_id, @timestamp, _document_id, user_id, operation_type, actor, created_at, name, user_agent, actor_id, business_id, action, user, business

business.revoke_sso_session: The SAML single sign-on session for a member in an enterprise was revoked.
フィールド: business_id, user_agent, request_id, user, operation_type, actor, _document_id, actor_id, name, @timestamp, user_id, action, created_at, business

business.secret_protection_metered_usage_lock: Enablement for Secret Protection features on new repositories has been locked for this enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.secret_protection_metered_usage_unlock: Enablement for Secret Protection features on new repositories has been unlocked for this enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.security_center_export_code_scanning_metrics: A CSV export was requested on the "CodeQL pull request alerts" page.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, user, user_id, query, filename, requested_at, start_date, end_date, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

business.security_center_export_coverage: A CSV export was requested on the "Coverage" page.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, user, user_id, query, filename, requested_at, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

business.security_center_export_overview_dashboard: A CSV export was requested on the "Overview Dashboard" page.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, user, user_id, query, filename, requested_at, start_date, end_date, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

business.security_center_export_risk: A CSV export was requested on the "Risk" page.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, user, user_id, query, filename, requested_at, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business.set_actions_cache_retention_policy: The cache retention policy for GitHub Actions was set for an enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.set_actions_cache_storage_policy: The cache storage policy for GitHub Actions was set for an enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.set_actions_fork_pr_approvals_policy: The policy for requiring approvals for workflows from public forks was changed for an enterprise.
フィールド: user_agent, request_id, actor, actor_id, name, policy, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.set_actions_private_fork_pr_approvals_policy: The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.
フィールド: actor, actor_id, user_agent, request_id, name, policy, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.set_actions_retention_limit: The retention period for GitHub Actions artifacts and logs was changed for an enterprise.
フィールド: user_agent, request_id, actor, actor_id, name, limit, business, business_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.set_default_workflow_permissions: The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.
フィールド: actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.set_fork_pr_workflows_policy: The policy for fork pull request workflows was changed for an enterprise.
フィールド: user_agent, request_id, actor, actor_id, name, policy, business, business_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.set_workflow_permission_can_approve_pr: The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.
フィールド: actor, actor_id, user_agent, request_id, name, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.sso_response: A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: issuer, name, user_agent, action, @timestamp, _document_id, actor, business, business_id, actor_id, created_at, request_id, operation_type, request_access_security_header

business.update_actions_settings: An enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise.
フィールド: user_agent, request_id, actor, actor_id, name, business, business_id, action, operation_type, @timestamp, created_at, _document_id, updated_github_owned_allowed, updated_verified_allowed, updated_patterns, new_policy, old_policy, updated_access_policy
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.update_default_repository_permission: The base repository permission setting was updated for all organizations in an enterprise.
フィールド: business_id, operation_type, user_agent, actor, actor_id, permission, action, created_at, @timestamp, request_id, name, _document_id, old_permission, business
リファレンス: Enforcing repository management policies in your enterprise

business.update_member_repository_creation_permission: The repository creation setting was updated for an enterprise.
フィールド: created_at, _document_id, request_id, name, business_id, actor, actor_id, @timestamp, operation_type, permission, action, business, user_agent, visibility
リファレンス: Enforcing repository management policies in your enterprise

business.update_member_repository_invitation_permission: The policy setting for enterprise members inviting outside collaborators to repositories was updated.
フィールド: business_id, created_at, action, operation_type, @timestamp, request_id, permission, actor, actor_id, name, _document_id, user_agent, business
リファレンス: Enforcing repository management policies in your enterprise

business.update_saml_provider_settings: The SAML single sign-on provider settings for an enterprise were updated.
フィールド: actor, _document_id, request_id, business_id, sso_url, user_agent, action, business, name, created_at, operation_type, actor_id, @timestamp, issuer

business.upgrade_from_organization: The organization was upgraded to an enterprise account.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
リファレンス: Upgrading your account's plan

business_advanced_security

business_advanced_security.disabled: GitHub Advanced Security was disabled for your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_advanced_security.disabled_for_new_repos: GitHub Advanced Security was disabled for new repositories in your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_advanced_security.disabled_for_new_user_namespace_repos: GitHub Advanced Security was disabled for new user namespace repositories in your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_advanced_security.enabled: GitHub Advanced Security was enabled for your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_advanced_security.enabled_for_new_repos: GitHub Advanced Security was enabled for new repositories in your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_advanced_security.enabled_for_new_user_namespace_repos: GitHub Advanced Security was enabled for new user namespace repositories in your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_advanced_security.user_namespace_repos_disabled: GitHub Advanced Security was disabled for user namespace repositories in your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_advanced_security.user_namespace_repos_enabled: GitHub Advanced Security was enabled for user namespace repositories in your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_dependabot_alerts

business_dependabot_alerts.disable: Dependabot alerts were disabled for your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

business_dependabot_alerts.enable: Dependabot alerts were enabled for your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

business_dependabot_alerts_new_repos

business_dependabot_alerts_new_repos.disable: Dependabot alerts were disabled for new repositories in your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

business_dependabot_alerts_new_repos.enable: Dependabot alerts were enabled for new repositories in your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

business_secret_scanning_automatic_validity_checks

business_secret_scanning_automatic_validity_checks.disabled: Automatic partner validation checks have been disabled at the business level
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_automatic_validity_checks.enabled: Automatic partner validation checks have been enabled at the business level
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_custom_pattern

business_secret_scanning_custom_pattern.create: An enterprise-level custom pattern was created for secret scanning.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Defining custom patterns for secret scanning

business_secret_scanning_custom_pattern.delete: An enterprise-level custom pattern was removed from secret scanning.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

business_secret_scanning_custom_pattern.publish: An enterprise-level custom pattern was published for secret scanning.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

business_secret_scanning_custom_pattern.update: Changes to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

business_secret_scanning_custom_pattern_push_protection

business_secret_scanning_custom_pattern_push_protection.disabled: Push protection for a custom pattern for secret scanning was disabled for your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Defining custom patterns for secret scanning

business_secret_scanning_custom_pattern_push_protection.enabled: Push protection for a custom pattern for secret scanning was enabled for your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Defining custom patterns for secret scanning

business_secret_scanning

business_secret_scanning.disable: Secret scanning was disabled for your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning.disabled_for_new_repos: Secret scanning was disabled for new repositories in your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning.enable: Secret scanning was enabled for your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning.enabled_for_new_repos: Secret scanning was enabled for new repositories in your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_generic_secrets

business_secret_scanning_generic_secrets.disabled: Generic secrets have been disabled at the business level
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

business_secret_scanning_generic_secrets.enabled: Generic secrets have been enabled at the business level
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

business_secret_scanning_non_provider_patterns

business_secret_scanning_non_provider_patterns.disabled: Secret scanning for non-provider patterns was disabled at the enterprise level.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: Supported secret scanning patterns

business_secret_scanning_non_provider_patterns.enabled: Secret scanning for non-provider patterns was enabled at the enterprise level.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: Supported secret scanning patterns

business_secret_scanning_push_protection_custom_message

business_secret_scanning_push_protection_custom_message.disable: The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_push_protection_custom_message.enable: The custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_push_protection_custom_message.update: The custom message triggered by an attempted push to a push-protected repository was updated for your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_push_protection

business_secret_scanning_push_protection.disable: Push protection for secret scanning was disabled for your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_push_protection.disabled_for_new_repos: Push protection for secret scanning was disabled for new repositories in your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_push_protection.enable: Push protection for secret scanning was enabled for your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_push_protection.enabled_for_new_repos: Push protection for secret scanning was enabled for new repositories in your enterprise.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_push_protection_pattern_configuration

business_secret_scanning_push_protection_pattern_configuration.push_protection_setting_changed: The push protection setting was updated for a secret type for your enterprise.
フィールド: actor_id, actor, business, business_id, push_protection_setting, secret_type, secret_type_display_name, created_at
リファレンス: Managing GitHub Advanced Security features for your enterprise

business_secret_scanning_push_protection_pattern_configuration.updated: The push protection pattern configuration was updated for your enterprise.
フィールド: actor_id, actor, business, business_id, created_at
リファレンス: Managing GitHub Advanced Security features for your enterprise

checks

checks.auto_trigger_disabled: Automatic creation of check suites was disabled on a repository in the organization or enterprise.
フィールド: visibility, user_agent, user, @timestamp, repo, actor_id, user_id, action, created_at, actor, operation_type, request_id, repo_id, _document_id
リファレンス: /rest/checks#update-repository-preferences-for-check-suites

checks.auto_trigger_enabled: Automatic creation of check suites was enabled on a repository in the organization or enterprise.
フィールド: user_agent, request_id, actor, actor_id, visibility, repo, repo_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, public_repo
リファレンス: /rest/checks#update-repository-preferences-for-check-suites

checks.delete_logs: Logs in a check suite were deleted.
フィールド: @timestamp, actor, actor_id, operation_type, repo_id, action, created_at, _document_id, user_agent, request_id, repo, programmatic_access_type

code_scanning

code_scanning.alert_appeared_in_branch: Existing code scanning alerts appeared in a branch.
フィールド: repo_id, alert_number, commit_oid, ref, request_id, org_id, org, business_id, business, alert_numbers
リファレンス: /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning

code_scanning.alert_closed_became_fixed: Code scanning alerts were fixed.
フィールド: repo_id, alert_number, commit_oid, ref, request_id, org_id, org, business_id, business, alert_numbers
リファレンス: /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning

code_scanning.alert_closed_became_outdated: Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).
フィールド: repo_id, alert_numbers, commit_oid, ref, request_id, org_id, org, business_id, business
リファレンス: /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning

code_scanning.alert_closed_by_user: Code scanning alerts were manually dismissed.
フィールド: repo_id, alert_number, actor_id, request_id, actor, org_id, org, business_id, business, alert_numbers, dismissal_approver_id
リファレンス: /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning

code_scanning.alert_closure_approved: Dismissal of code scanning alerts was approved.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, dismissal_request_id, alert_number, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning

code_scanning.alert_closure_denied: Dismissal of code scanning alerts was denied.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, dismissal_request_id, alert_number, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning

code_scanning.alert_closure_requested: Dismissal of code scanning alerts was requested.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, dismissal_request_id, alert_number, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning

code_scanning.alert_created: Code scanning alerts were seen for the first time.
フィールド: repo_id, alert_number, commit_oid, ref, request_id, org_id, org, alert_numbers
リファレンス: /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning

code_scanning.alert_reappeared: Code scanning alerts that were previously fixed reappeared.
フィールド: repo_id, alert_number, commit_oid, ref, request_id, org_id, org, business_id, business, alert_numbers
リファレンス: /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning

code_scanning.alert_reopened_by_user: Code scanning alerts that were previously dismissed were reopened.
フィールド: repo_id, alert_number, actor_id, request_id, actor, org_id, org, business_id, business, alert_numbers
リファレンス: /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning

code

code.search: A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: @timestamp, action, actor_id, business_id, query, org_id, user_id, _document_id, search_string
リファレンス: /search-github/github-code-search

codespaces

codespaces.allow_permissions: A codespace using custom permissions from its devcontainer.json file was launched.
フィールド: user_agent, request_id, actor, actor_id, origin_repository, action, _document_id, @timestamp, created_at, operation_type

codespaces.attempted_to_create_from_prebuild: An attempt to create a codespace from a prebuild was made.
フィールド: user_agent, request_id, actor, actor_id, name, owner, pull_request_id, repository, repository_id, user_id, user, org, org_id, action, _document_id, @timestamp, created_at, operation_type, public_repo, token_scopes, programmatic_access_type, request_access_security_header

codespaces.business_enablement_updated: Enterprise setting for Codespaces ownership was updated.
フィールド: actor, actor_id, user_agent, request_id, enablement, organization_names, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization

codespaces.connect: Credentials for a codespace were refreshed.
フィールド: user_agent, request_id, actor, actor_id, repository_id, repository, pull_request_id, user_id, org_id, owner, name, action, operation_type, @timestamp, created_at, _document_id, public_repo, token_scopes, programmatic_access_type, actor_is_bot, machine_type, devcontainer_path

codespaces.create: A codespace was created
フィールド: user_agent, request_id, actor, actor_id, repository_id, repository, pull_request_id, owner, name, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, actor_is_bot, machine_type, devcontainer_path
リファレンス: Creating a codespace for a repository

codespaces.destroy: A user deleted a codespace.
フィールド: user_agent, request_id, actor, actor_id, repository_id, repository, pull_request_id, owner, name, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type
リファレンス: Deleting a codespace

codespaces.export_environment: A codespace was exported to a branch on GitHub.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, owner, action, _document_id, @timestamp, created_at, operation_type, public_repo

codespaces.policy_group_created: Policies were applied to codespaces in an organization or enterprise.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type

codespaces.policy_group_deleted: Policies were removed from codespaces in an organization or enterprise.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header

codespaces.policy_group_updated: Policies were updated for codespaces in an organization or enterprise.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id

codespaces.restore: A codespace was restored.
フィールド: user_agent, request_id, actor, actor_id, owner, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type

codespaces.start_environment: A codespace was started.
フィールド: actor, actor_id, user_agent, request_id, name, org, owner, pull_request_id, machine_type, user_id, user, devcontainer_path, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

codespaces.suspend_environment: A codespace was stopped.
フィールド: user_agent, request_id, actor, actor_id, owner, action, operation_type, @timestamp, created_at, _document_id, public_repo, token_scopes, programmatic_access_type

codespaces.trusted_repositories_access_update: A personal account's access and security setting for Codespaces were updated.
フィールド: user_agent, request_id, actor, actor_id, business, org, org_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: Managing access to other repositories within your codespace

commit_comment

commit_comment.destroy: A commit comment was deleted.
フィールド: actor, repo, org, org_id, created_at, @timestamp, operation_type, repo_id, actor_id, request_id, _document_id, user_agent, action, programmatic_access_type

commit_comment.update: A commit comment was updated.
フィールド: _document_id, repo_id, actor, org, request_id, action, @timestamp, repo, org_id, actor_id, created_at, user_agent, operation_type, token_scopes, programmatic_access_type

copilot

copilot.access_revoked: Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.
フィールド: actor, actor_id, user_agent, request_id, reason, plan, org_id, owner, org, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

copilot.cfb_enterprise_org_enablement_changed: The Copilot enablement policy changed at the enterprise level to either allow or disable access for all organizations, or to allow access for selected organizations.
フィールド: actor, actor_id, user_agent, request_id, previous_value, current_value, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

copilot.cfb_enterprise_settings_changed: Copilot feature settings were changed at the enterprise level.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

copilot.cfb_org_settings_changed: Copilot feature settings were changed at the organization level.
フィールド: actor, actor_id, user_agent, request_id, action, _document_id, @timestamp, created_at, operation_type

copilot.cfb_seat_added: A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.
フィールド: user_agent, request_id, token_id, hashed_token, programmatic_access_type, actor, actor_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header

copilot.cfb_seat_assignment_created: A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.
フィールド: actor, actor_id, user_agent, request_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: What is GitHub Copilot?

copilot.cfb_seat_assignment_refreshed: A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.
フィールド: user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header

copilot.cfb_seat_assignment_reused: A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type

copilot.cfb_seat_assignment_unassigned: A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header

copilot.cfb_seat_cancelled: A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, seat_assignment, request_access_security_header

copilot.cfb_seat_cancelled_by_staff: A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.
フィールド: actor, actor_id, user_agent, request_id, user_id, user, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id

copilot.cfb_seat_management_changed: The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.
フィールド: actor, actor_id, user_agent, request_id, old_value, new_value, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

copilot.clickwrap_save_event: The GitHub Copilot Product Terms or Pre-Release Preview Terms were accepted.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

copilot.content_exclusion_changed: The excluded paths for GitHub Copilot were updated.
フィールド: actor, actor_id, user_agent, request_id, excluded_paths, owner_type, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id

copilot.enterprise_enablement_changed: Copilot access was enabled or disabled at the enterprise level.
フィールド: actor, actor_id, user_agent, request_id, previous_value, current_value, business, business_id, action, _document_id, @timestamp, created_at, operation_type

copilot.knowledge_base_created: A knowledge base was created in the organization.
フィールド: actor, actor_id, user_agent, request_id, knowledge_base_name, org_id, org, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: Creating and managing GitHub Copilot knowledge bases

copilot.knowledge_base_deleted: A knowledge base was deleted from the organization.
フィールド: actor, actor_id, user_agent, request_id, knowledge_base_name, org_id, org, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: Creating and managing GitHub Copilot knowledge bases

copilot.knowledge_base_updated: A knowledge base was updated in the organization.
フィールド: actor, actor_id, user_agent, request_id, knowledge_base_name, org_id, org, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: Creating and managing GitHub Copilot knowledge bases

copilot.plan_changed: The plan for GitHub Copilot was updated.
フィールド: actor, actor_id, user_agent, request_id, old_plan, plan, business_id, business, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: GitHub Copilot licenses

copilot.plan_downgrade_scheduled: The plan for GitHub Copilot was scheduled to be downgraded.
フィールド: actor, actor_id, user_agent, request_id, org_id, owner, org, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, current_plan, scheduled_plan

custom_property_definition

custom_property_definition.create: A new custom property definition was created.
フィールド: actor, actor_id, user_agent, request_id, property_name, action, _document_id, @timestamp, created_at, operation_type, business, business_id, value_type, required, default_value, definition_id
リファレンス: /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

custom_property_definition.destroy: A custom property definition was deleted.
フィールド: actor, actor_id, user_agent, request_id, property_name, action, _document_id, @timestamp, created_at, operation_type, business, business_id, value_type, required, default_value, definition_id, allowed_values
リファレンス: /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

custom_property_definition.update: A custom property definition was updated.
フィールド: actor, actor_id, user_agent, request_id, property_name, action, _document_id, @timestamp, created_at, operation_type, value_type, required, default_value, old_allowed_values, allowed_values, definition_id, old_required, old_default_value, old_value_type, old_values_editable_by, values_editable_by, request_access_security_header
リファレンス: /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

custom_property_value

custom_property_value.create: A repository's custom property value was manually set for the first time.
フィールド: actor, actor_id, user_agent, request_id, definition_id, property_name, value, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

custom_property_value.destroy: A repository's custom property value was deleted.
フィールド: actor, actor_id, user_agent, request_id, repository, repository_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

custom_property_value.update: A repository's custom property value was updated.
フィールド: actor, actor_id, user_agent, request_id, repository, repository_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, definition_id
リファレンス: /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

dependabot_alerts

dependabot_alerts.disable: Dependabot alerts were disabled for all existing repositories.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories

dependabot_alerts.enable: Dependabot alerts were enabled for all existing repositories.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories

dependabot_alerts_new_repos

dependabot_alerts_new_repos.disable: Dependabot alerts were disabled for all new repositories.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added

dependabot_alerts_new_repos.enable: Dependabot alerts were enabled for all new repositories.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added

dependabot_repository_access

dependabot_repository_access.default_access_level_updated: The default repository access for Dependabot was updated.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, org, org_id, access_level, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot

dependabot_repository_access.repositories_updated: The repositories that Dependabot can access were updated.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id

dependabot_security_updates

dependabot_security_updates.disable: Dependabot security updates were disabled for all existing repositories.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependabot_security_updates.enable: Dependabot security updates were enabled for all existing repositories.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id

dependabot_security_updates_new_repos

dependabot_security_updates_new_repos.disable: Dependabot security updates were disabled for all new repositories.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependabot_security_updates_new_repos.enable: Dependabot security updates were enabled for all new repositories.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id

dependency_graph

dependency_graph.disable: The dependency graph was disabled for all existing repositories.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependency_graph.enable: The dependency graph was enabled for all existing repositories.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id

dependency_graph_new_repos

dependency_graph_new_repos.disable: The dependency graph was disabled for all new repositories.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependency_graph_new_repos.enable: The dependency graph was enabled for all new repositories.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id, request_access_security_header

discussion_post

discussion_post.destroy: Triggered when a team discussion post is deleted.
フィールド: request_id, team, created_at, user_id, @timestamp, number, org, title, actor, actor_id, user, action, user_agent, operation_type, _document_id
リファレンス: /communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment

discussion_post.update: Triggered when a team discussion post is edited.
フィールド: created_at, _document_id, title, user, user_agent, org, operation_type, actor_id, @timestamp, actor, team, action, org_id, request_id, user_id, number
リファレンス: /communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment

discussion_post_reply

discussion_post_reply.destroy: Triggered when a reply to a team discussion post is deleted.
フィールド: actor_id, action, @timestamp, user_agent, operation_type, user_id, actor, number, user, created_at, request_id, _document_id
リファレンス: /communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment

discussion_post_reply.update: Triggered when a reply to a team discussion post is edited.
フィールド: action, _document_id, request_id, org, @timestamp, actor_id, operation_type, user, user_id, org_id, user_agent, actor, number, team, created_at
リファレンス: /communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment

enterprise_announcement

enterprise_announcement.create: A global announcement banner was created for the enterprise.
フィールド: actor, actor_id, user_agent, request_id, owner, owner_type, business_id, message, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Customizing user messages for your enterprise

enterprise_announcement.destroy: A global announcement banner was removed from the enterprise.
フィールド: actor, actor_id, user_agent, request_id, owner, owner_type, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Customizing user messages for your enterprise

enterprise_announcement.update: A global announcement banner was updated for the enterprise.
フィールド: actor, actor_id, user_agent, request_id, owner, owner_type, business_id, message, old_message, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Customizing user messages for your enterprise

enterprise

enterprise.configure_self_hosted_jit_runner: A new just-in-time GitHub Actions self-hosted runner was configured
フィールド: user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, oauth_application_id, token_id, token_scopes, business, business_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise

enterprise.register_self_hosted_runner: A new GitHub Actions self-hosted runner was registered.
フィールド: user_agent, request_id, actor, actor_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
リファレンス: Adding self-hosted runners

enterprise.remove_self_hosted_runner: A GitHub Actions self-hosted runner was removed.
フィールド: user_agent, request_id, actor, actor_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, request_access_security_header
リファレンス: Removing self-hosted runners

enterprise.runner_group_created: A GitHub Actions self-hosted runner group was created.
フィールド: user_agent, request_id, actor, actor_id, runner_group_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, runner_group_restricted_to_workflows
リファレンス: Removing self-hosted runners

enterprise.runner_group_removed: A GitHub Actions self-hosted runner group was removed.
フィールド: user_agent, request_id, actor, actor_id, runner_group_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: Managing access to self-hosted runners using groups

enterprise.runner_group_renamed: A GitHub Actions self-hosted runner group was renamed.
フィールド: user_agent, request_id, actor, actor_id, runner_group_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: Managing access to self-hosted runners using groups

enterprise.runner_group_runner_removed: The REST API was used to remove a GitHub Actions self-hosted runner from a group.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, runner_group_id, runner_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization

enterprise.runner_group_runners_added: A GitHub Actions self-hosted runner was added to a group.
フィールド: user_agent, request_id, actor, actor_id, runner_group_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
リファレンス: Managing access to self-hosted runners using groups

enterprise.runner_group_runners_updated: A GitHub Actions runner group's list of members was updated.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, runner_group_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /rest/actions#set-self-hosted-runners-in-a-group-for-an-organization

enterprise.runner_group_updated: The configuration of a GitHub Actions self-hosted runner group was changed.
フィールド: user_agent, request_id, actor, actor_id, runner_group_id, runner_group_name, runner_group_allow_public, business, business_id, action, operation_type, @timestamp, created_at, _document_id, runner_group_restricted_to_workflows, runner_group_selected_workflow_refs, network_configuration_id, request_access_security_header
リファレンス: Managing access to self-hosted runners using groups

enterprise.runner_group_visiblity_updated: The visibility of a GitHub Actions self-hosted runner group was updated via the REST API.
フィールド: user_agent, request_id, actor, actor_id, runner_group_id, visibility, business, business_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /rest/actions#update-a-self-hosted-runner-group-for-an-organization

enterprise.self_hosted_runner_offline: The GitHub Actions runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: business_id, runner_id, runner_name, action, _document_id, operation_type, created_at, @timestamp
リファレンス: Monitoring and troubleshooting self-hosted runners

enterprise.self_hosted_runner_online: The GitHub Actions runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: business_id, runner_id, runner_name, action, _document_id, operation_type, created_at, @timestamp
リファレンス: Monitoring and troubleshooting self-hosted runners

enterprise.self_hosted_runner_updated: The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.
フィールド: business_id, runner_id, runner_name, source_version, target_version, runner_group_id, runner_group_name, action, _document_id, operation_type, created_at, @timestamp
リファレンス: Self-hosted runners

enterprise_domain

enterprise_domain.approve: A domain was approved for an enterprise.
フィールド: user_agent, request_id, actor, actor_id, owner_type, domain_name, business_id, owner, action, operation_type, @timestamp, created_at, _document_id
リファレンス: Verifying or approving a domain for your enterprise

enterprise_domain.create: A domain was added to an enterprise.
フィールド: user_agent, request_id, actor, actor_id, created_at, owner_type, domain_name, owner, action, operation_type, @timestamp, _document_id
リファレンス: Verifying or approving a domain for your enterprise

enterprise_domain.destroy: A domain was removed from an enterprise.
フィールド: user_agent, request_id, actor, actor_id, created_at, owner_type, domain_name, owner, action, operation_type, @timestamp, _document_id
リファレンス: Verifying or approving a domain for your enterprise

enterprise_domain.verify: A domain was verified for an enterprise.
フィールド: user_agent, request_id, actor, actor_id, owner_type, domain_name, owner, action, operation_type, @timestamp, created_at, _document_id
リファレンス: Verifying or approving a domain for your enterprise

enterprise_installation

enterprise_installation.create: The GitHub App associated with a GitHub Connect connection was created.
フィールド: created_at, operation_type, @timestamp, _document_id, org_id, action, request_id, org, actor_id, user_agent, actor
リファレンス: Enabling GitHub Connect for GitHub.com

enterprise_installation.destroy: The GitHub App associated with a GitHub Connect connection was deleted.
フィールド: created_at, _document_id, action, @timestamp, actor_id, actor, user_agent, org, operation_type, request_id, org_id
リファレンス: Enabling GitHub Connect for GitHub.com

enterprise_role

enterprise_role.assign: An enterprise role was assigned to a user or enterprise team.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, enterprise_role_id, enterprise_role_name, business, business_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: Abilities of roles in an enterprise

enterprise_role.create: A custom enterprise role was created in an enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, name, owner, role_permissions, base_role, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: Abilities of roles in an enterprise

enterprise_role.destroy: A custom enterprise role was deleted in an enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, name, owner, role_permissions, base_role, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: Abilities of roles in an enterprise

enterprise_role.revoke: A user or enterprise team was unassigned an enterprise role.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, enterprise_role_id, enterprise_role_name, business, business_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: Abilities of roles in an enterprise

enterprise_role.update: A custom enterprise role was edited in an enterprise.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, name, owner, role_permissions, base_role, old_role_permissions, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: Abilities of roles in an enterprise

enterprise_team

enterprise_team.add_member: A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.
フィールド: actor, actor_id, user_agent, request_id, user_id, business_id, enterprise_team_id, enterprise_team, user, business, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

enterprise_team.copilot_assignment: A license for GitHub Copilot was assigned to an enterprise team.
フィールド: actor, actor_id, user_agent, request_id, business_id, enterprise_team_id, enterprise_team, business, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

enterprise_team.copilot_unassignment: A license for GitHub Copilot was unassigned from an enterprise team.
フィールド: actor, actor_id, user_agent, request_id, business_id, enterprise_team_id, enterprise_team, business, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

enterprise_team.create: A new enterprise team was created.
フィールド: actor, actor_id, user_agent, request_id, business_id, enterprise_team_id, enterprise_team, business, action, _document_id, @timestamp, created_at, operation_type

enterprise_team.destroy: An enterprise team was deleted.
フィールド: actor, actor_id, user_agent, request_id, business_id, enterprise_team_id, enterprise_team, business, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

enterprise_team.remove_member: A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.
フィールド: actor, actor_id, user_agent, request_id, user_id, business_id, enterprise_team_id, enterprise_team, user, business, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

enterprise_team.rename: The name of an enterprise team was changed.
フィールド: actor, actor_id, user_agent, request_id, name, business_id, enterprise_team_id, enterprise_team, business, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

environment

environment.add_protection_rule: A GitHub Actions deployment protection rule was created via the API.
フィールド: user_agent, request_id, actor, actor_id, name, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header
リファレンス: Managing environments for deployment

environment.create_actions_secret: A secret was created for a GitHub Actions environment.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, key, visibility, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, public_repo, token_scopes, programmatic_access_type, request_access_security_header
リファレンス: Managing environments for deployment

environment.create_actions_variable: A variable was created for a GitHub Actions environment.
フィールド: actor, actor_id, user_agent, request_id, key, visibility, environment_name, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: Store information in variables

environment.delete: An environment was deleted.
フィールド: user_agent, request_id, actor, actor_id, name, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, token_scopes, programmatic_access_type, actor_is_bot, request_access_security_header
リファレンス: Managing environments for deployment

environment.remove_actions_secret: A secret was deleted for a GitHub Actions environment.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, key, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, public_repo, token_scopes, request_access_security_header
リファレンス: Managing environments for deployment

environment.remove_actions_variable: A variable was deleted for a GitHub Actions environment.
フィールド: actor, actor_id, user_agent, request_id, key, environment_name, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Store information in variables

environment.remove_protection_rule: A GitHub Actions deployment protection rule was deleted via the API.
フィールド: user_agent, request_id, actor, actor_id, name, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, request_access_security_header
リファレンス: Managing environments for deployment

environment.update_actions_secret: A secret was updated for a GitHub Actions environment.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, key, visibility, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, request_access_security_header
リファレンス: Managing environments for deployment

environment.update_actions_variable: A variable was updated for a GitHub Actions environment.
フィールド: actor, actor_id, user_agent, request_id, key, visibility, environment_name, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Store information in variables

environment.update_protection_rule: A GitHub Actions deployment protection rule was updated via the API.
フィールド: user_agent, request_id, actor, actor_id, repo, repo_id, org, org_id, action, @timestamp, _document_id, new_value, approvers_was, approvers, programmatic_access_type, can_admins_bypass, prevent_self_review
リファレンス: Managing environments for deployment

external_group

external_group.add_member: A user was added to an external group.
フィールド: user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, external_group, external_group_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, scim_group_id, request_access_security_header

external_group.delete: An external group was deleted.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes, scim_group_id

external_group.link: An external group was linked to a GitHub team.
フィールド: user_agent, request_id, actor, actor_id, external_group_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, external_group, programmatic_access_type, scim_group_id, request_access_security_header

external_group.provision: An external group was created.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes, programmatic_access_type, request_access_security_header

external_group.remove_member: A user was removed from an external group.
フィールド: user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, external_group, external_group_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header

external_group.scim_api_failure: Failed external group SCIM API request.
フィールド: user_agent, request_id, request_method, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, query_string, api_request_body, route, status_code, url_path, scim_group_id, message, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: REST API endpoints for SCIM

external_group.scim_api_success: Successful external group SCIM API request. Excludes GET API requests.
フィールド: user_agent, request_id, request_method, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, query_string, api_request_body, route, status_code, url_path, scim_group_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: REST API endpoints for SCIM

external_group.unlink: An external group was unlinked to a GitHub team.
フィールド: user_agent, request_id, actor, actor_id, external_group_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, external_group

external_group.update: An external group was updated.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes, programmatic_access_type, scim_group_id, request_access_security_header

external_group.update_display_name: An external group's display name was updated.
フィールド: user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, external_group_id, external_group, action, _document_id, @timestamp, created_at, operation_type, business, business_id, scim_group_id, request_access_security_header

external_identity

external_identity.deprovision: An external identity was deprovisioned, suspending the linked GitHub user.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, action, user_id, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, request_access_security_header

external_identity.provision: An external identity was created and linked to a GitHub user.
フィールド: user_agent, request_id, action, user_id, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, scim_user_id, request_access_security_header

external_identity.scim_api_failure: Failed external identity SCIM API request.
フィールド: user_agent, request_id, request_method, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, query_string, api_request_body, route, status_code, url_path, scim_user_id, message, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: REST API endpoints for SCIM

external_identity.scim_api_success: Successful external identity SCIM API request. Excludes GET API requests.
フィールド: user_agent, request_id, request_method, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, query_string, api_request_body, route, status_code, url_path, scim_user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: REST API endpoints for SCIM

external_identity.update: An external identity was updated.
フィールド: user_agent, request_id, action, user_id, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, scim_user_id, request_access_security_header

Note: Git events have special access requirements and retention policies that differ from other audit log events. For GitHub Enterprise Cloud, access Git events via the REST API only with 7-day retention. For GitHub Enterprise Server, Git events must be enabled in audit log configuration and are not included in search results.

git.clone: A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: transport_protocol, request_id, repository, repository_id, repository_public, actor, actor_id, org, org_id, business, business_id, user, user_id, transport_protocol_name

git.fetch: Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: action, transport_protocol, request_id, repository, repository_id, repository_public, actor, actor_id, org, org_id, business, business_id, user, user_id, transport_protocol_name

git.push: Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: transport_protocol, request_id, repository, repository_id, repository_public, actor, actor_id, org, org_id, business, business_id, user, user_id, transport_protocol_name

hook

hook.active_changed: A hook's active status was updated.
フィールド: user_agent, request_id, actor, actor_id, created_at, name, events, active, active_was, hook_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, programmatic_access_type

hook.config_changed: A hook's configuration was changed.
フィールド: actor_id, operation_type, @timestamp, _document_id, actor, name, org, user_agent, request_id, hook_id, repo, repo_id, created_at, oauth_application_id, action, events, org_id, token_scopes, programmatic_access_type

hook.create: A new hook was added.
フィールド: oauth_application, _document_id, user_agent, actor, actor_id, oauth_application_id, repo_id, request_id, hook_id, events, repo, @timestamp, operation_type, name, action, created_at, org_id, org, token_scopes, programmatic_access_type
リファレンス: About webhooks

hook.destroy: A hook was deleted.
フィールド: actor, events, repo, created_at, org, name, request_id, actor_id, repo_id, org_id, action, operation_type, oauth_application_id, user_agent, hook_id, @timestamp, _document_id, token_scopes, programmatic_access_type

hook.events_changed: A hook's configured events were changed.
フィールド: actor, events, repo, operation_type, action, _document_id, actor_id, name, events_were, @timestamp, created_at, hook_id, repo_id, org_id, org, user_agent, request_id, oauth_application_id, token_scopes, programmatic_access_type

integration

integration.create: A GitHub App was created.
フィールド: user, action, operation_type, @timestamp, actor, user_agent, actor_id, request_id, name, user_id, _document_id, integration, created_at, programmatic_access_type, request_access_security_header, application_client_id

integration.destroy: A GitHub App was deleted.
フィールド: actor, user_id, actor_id, request_id, @timestamp, name, integration, user, _document_id, action, operation_type, created_at, user_agent

integration.manager_added: A member of an enterprise or organization was added as a GitHub App manager.
フィールド: created_at, action, _document_id, name, org_id, manager, operation_type, actor, integration, org, @timestamp, actor_id, request_id, user_agent
リファレンス: /organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization

integration.manager_removed: A member of an enterprise or organization was removed from being a GitHub App manager.
フィールド: user_agent, request_id, actor_id, org, operation_type, integration, org_id, _document_id, action, actor, name, created_at, manager, @timestamp
リファレンス: /organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization

integration.remove_client_secret: A client secret for a GitHub App was removed.
フィールド: user_agent, request_id, actor, actor_id, name, integration, user, user_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header

integration.revoke_all_tokens: All user tokens for a GitHub App were requested to be revoked.
フィールド: user_agent, request_id, actor, actor_id, name, integration, user, user_id, action, operation_type, @timestamp, created_at, _document_id, application_client_id

integration.revoke_tokens: Token(s) for a GitHub App were revoked.
フィールド: user_agent, request_id, actor, actor_id, name, integration, user, user_id, action, operation_type, @timestamp, created_at, _document_id, application_client_id

integration.suspend: A GitHub App was suspended.
フィールド: actor, actor_id, user_agent, request_id, name, integration, user, user_id, action, _document_id, @timestamp, created_at, operation_type, application_client_id
リファレンス: /apps/maintaining-github-apps/suspending-a-github-app-installation

integration.transfer: Ownership of a GitHub App was transferred to another user or organization.
フィールド: @timestamp, user_id, name, transfer_to_id, user, requester, action, requester_id, actor_id, created_at, _document_id, user_agent, transfer_to, operation_type, request_id, actor, integration, transfer_from, transfer_from_id, transfer_from_type, transfer_to_type
リファレンス: /apps/maintaining-github-apps/transferring-ownership-of-a-github-app

integration.unsuspend: A GitHub App was unsuspended.
フィールド: actor, actor_id, user_agent, request_id, name, integration, user, user_id, action, _document_id, @timestamp, created_at, operation_type, application_client_id
リファレンス: /apps/maintaining-github-apps/suspending-a-github-app-installation

integration_installation

integration_installation.create: A GitHub App was installed.
フィールド: operation_type, @timestamp, name, request_id, repository_selection, user_id, action, user_agent, user, created_at, integration, _document_id, programmatic_access_type, application_client_id
リファレンス: /apps/using-github-apps/authorizing-github-apps

integration_installation.destroy: A GitHub App was uninstalled.
フィールド: @timestamp, request_id, actor, created_at, _document_id, repository_selection, integration, user_id, user, action, operation_type, name, actor_id, user_agent, programmatic_access_type, application_client_id
リファレンス: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access

integration_installation.repositories_added: Repositories were added to a GitHub App.
フィールド: user_id, repository_selection, name, user, request_id, integration, operation_type, actor_id, action, repositories_added, created_at, _document_id, @timestamp, actor, user_agent, token_scopes, repositories_added_names, programmatic_access_type, actor_is_bot, application_client_id
リファレンス: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access

integration_installation.repositories_removed: Repositories were removed from a GitHub App.
フィールド: user, operation_type, user_agent, actor, repository_selection, repositories_removed, integration, user_id, created_at, _document_id, request_id, @timestamp, name, action, actor_id, repositories_removed_names, programmatic_access_type, actor_is_bot, application_client_id
リファレンス: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access

integration_installation.suspend: A GitHub App was suspended.
フィールド: user_agent, request_id, name, repository_selection, actor_id, integration, user, user_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header, application_client_id
リファレンス: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access

integration_installation.unsuspend: A GitHub App was unsuspended.
フィールド: user_agent, request_id, name, repository_selection, actor_id, integration, user, user_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access

integration_installation.version_updated: Permissions for a GitHub App were updated.
フィールド: integration, user_id, user_agent, name, user, operation_type, actor_id, action, _document_id, request_id, created_at, repository_selection, @timestamp, actor, application_client_id
リファレンス: /apps/using-github-apps/approving-updated-permissions-for-a-github-app

integration_installation_request

integration_installation_request.close: A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.
フィールド: url, actor, actor_id, created_at, request_id, operation_type, @timestamp, integration, action, user_agent, reason, _document_id, org, org_id, request_access_security_header, application_client_id
リファレンス: /apps/using-github-apps/requesting-a-github-app-from-your-organization-owner

integration_installation_request.create: A member requested that an owner install a GitHub App.
フィールド: @timestamp, actor_id, org, _document_id, requester, action, user_agent, created_at, url, org_id, request_id, operation_type, actor, integration, request_access_security_header, application_client_id
リファレンス: /apps/using-github-apps/requesting-a-github-app-from-your-organization-owner

ip_allow_list

ip_allow_list.disable: An IP allow list was disabled.
フィールド: operation_type, actor, request_id, org, user_agent, _document_id, user_id, actor_id, created_at, org_id, action, @timestamp, user

ip_allow_list.disable_for_installed_apps: An IP allow list was disabled for installed GitHub Apps.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, business, business_id, action, operation_type, @timestamp, _document_id

ip_allow_list.disable_idp_ip_allowlist_for_web: Identity Provider based IP allow list for web interactions was disabled.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

ip_allow_list.disable_user_level_enforcement: IP allow list user level enforcement was disabled.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

ip_allow_list.enable: An IP allow list was enabled.
フィールド: org_id, business, user_id, request_id, actor, user, business_id, _document_id, action, @timestamp, user_agent, actor_id, operation_type, org, created_at

ip_allow_list.enable_for_installed_apps: An IP allow list was enabled for installed GitHub Apps.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, business, business_id, action, operation_type, @timestamp, _document_id

ip_allow_list.enable_idp_ip_allowlist_for_web: Identity Provider based IP allow list for web interactions was enabled.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

ip_allow_list.enable_user_level_enforcement: IP allow list user level enforcement was enabled.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

ip_allow_list_entry

ip_allow_list_entry.create: An IP address was added to an IP allow list.
フィールド: active, org, ip_allow_list_entry, @timestamp, _document_id, operation_type, created_at, user_agent, action, request_id, actor_id, business_id, org_id, business, actor, token_scopes, programmatic_access_type, request_access_security_header

ip_allow_list_entry.destroy: An IP address was deleted from an IP allow list.
フィールド: _document_id, request_id, ip_allow_list_entry, org, operation_type, created_at, active, action, @timestamp, business, business_id, user_agent, org_id, actor, actor_id, token_scopes, programmatic_access_type, request_access_security_header

ip_allow_list_entry.update: An IP address or its description was changed.
フィールド: request_id, _document_id, actor, org, action, operation_type, created_at, user_agent, actor_id, ip_allow_list_entry, active, org_id, @timestamp

issue_comment

issue_comment.destroy: A comment on an issue was deleted from the repository.
フィールド: org_id, org, repo, actor_id, @timestamp, created_at, _document_id, action, operation_type, user_agent, repo_id, actor, request_id, oauth_application_id, token_scopes, programmatic_access_type

issue_comment.update: A comment on an issue (other than the initial one) changed.
フィールド: repo, org, action, repo_id, org_id, created_at, operation_type, @timestamp, user_agent, request_id, _document_id, actor_id, actor, oauth_application_id, token_scopes, programmatic_access_type

issue

issue.destroy: An issue was deleted from the repository.
フィールド: user, actor_id, created_at, title, @timestamp, _document_id, request_id, actor, user_id, action, operation_type, user_agent, repo, token_scopes, programmatic_access_type
リファレンス: Deleting an issue

issue.pinned: An issue was pinned to a repository.
フィールド: _document_id, user_agent, actor_id, created_at, action, actor, operation_type, owner_type, @timestamp, repo_id, request_id, number, repo, event, user, user_id, request_access_security_header
リファレンス: Pinning an issue to your repository

issue.transfer: An issue was transferred to another repository.
フィールド: user, user_id, @timestamp, user_agent, owner_type, actor_id, number, repo, operation_type, _document_id, repo_id, action, request_id, created_at, actor, programmatic_access_type
リファレンス: Transferring an issue to another repository

issue.unpinned: An issue was unpinned from a repository.
フィールド: event, user_agent, actor_id, repo_id, actor, action, created_at, request_id, repo, operation_type, _document_id, number, owner_type, @timestamp, user, user_id, token_scopes, request_access_security_header
リファレンス: Pinning an issue to your repository

issues

issues.deletes_disabled: The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.
フィールド: user_agent, action, @timestamp, operation_type, request_id, actor_id, user_id, created_at, _document_id, actor, user, org, org_id
リファレンス: Enforcing repository management policies in your enterprise

issues.deletes_enabled: The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.
フィールド: actor_id, user, user_id, org, org_id, action, _document_id, request_id, actor, @timestamp, created_at, user_agent, operation_type
リファレンス: Enforcing repository management policies in your enterprise

issues.deletes_policy_cleared: An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.
フィールド: user, request_id, actor, business_id, action, operation_type, user_agent, created_at, @timestamp, _document_id, business, user_id, actor_id
リファレンス: Enforcing repository management policies in your enterprise

marketplace_agreement_signature

marketplace_agreement_signature.create: The GitHub Marketplace Developer Agreement was signed.
フィールド: request_id, actor, actor_id, @timestamp, _document_id, user_agent, operation_type, created_at, action, user, user_id, request_access_security_header

marketplace_listing

marketplace_listing.approve: A listing was approved for inclusion in GitHub Marketplace.
フィールド: secondary_category, actor, primary_category, user, @timestamp, _document_id, user_id, user_agent, operation_type, created_at, request_id, actor_id, marketplace_listing, integration, action

marketplace_listing.change_category: A category for a listing for an app in GitHub Marketplace was changed.
フィールド: primary_category, user_agent, request_id, actor, marketplace_listing, @timestamp, integration, org_id, action, org, secondary_category, operation_type, created_at, actor_id, _document_id

marketplace_listing.create: A listing for an app in GitHub Marketplace was created.
フィールド: primary_category, _document_id, user, created_at, user_agent, oauth_application, action, request_id, marketplace_listing, user_id, secondary_category, oauth_application_id, actor, actor_id, operation_type, @timestamp

marketplace_listing.delist: A listing was removed from GitHub Marketplace.
フィールド: org, actor, actor_id, user_agent, request_id, org_id, created_at, secondary_category, operation_type, marketplace_listing, action, @timestamp, _document_id, primary_category, integration

marketplace_listing.redraft: A listing was sent back to draft state.
フィールド: _document_id, secondary_category, oauth_application_id, @timestamp, action, user_agent, user_id, operation_type, oauth_application, actor, created_at, marketplace_listing, request_id, actor_id, primary_category, user

marketplace_listing.reject: A listing was not accepted for inclusion in GitHub Marketplace.
フィールド: user_agent, request_id, actor, actor_id, primary_category, secondary_category, marketplace_listing, oauth_application, oauth_application_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id

members_can_create_pages

For more information, see "Managing the publication of GitHub Pages sites for your organization."

members_can_create_pages.disable: The ability for members to publish GitHub Pages sites was disabled.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes
リファレンス: /organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization

members_can_create_pages.enable: The ability for members to publish GitHub Pages sites was enabled.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes
リファレンス: /organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization

members_can_create_public_pages

members_can_create_public_pages.disable: The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization

members_can_create_public_pages.enable: The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes
リファレンス: /organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization

members_can_delete_repos

members_can_delete_repos.clear: An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.
フィールド: _document_id, request_id, user, user_id, business, operation_type, user_agent, actor, actor_id, business_id, @timestamp, created_at, action
リファレンス: Enforcing repository management policies in your enterprise

members_can_delete_repos.disable: The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.
フィールド: request_id, org, _document_id, actor_id, user, user_id, user_agent, actor, operation_type, org_id, action, @timestamp, created_at
リファレンス: Enforcing repository management policies in your enterprise

members_can_delete_repos.enable: The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.
フィールド: action, org_id, user_id, business, actor_id, @timestamp, _document_id, request_id, user, business_id, created_at, actor, org, operation_type, user_agent
リファレンス: Enforcing repository management policies in your enterprise

members_can_view_dependency_insights

members_can_view_dependency_insights.clear: An enterprise owner cleared the policy setting for viewing dependency insights in any organizations in an enterprise.
フィールド: @timestamp, _document_id, user_agent, actor_id, user, user_id, business, business_id, created_at, request_id, actor, action, operation_type

members_can_view_dependency_insights.disable: The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.
フィールド: business, created_at, user_id, business_id, user, org, operation_type, request_id, actor, _document_id, action, user_agent, actor_id, org_id, @timestamp
リファレンス: Enforcing policies for code security and analysis for your enterprise

members_can_view_dependency_insights.enable: The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.
フィールド: request_id, created_at, _document_id, user_agent, user, user_id, business, business_id, operation_type, @timestamp, action, actor, actor_id
リファレンス: Enforcing policies for code security and analysis for your enterprise

merge_queue

merge_queue.pull_request_dequeued: A pull request was removed from a merge queue.
フィールド: actor, actor_id, user_agent, request_id, repo_id, public_repo, repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

merge_queue.pull_request_queue_jump: A pull request was moved ahead in a merge queue.
フィールド: user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, oauth_application_id, token_id, token_scopes, repo_id, public_repo, repo, action, _document_id, @timestamp, created_at, operation_type

merge_queue.queue_cleared: A merge queue was cleared.
フィールド: actor, actor_id, user_agent, request_id, repo_id, public_repo, repo, action, _document_id, @timestamp, created_at, operation_type

merge_queue.update_settings: The settings for a merge queue were updated.
フィールド: actor, actor_id, user_agent, request_id, max_entries_to_build, min_entries_to_merge, repo_id, public_repo, repo, action, _document_id, @timestamp, created_at, operation_type

migration

migration.create: A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.
フィールド: repo, org_id, _document_id, org, repo_id, action, actor, created_at, operation_type, @timestamp, user_agent, request_id, actor_id, token_scopes, programmatic_access_type, actor_is_bot, request_access_security_header

migration.destroy_file: A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.
フィールド: org, @timestamp, org_id, action, operation_type, created_at, repo, _document_id, repo_id, request_access_security_header

migration.download: A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.
フィールド: actor_id, org_id, request_id, oauth_application_id, repo_id, operation_type, @timestamp, user_agent, created_at, org, action, _document_id, repo, actor, token_scopes, programmatic_access_type, actor_is_bot, request_access_security_header

network_configuration

network_configuration.create: A network configuration for a hosted compute service was created.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, selected_service, network_settings_ids, previous_settings_ids, network_configuration_id
リファレンス: About networking for hosted compute products in your enterprise

network_configuration.delete: A network configuration for a hosted compute service was deleted.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, network_configuration_id
リファレンス: About networking for hosted compute products in your enterprise

network_configuration.update: A network configuration for a hosted compute service was updated.
フィールド: actor, actor_id, user_agent, request_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, selected_service, network_settings_ids, previous_settings_ids
リファレンス: About networking for hosted compute products in your enterprise

oauth_application

oauth_application.create: An OAuth application was created.
フィールド: org, created_at, oauth_application_id, operation_type, user_agent, actor_id, org_id, action, actor, oauth_application, @timestamp, _document_id, request_id, request_access_security_header
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.destroy: An OAuth application was deleted.
フィールド: created_at, oauth_application_id, user_id, operation_type, @timestamp, user_agent, oauth_application, _document_id, actor, actor_id, request_id, action, user, request_access_security_header
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.generate_client_secret: An OAuth application's secret key was generated.
フィールド: user_agent, request_id, actor, actor_id, oauth_application, oauth_application_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.remove_client_secret: An OAuth application's secret key was deleted.
フィールド: user_agent, request_id, actor, actor_id, oauth_application, oauth_application_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.reset_secret: The secret key for an OAuth application was reset.
フィールド: user, user_id, action, oauth_application, operation_type, request_id, actor_id, _document_id, created_at, actor, oauth_application_id, @timestamp, user_agent
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.revoke_all_tokens: All user tokens for an OAuth application were requested to be revoked.
フィールド: user_agent, request_id, actor, actor_id, oauth_application, oauth_application_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, request_access_security_header
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.revoke_tokens: Token(s) for an OAuth application were revoked.
フィールド: oauth_application_id, oauth_application, actor_id, user_agent, @timestamp, request_id, user_id, action, _document_id, actor, user, created_at, operation_type, request_access_security_header
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.transfer: An OAuth application was transferred from one account to another.
フィールド: actor, operation_type, created_at, user_agent, oauth_application, actor_id, oauth_application_id, @timestamp, user_id, _document_id, request_id, user, action
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

org

org.accept_business_invitation: An invitation sent to an organization to join an enterprise was accepted.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Adding organizations to your enterprise

org.add_billing_manager: A billing manager was added to an organization.
フィールド: operation_type, _document_id, user_agent, org, user_id, action, created_at, org_id, user, actor, actor_id, @timestamp, request_id, request_access_security_header
リファレンス: /organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization

org.add_member: A user joined an organization.
フィールド: permission, _document_id, org, operation_type, request_id, actor, user, @timestamp, created_at, user_agent, org_id, user_id, actor_id, action, programmatic_access_type, actor_is_bot

org.add_outside_collaborator: An outside collaborator was added to a repository.
フィールド: actor, actor_id, user_agent, request_id, inviter, org, org_id, repo, repo_id, public_repo, permission, invitee, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

org.advanced_security_disabled_for_new_repos: GitHub Advanced Security was disabled for new repositories in an organization.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes

org.advanced_security_disabled_on_all_repos: GitHub Advanced Security was disabled for all repositories in an organization.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes

org.advanced_security_enabled_for_new_repos: GitHub Advanced Security was enabled for new repositories in an organization.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes

org.advanced_security_enabled_on_all_repos: GitHub Advanced Security was enabled for all repositories in an organization.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes

org.advanced_security_entity_policy_update: An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, new_policy, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: Enforcing policies for code security and analysis for your enterprise

org.advanced_security_policy_selected_member_disabled: An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id
リファレンス: Enforcing policies for code security and analysis for your enterprise

org.advanced_security_policy_selected_member_enabled: An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, actor_is_bot
リファレンス: Enforcing policies for code security and analysis for your enterprise

org.audit_log_export: An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.
フィールド: org_id, operation_type, @timestamp, request_id, _document_id, actor, org, action, created_at, user_agent, actor_id
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log

org.audit_log_git_event_export: An export of the organization's Git events was created.
フィールド: user_agent, request_id, actor, actor_id, created_at, start, end, org, org_id, action, operation_type, @timestamp, _document_id, business, business_id
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization

org.block_user: An organization owner blocked a user from accessing the organization's repositories.
フィールド: actor, user_agent, org_id, created_at, _document_id, blocked_user, action, operation_type, actor_id, org, @timestamp, request_id
リファレンス: /communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization

org.cancel_business_invitation: An invitation for an organization to join an enterprise was revoked
フィールド: user_agent, request_id, actor, actor_id, org, org_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, initiated_from
リファレンス: Adding organizations to your enterprise

org.cancel_invitation: An invitation sent to a user to join an organization was revoked.
フィールド: actor_id, org_id, request_id, email, @timestamp, actor, action, operation_type, user_agent, org, invitation_id, _document_id, created_at, invitee_email, token_scopes, programmatic_access_type

org.code_scanning_autofix_disabled: Autofix for code scanning alerts was disabled for an organization.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

org.code_scanning_autofix_enabled: Autofix for code scanning alerts was enabled for an organization.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

org.code_scanning_autofix_third_party_tools_disabled: Autofix for third party tools for code scanning alerts was disabled for an organization.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

org.code_scanning_autofix_third_party_tools_enabled: Autofix for third party tools for code scanning alerts was enabled for an organization.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

org.codeql_disabled: Code scanning using the default setup was disabled for an organization.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale

org.codeql_enabled: Code scanning using the default setup was enabled for an organization.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale

org.codespaces_access_updated: Access to use Codespaces on internal and private repositories was updated for an organization.
フィールド: actor, actor_id, user_agent, request_id, enablement, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: /codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization

org.codespaces_ownership_updated: Ownership and payment for codespaces was updated for an organization.
フィールド: actor, actor_id, user_agent, request_id, owner_type, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
リファレンス: /codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization

org.codespaces_team_access_allowed: A team has been allowed to use Codespaces for an organization.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, team, action, _document_id, @timestamp, created_at, operation_type

org.codespaces_team_access_revoked: A team has been prevented from using Codespaces for an organization.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, team, action, _document_id, @timestamp, created_at, operation_type

org.codespaces_trusted_repo_access_granted: GitHub Codespaces was granted trusted repository access to all other repositories in an organization.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header
リファレンス: Managing access to other repositories within your codespace

org.codespaces_trusted_repo_access_revoked: GitHub Codespaces trusted repository access to all other repositories in an organization was revoked.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: Managing access to other repositories within your codespace

org.codespaces_user_access_allowed: A user has been allowed to use Codespaces for an organization.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id

org.codespaces_user_access_revoked: A user has been prevented from using Codespaces for an organization.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id

org.config.disable_collaborators_only: The interaction limit for collaborators only for an organization was disabled.
フィールド: request_id, org, action, operation_type, _document_id, actor, actor_id, @timestamp, user_agent, org_id, created_at
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization

org.config.disable_contributors_only: The interaction limit for prior contributors only for an organization was disabled.
フィールド: operation_type, @timestamp, created_at, user_agent, action, actor_id, org, _document_id, actor, org_id, request_id
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization

org.config.disable_sockpuppet_disallowed: The interaction limit for existing users only for an organization was disabled.
フィールド: _document_id, operation_type, actor_id, org_id, action, created_at, actor, org, @timestamp, user_agent, request_id
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization

org.config.enable_collaborators_only: The interaction limit for collaborators only for an organization was enabled.
フィールド: @timestamp, created_at, _document_id, actor_id, actor, org, org_id, request_id, operation_type, action, user_agent
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization

org.config.enable_contributors_only: The interaction limit for prior contributors only for an organization was enabled.
フィールド: actor, actor_id, org_id, action, operation_type, @timestamp, user_agent, request_id, org, created_at, _document_id
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization

org.config.enable_sockpuppet_disallowed: The interaction limit for existing users only for an organization was enabled.
フィールド: actor_id, request_id, action, created_at, user_agent, actor, _document_id, org_id, operation_type, org, @timestamp
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization

org.configure_self_hosted_jit_runner: A new just-in-time GitHub Actions self-hosted runner was configured
フィールド: user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization

org.confirm_business_invitation: An invitation for an organization to join an enterprise was confirmed.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Adding organizations to your enterprise

org.create: An organization was created.
フィールド: request_id, org, actor_id, actor, action, @timestamp, _document_id, user_agent, operation_type, org_id, created_at, request_access_security_header
リファレンス: /organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch

org.create_actions_secret: A GitHub Actions secret was created for an organization.
フィールド: user_agent, request_id, actor, actor_id, key, org, org_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header
リファレンス: Using secrets in GitHub Actions

org.create_actions_variable: A GitHub Actions variable was created for an organization.
フィールド: actor, actor_id, user_agent, request_id, key, visibility, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Store information in variables

org.create_integration_secret: A Codespaces or Dependabot secret was created for an organization.
フィールド: user_agent, request_id, actor, actor_id, key, visibility, integration, org, org_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes

org.delete: An organization was deleted by a user or staff.
フィールド: user_agent, @timestamp, _document_id, created_at, actor, org_id, org, action, actor_id, operation_type, request_id, request_access_security_header

org.disable_member_team_creation_permission: Team creation was limited to owners.
フィールド: actor, @timestamp, _document_id, user, user_id, action, created_at, actor_id, user_agent, org, org_id, operation_type, request_id, request_access_security_header
リファレンス: /organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization

org.disable_oauth_app_restrictions: Third-party application access restrictions for an organization were disabled.
フィールド: actor_id, org_id, action, _document_id, request_id, @timestamp, actor, org, operation_type, user_agent, created_at
リファレンス: /organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization

org.disable_reader_discussion_creation_permission: An organization owner limited discussion creation to users with at least triage permission in an organization.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization

org.disable_saml: SAML single sign-on was disabled for an organization.
フィールド: org_id, sso_url, issuer, action, @timestamp, _document_id, created_at, org, operation_type

org.disable_two_factor_requirement: A two-factor authentication requirement was disabled for the organization.
フィールド: created_at, org, org_id, action, actor, actor_id, operation_type, request_id, @timestamp, _document_id, user_agent

org.display_commenter_full_name_disabled: An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.
フィールド: actor, user_id, user, action, operation_type, @timestamp, _document_id, created_at, user_agent, org, actor_id, org_id, request_id

org.display_commenter_full_name_enabled: An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.
フィールド: org, user_agent, request_id, actor, _document_id, user_id, operation_type, @timestamp, created_at, user, action, actor_id, org_id

org.enable_member_team_creation_permission: Team creation by members was allowed.
フィールド: org_id, user, actor, operation_type, _document_id, user_id, created_at, user_agent, actor_id, org, request_id, action, @timestamp
リファレンス: /organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization

org.enable_oauth_app_restrictions: Third-party application access restrictions for an organization were enabled.
フィールド: actor_id, operation_type, org, created_at, _document_id, actor, org_id, action, user_agent, request_id, @timestamp
リファレンス: /organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization

org.enable_reader_discussion_creation_permission: An organization owner allowed users with read access to create discussions in an organization
フィールド: user_agent, request_id, actor, actor_id, created_at, org, org_id, user, user_id, action, operation_type, @timestamp, _document_id
リファレンス: /organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization

org.enable_saml: SAML single sign-on was enabled for the organization.
フィールド: actor_id, action, operation_type, actor, sso_url, org, created_at, @timestamp, issuer, org_id, _document_id, user_agent, request_id
リファレンス: Enabling and testing SAML single sign-on for your organization

org.enable_two_factor_requirement: Two-factor authentication is now required for the organization.
フィールド: actor_id, action, _document_id, org, @timestamp, actor, user_agent, org_id, operation_type, created_at, request_id
リファレンス: /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization

org.integration_manager_added: An organization owner granted a member access to manage all GitHub Apps owned by an organization.
フィールド: user_agent, org_id, manager, @timestamp, request_id, actor, operation_type, _document_id, actor_id, org, action, created_at

org.integration_manager_removed: An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.
フィールド: org_id, @timestamp, org, user_agent, request_id, action, actor, actor_id, manager, operation_type, created_at, _document_id

org.invite_member: A new user was invited to join an organization.
フィールド: org, user_id, invitation_id, org_id, user, action, operation_type, _document_id, actor, @timestamp, created_at, user_agent, actor_id, request_id, invitee_email, token_scopes, programmatic_access_type
リファレンス: /organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization

org.invite_to_business: An organization was invited to join an enterprise.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

org.members_can_update_protected_branches.disable: The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id

org.members_can_update_protected_branches.enable: The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.
フィールド: org, org_id, user_agent, actor_id, user_id, operation_type, @timestamp, created_at, request_id, _document_id, actor, user, action

org.oauth_app_access_approved: Access to an organization was granted for an OAuth App.
フィールド: url, actor, user_agent, request_id, actor_id, operation_type, org_id, _document_id, org, action, created_at, @timestamp, request_access_security_header, oauth_application_name
リファレンス: /organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization

org.oauth_app_access_denied: Access was disabled for an OAuth App that was previously approved.
フィールド: request_id, url, created_at, org_id, action, @timestamp, _document_id, user_agent, org, operation_type, actor, actor_id, oauth_application_name
リファレンス: /organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization

org.oauth_app_access_requested: An organization member requested that an owner grant an OAuth App access to an organization.
フィールド: actor, operation_type, created_at, user_agent, actor_id, _document_id, request_id, url, org_id, action, @timestamp, org, request_access_security_header, oauth_application_name

org.recovery_code_failed: An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.
フィールド: actor, actor_id, user_agent, request_id, reason, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: Accessing your organization if your identity provider is unavailable

org.recovery_code_used: An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
リファレンス: Accessing your organization if your identity provider is unavailable

org.recovery_codes_downloaded: An organization owner downloaded the organization's SSO recovery codes.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: Downloading your organization's SAML single sign-on recovery codes

org.recovery_codes_generated: An organization owner generated the organization's SSO recovery codes.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: Downloading your organization's SAML single sign-on recovery codes

org.recovery_codes_printed: An organization owner printed the organization's SSO recovery codes.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: Downloading your organization's SAML single sign-on recovery codes

org.recovery_codes_viewed: An organization owner viewed the organization's SSO recovery codes.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: Downloading your organization's SAML single sign-on recovery codes

org.register_self_hosted_runner: A new self-hosted runner was registered.
フィールド: actor, operation_type, @timestamp, _document_id, request_id, org, org_id, action, created_at, user_agent, actor_id, actor_is_bot, request_access_security_header
リファレンス: Adding self-hosted runners

org.remove_actions_secret: A GitHub Actions secret was removed from an organization.
フィールド: user_agent, request_id, actor, actor_id, key, org, org_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header
リファレンス: Using secrets in GitHub Actions

org.remove_actions_variable: A GitHub Actions variable was removed from an organization.
フィールド: actor, actor_id, user_agent, request_id, key, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
リファレンス: Store information in variables

org.remove_billing_manager: A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.
フィールド: user_id, user_agent, org_id, user, action, _document_id, operation_type, @timestamp, actor, org, actor_id, request_id, created_at
リファレンス: /organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization

org.remove_integration_secret: A Codespaces or Dependabot secret was removed from an organization.
フィールド: user_agent, request_id, actor, actor_id, key, integration, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes

org.remove_member: A member was removed from an organization, either manually or due to a two-factor authentication requirement.
フィールド: _document_id, request_id, actor_id, user_agent, actor, action, user_id, @timestamp, created_at, user, operation_type, org_id, org, token_scopes, programmatic_access_type

org.remove_outside_collaborator: An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.
フィールド: org, user, org_id, created_at, request_id, @timestamp, action, operation_type, user_agent, _document_id, actor, actor_id, user_id, programmatic_access_type, request_access_security_header

org.remove_self_hosted_runner: A self-hosted runner was removed.
フィールド: operation_type, org_id, @timestamp, _document_id, user_agent, request_id, actor_id, org, created_at, actor, action, programmatic_access_type
リファレンス: Removing self-hosted runners

org.rename: An organization was renamed.
フィールド: user_agent, _document_id, @timestamp, org, action, actor, old_login, org_id, request_id, actor_id, operation_type, created_at, request_access_security_header

org.required_workflow_create: Triggered when a required workflow is created.
フィールド: actor, actor_id, user_agent, request_id, org, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /actions/using-workflows/required-workflows

org.required_workflow_delete: Triggered when a required workflow is deleted.
フィールド: actor, actor_id, user_agent, request_id, org, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /actions/using-workflows/required-workflows

org.required_workflow_update: Triggered when a required workflow is updated.
フィールド: actor, actor_id, user_agent, request_id, org, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /actions/using-workflows/required-workflows

org.restore_member: An organization member was restored.
フィールド: user, actor, user_id, _document_id, action, created_at, org_id, operation_type, request_id, @timestamp, user_agent, org, actor_id, request_access_security_header
リファレンス: /organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization

org.runner_group_created: A self-hosted runner group was created.
フィールド: user_agent, request_id, actor, actor_id, runner_group_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, runner_group_restricted_to_workflows, runner_group_selected_workflow_refs, programmatic_access_type, network_configuration_id
リファレンス: Managing access to self-hosted runners using groups

org.runner_group_removed: A self-hosted runner group was removed.
フィールド: user_agent, request_id, actor, actor_id, runner_group_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, programmatic_access_type
リファレンス: Managing access to self-hosted runners using groups

org.runner_group_renamed: A self-hosted runner group was renamed.
フィールド: user_agent, request_id, actor, actor_id, runner_group_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id
リファレンス: Managing access to self-hosted runners using groups

org.runner_group_runner_removed: The REST API was used to remove a self-hosted runner from a group.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, runner_group_id, runner_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, request_access_security_header
リファレンス: /rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization

org.runner_group_runners_added: A self-hosted runner was added to a group.
フィールド: user_agent, request_id, actor, actor_id, runner_group_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes, programmatic_access_type, request_access_security_header
リファレンス: Managing access to self-hosted runners using groups

org.runner_group_runners_updated: A runner group's list of members was updated.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, runner_group_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /rest/actions#set-self-hosted-runners-in-a-group-for-an-organization

org.runner_group_updated: The configuration of a self-hosted runner group was changed.
フィールド: user_agent, request_id, actor, actor_id, runner_group_id, runner_group_name, runner_group_allow_public, org, org_id, action, operation_type, @timestamp, created_at, _document_id, runner_group_restricted_to_workflows, runner_group_selected_workflow_refs, programmatic_access_type, network_configuration_id, request_access_security_header
リファレンス: Managing access to self-hosted runners using groups

org.runner_group_visiblity_updated: The visibility of a self-hosted runner group was updated via the REST API.
フィールド: user_agent, request_id, actor, actor_id, runner_group_id, visibility, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id
リファレンス: /rest/actions#update-a-self-hosted-runner-group-for-an-organization

org.secret_scanning_custom_pattern_push_protection_disabled: Push protection for a custom pattern for secret scanning was disabled for an organization.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: Defining custom patterns for secret scanning

org.secret_scanning_custom_pattern_push_protection_enabled: Push protection for a custom pattern for secret scanning was enabled for an organization.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
リファレンス: Defining custom patterns for secret scanning

org.secret_scanning_push_protection_custom_message_disabled: The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, programmatic_access_type
リファレンス: About push protection

org.secret_scanning_push_protection_custom_message_enabled: The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, programmatic_access_type
リファレンス: About push protection

org.secret_scanning_push_protection_custom_message_updated: The custom message triggered by an attempted push to a push-protected repository was updated for an organization.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, programmatic_access_type
リファレンス: About push protection

org.secret_scanning_push_protection_disable: Push protection for secret scanning was disabled.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: About push protection

org.secret_scanning_push_protection_enable: Push protection for secret scanning was enabled.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: About push protection

org.secret_scanning_push_protection_new_repos_disable: Push protection for secret scanning was disabled for all new repositories in the organization.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, token_scopes
リファレンス: About push protection

org.secret_scanning_push_protection_new_repos_enable: Push protection for secret scanning was enabled for all new repositories in the organization.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, token_scopes
リファレンス: About push protection

org.self_hosted_runner_offline: The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: org_id, org, runner_id, runner_name, action, _document_id, operation_type, created_at, @timestamp
リファレンス: Monitoring and troubleshooting self-hosted runners

org.self_hosted_runner_online: The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: org_id, org, runner_id, runner_name, action, _document_id, operation_type, created_at, @timestamp
リファレンス: Monitoring and troubleshooting self-hosted runners

org.self_hosted_runner_updated: The runner application was updated. This event is not included in the JSON/CSV export.
フィールド: org_id, runner_id, runner_name, source_version, target_version, runner_group_id, runner_group_name
リファレンス: Self-hosted runners

org.set_actions_cache_retention_policy: The cache retention policy for GitHub Actions was set for an organization.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: /organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization

org.set_actions_cache_storage_policy: The cache storage policy for GitHub Actions was set for an organization.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: /organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization

org.set_actions_fork_pr_approvals_policy: The setting for requiring approvals for workflows from public forks was changed for an organization.
フィールド: user_agent, request_id, actor, actor_id, policy, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks

org.set_actions_private_fork_pr_approvals_policy: The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.
フィールド: actor, actor_id, user_agent, request_id, policy, org, org_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks

org.set_actions_retention_limit: The retention period for GitHub Actions artifacts and logs in an organization was changed.
フィールド: user_agent, request_id, actor, actor_id, limit, org, org_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization

org.set_default_workflow_permissions: The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization

org.set_fork_pr_workflows_policy: The policy for workflows on private repository forks was changed.
フィールド: user_agent, request_id, actor, actor_id, policy, org, org_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks

org.set_workflow_permission_can_approve_pr: The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests

org.sso_response: A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: action, user_agent, actor, actor_id, org_id, @timestamp, org, issuer, business, operation_type, created_at, request_id, business_id, _document_id, actor_is_bot, request_access_security_header

org.transfer: An organization was transferred between enterprise accounts.
フィールド: actor, actor_id, user_agent, request_id, from_business, to_business, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: Adding organizations to your enterprise

org.transfer_outgoing: An organization was transferred between enterprise accounts.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, business, business_id, from_business, to_business, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Adding organizations to your enterprise

org.unblock_user: A user was unblocked from an organization.
フィールド: oauth_application_id, _document_id, blocked_user, action, operation_type, @timestamp, request_id, created_at, actor, actor_id, org, org_id, user_agent
リファレンス: /communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization

org.update_actions_secret: A GitHub Actions secret was updated for an organization.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, created_at, key, org, org_id, action, operation_type, @timestamp, _document_id, programmatic_access_type
リファレンス: Using secrets in GitHub Actions

org.update_actions_settings: An organization owner or site administrator updated GitHub Actions policy settings for an organization.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, new_policy, updated_allowed_types, old_policy, updated_access_policy, programmatic_access_type, request_access_security_header
リファレンス: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization

org.update_actions_variable: A GitHub Actions variable was updated for an organization.
フィールド: actor, actor_id, user_agent, request_id, key, visibility, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Store information in variables

org.update_default_repository_permission: The default repository permission level for organization members was changed.
フィールド: actor, action, operation_type, created_at, org, org_id, request_id, @timestamp, user_agent, permission, actor_id, old_permission, _document_id, programmatic_access_type

org.update_immutable_releases_settings_policy: The settings policy for immutable releases was updated for an organization.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, old_policy, new_policy, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

org.update_integration_secret: A Codespaces or Dependabot secret was updated for an organization.
フィールド: user_agent, request_id, actor, actor_id, key, visibility, integration, org, org_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header

org.update_member: A person's role was changed from owner to member or member to owner.
フィールド: @timestamp, org_id, created_at, _document_id, user, user_id, action, request_id, actor_id, old_permission, permission, actor, user_agent, operation_type, org

org.update_member_repository_creation_permission: The create repository permission for organization members was changed.
フィールド: actor, action, @timestamp, request_id, actor_id, permission, created_at, user_agent, org, org_id, _document_id, visibility, operation_type

org.update_member_repository_invitation_permission: An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.
フィールド: actor_id, permission, action, org_id, actor, created_at, _document_id, business_id, operation_type, org, user_agent, request_id, business, @timestamp
リファレンス: Setting permissions for adding outside collaborators

org.update_new_repository_default_branch_setting: The name of the default branch was changed for new repositories in the organization.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization

org.update_saml_provider_settings: An organization's SAML provider settings were updated.
フィールド: user_agent, sso_url, actor_id, operation_type, @timestamp, issuer, org, _document_id, actor, org_id, created_at, request_id, action

org.update_terms_of_service: An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.
フィールド: request_id, org_id, actor, actor_id, user_agent, operation_type, _document_id, org, action, @timestamp, created_at, request_access_security_header
リファレンス: /organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement

org_credential_authorization

org_credential_authorization.deauthorize: A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.
フィールド: user_agent, request_id, operation_type, created_at, actor_id, org_id, business, action, @timestamp, org, _document_id, business_id, actor, token_scopes, programmatic_access_type, actor_is_bot, oauth_credential_type, managed_oauth_access_id, managed_token_id, managed_oauth_scopes, managed_token_scopes, managed_hashed_token
リファレンス: Authorizing a personal access token for use with single sign-on

org_credential_authorization.grant: A member authorized credentials for use with SAML or OIDC single sign-on.
フィールド: user_agent, actor, @timestamp, created_at, org_id, business_id, operation_type, request_id, _document_id, action, actor_id, business, org, token_scopes, programmatic_access_type, actor_is_bot, oauth_credential_type, request_access_security_header, managed_oauth_access_id, managed_token_id, managed_oauth_scopes, managed_token_scopes, managed_hashed_token
リファレンス: Authenticating with single sign-on

org_credential_authorization.revoke: An owner revoked authorized credentials.
フィールド: actor, org, @timestamp, owner, oauth_application_id, org_id, operation_type, action, business, request_id, created_at, business_id, actor_id, _document_id, user_agent, oauth_credential_type, managed_oauth_access_id, managed_token_id, managed_oauth_scopes, managed_token_scopes, managed_hashed_token
リファレンス: Viewing and managing a member's SAML access to your organization

org_secret_scanning_automatic_validity_checks

org_secret_scanning_automatic_validity_checks.disabled: Automatic partner validation checks have been disabled at the organization level
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization

org_secret_scanning_automatic_validity_checks.enabled: Automatic partner validation checks have been enabled at the organization level
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization

org_secret_scanning_custom_pattern

org_secret_scanning_custom_pattern.create: A custom pattern was created for secret scanning in an organization.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: Defining custom patterns for secret scanning

org_secret_scanning_custom_pattern.delete: A custom pattern was removed from secret scanning in an organization.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
リファレンス: Defining custom patterns for secret scanning

org_secret_scanning_custom_pattern.publish: A custom pattern was published for secret scanning in an organization.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: Defining custom patterns for secret scanning

org_secret_scanning_custom_pattern.update: Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: Defining custom patterns for secret scanning

org_secret_scanning_generic_secrets

org_secret_scanning_generic_secrets.disabled: Generic secrets have been disabled at the organization level
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header

org_secret_scanning_generic_secrets.enabled: Generic secrets have been enabled at the organization level
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header

org_secret_scanning_non_provider_patterns

org_secret_scanning_non_provider_patterns.disabled: Secret scanning for non-provider patterns was disabled at the organization level.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: Supported secret scanning patterns

org_secret_scanning_non_provider_patterns.enabled: Secret scanning for non-provider patterns was enabled at the organization level.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: Supported secret scanning patterns

org_secret_scanning_push_protection_bypass_list

org_secret_scanning_push_protection_bypass_list.add: A role or team was added to the push protection bypass list at the organization level.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: About push protection

org_secret_scanning_push_protection_bypass_list.disable: Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Specific roles or teams" to "Anyone with write access" at the organization level.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: About push protection

org_secret_scanning_push_protection_bypass_list.enable: Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Anyone with write access" to "Specific roles or teams" at the organization level.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: About push protection

org_secret_scanning_push_protection_bypass_list.remove: A role or team was removed from the push protection bypass list at the organization level.
フィールド: actor, actor_id, user_agent, request_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: About push protection

org_secret_scanning_push_protection_pattern_configuration

org_secret_scanning_push_protection_pattern_configuration.push_protection_setting_changed: The push protection setting was updated for a secret type for your organization.
フィールド: actor_id, actor, org_id, org, business, business_id, push_protection_setting, secret_type, secret_type_display_name, created_at
リファレンス: About push protection

org_secret_scanning_push_protection_pattern_configuration.updated: The push protection pattern configuration was updated for your organization.
フィールド: actor_id, actor, org_id, org, business, business_id, created_at
リファレンス: About push protection

organization_custom_property_definition

organization_custom_property_definition.create: A new organization custom property definition was created.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, definition_id, property_name, description, value_type, required, allowed_values, default_value, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: /admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise

organization_custom_property_definition.destroy: An organization custom property definition was deleted.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, definition_id, property_name, description, value_type, required, allowed_values, default_value, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: /admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise

organization_custom_property_definition.update: An organization custom property definition was updated.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, definition_id, property_name, old_values_editable_by, values_editable_by, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, old_allowed_values
リファレンス: /admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise

organization_custom_property_value

organization_custom_property_value.create: An organization's custom property value was manually set for the first time.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, definition_id, property_name, value, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: /admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise

organization_custom_property_value.destroy: An organization's custom property value was deleted.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, definition_id, property_name, value, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: /admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise

organization_default_label

organization_default_label.create: A default label was created for repositories in an organization.
フィールド: request_id, actor_id, actor, org, org_id, operation_type, _document_id, action, created_at, @timestamp, user_agent, request_access_security_header
リファレンス: /organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label

organization_default_label.destroy: A default label was deleted for repositories in an organization.
フィールド: operation_type, request_id, actor, @timestamp, _document_id, actor_id, org_id, org, action, created_at, user_agent
リファレンス: /organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label

organization_default_label.update: A default label was edited for repositories in an organization.
フィールド: org, created_at, @timestamp, actor, action, user_agent, actor_id, org_id, operation_type, request_id, _document_id
リファレンス: /organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label

organization_domain

organization_domain.approve: A domain was approved for an organization.
フィールド: user_agent, request_id, actor, actor_id, owner_type, domain_name, org_id, business_id, owner, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization

organization_domain.create: A domain was added to an organization.
フィールド: created_at, _document_id, domain_name, action, request_id, actor_id, operation_type, @timestamp, user_agent, actor
リファレンス: /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization

organization_domain.destroy: A domain was removed from an organization.
フィールド: action, domain_name, @timestamp, _document_id, user_agent, request_id, actor, actor_id, operation_type, created_at
リファレンス: /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain

organization_domain.verify: A domain was verified for an organization.
フィールド: operation_type, domain_name, @timestamp, user_agent, request_id, actor, action, created_at, _document_id, actor_id
リファレンス: /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization

organization_projects_change

organization_projects_change.clear: An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.
フィールド: actor, business_id, @timestamp, actor_id, user, user_id, action, user_agent, _document_id, created_at, operation_type, request_id, business
リファレンス: Enforcing policies for projects in your enterprise

organization_projects_change.disable: Organization projects were disabled for all organizations in an enterprise.
フィールド: org_id, action, user, org, created_at, user_agent, request_id, actor_id, operation_type, @timestamp, actor, user_id, _document_id
リファレンス: Enforcing policies for projects in your enterprise

organization_projects_change.enable: Organization projects were enabled for all organizations in an enterprise.
フィールド: actor_id, org_id, created_at, user_id, org, @timestamp, _document_id, user_agent, actor, request_id, user, action, operation_type
リファレンス: Enforcing policies for projects in your enterprise

organization_role

organization_role.assign: An organization role was assigned to a user or team.
フィールド: actor, actor_id, user_agent, request_id, organization_role_id, organization_role_name, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header
リファレンス: About custom organization roles

organization_role.create: A custom organization role was created in an organization.
フィールド: user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, name, owner, role_permissions, base_role, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: About custom organization roles

organization_role.destroy: A custom organization role was deleted in an organization.
フィールド: user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, name, owner, role_permissions, base_role, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: About custom organization roles

organization_role.revoke: A user or team was unassigned an organization role.
フィールド: actor, actor_id, user_agent, request_id, organization_role_id, organization_role_name, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: About custom organization roles

organization_role.update: A custom organization role was edited in an organization.
フィールド: user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, name, owner, role_permissions, base_role, old_role_permissions, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, old_base_role
リファレンス: About custom organization roles

organization_wide_project_base_role

organization_wide_project_base_role.update: An organization's default project base role was updated.
フィールド: actor, actor_id, user_agent, request_id, old_project_base_role, new_project_base_role, business, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

packages

packages.package_deleted: An entire package was deleted.
フィールド: actor_id, actor, org, org_id, repo, repo_id, package, action, operation_type, @timestamp, created_at, _document_id, business, business_id, actor_is_bot
リファレンス: /packages/learn-github-packages/deleting-and-restoring-a-package

packages.package_published: A package was published or republished to an organization.
フィールド: actor_id, actor, org, org_id, repo, repo_id, package, ecosystem, version_count, is_republished, action, operation_type, @timestamp, created_at, _document_id, business, business_id, actor_is_bot

packages.package_version_deleted: A specific package version was deleted.
フィールド: actor_id, actor, org, org_id, repo, repo_id, package, version, action, operation_type, @timestamp, created_at, _document_id, business, business_id, ecosystem, actor_is_bot
リファレンス: /packages/learn-github-packages/deleting-and-restoring-a-package

packages.package_version_published: A specific package version was published or republished to a package.
フィールド: org_id, ecosystem, package, version, actor_id, user_agent, is_republished, actor, action, operation_type, @timestamp, created_at, _document_id, business, business_id, actor_is_bot

pages_protected_domain

pages_protected_domain.create: A GitHub Pages verified domain was created for an organization or enterprise.
フィールド: user_agent, request_id, actor, actor_id, owner, owner_type, domain, state, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

pages_protected_domain.delete: A GitHub Pages verified domain was deleted from an organization or enterprise.
フィールド: user_agent, request_id, actor, actor_id, owner, owner_type, domain, state, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

pages_protected_domain.verify: A GitHub Pages domain was verified for an organization or enterprise.
フィールド: user_agent, request_id, actor, actor_id, owner, owner_type, domain, state, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

payment_method

payment_method.create: A new payment method was added, such as a new credit card or PayPal account.
フィールド: user_agent, request_id, user, operation_type, user_id, _document_id, action, actor, actor_id, @timestamp, created_at, request_access_security_header

payment_method.remove: A payment method was removed.
フィールド: user, created_at, actor_id, @timestamp, user_id, action, operation_type, actor, _document_id, request_access_security_header

payment_method.update: An existing payment method was updated.
フィールド: operation_type, request_id, org_id, created_at, actor_id, @timestamp, action, actor, org, user_agent, _document_id, request_access_security_header

personal_access_token

personal_access_token.access_granted: A fine-grained personal access token was granted access to resources.
フィールド: user_agent, request_id, actor, actor_id, user_programmatic_access_id, user_programmatic_access_name, repository_selection, user, user_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization

personal_access_token.access_restriction_disabled: The configured restriction for access to resources via personal access tokens was disabled.
フィールド: actor, actor_id, user_agent, request_id, programmatic_access_type, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

personal_access_token.access_restriction_enabled: The configured restriction for access to resources via personal access tokens was enabled.
フィールド: actor, actor_id, user_agent, request_id, programmatic_access_type, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

personal_access_token.access_restriction_reset: The configured restriction for access to resources via personal access tokens was reset and delegated to organizations.
フィールド: actor, actor_id, user_agent, request_id, programmatic_access_type, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

personal_access_token.access_revoked: A fine-grained personal access token was revoked. The token can still read public organization resources.
フィールド: user_agent, request_id, actor, actor_id, user_programmatic_access_id, user_programmatic_access_name, repository_selection, user, user_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization

personal_access_token.auto_approve_grant_requests_disabled: Triggered when fine-grained personal access tokens can access organization resources without prior approval.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

personal_access_token.auto_approve_grant_requests_enabled: Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, user, user_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

personal_access_token.auto_approve_grant_requests_reset: Triggered when the enterprise delegates to the organizations when to require approval for fine-grained personal access tokens before the tokens can access organization resources.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, user, user_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

personal_access_token.expiration_limit_set: A personal access token expiration limit was set.
フィールド: actor, actor_id, user_agent, request_id, programmatic_access_type, token_expiration, old_token_expiration, exempt_administrators, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

personal_access_token.expiration_limit_unset: A personal access token expiration limit was unset.
フィールド: actor, actor_id, user_agent, request_id, programmatic_access_type, old_token_expiration, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

personal_access_token.request_cancelled: A pending request for a fine-grained personal access token to access organization resources was canceled.
フィールド: user_agent, request_id, actor, actor_id, user_programmatic_access_name, org, org_id, repository_selection, action, _document_id, @timestamp, created_at, operation_type, user_programmatic_access_request_id

personal_access_token.request_created: Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.
フィールド: user_agent, request_id, actor, actor_id, user_programmatic_access_id, user_programmatic_access_name, user, user_id, repository_selection, action, _document_id, @timestamp, created_at, operation_type, user_programmatic_access_request_id
リファレンス: /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization

personal_access_token.request_denied: A request for a fine-grained personal access token to access organization resources was denied.
フィールド: actor, actor_id, user_agent, request_id, user_programmatic_access_name, org, org_id, repository_selection, action, _document_id, @timestamp, created_at, operation_type, user_programmatic_access_request_id
リファレンス: /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization

prebuild_configuration

prebuild_configuration.create: A GitHub Codespaces prebuild configuration for a repository was created.
フィールド: user_agent, request_id, actor, actor_id, branch, repository, repository_id, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, public_repo
リファレンス: /codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds

prebuild_configuration.destroy: A GitHub Codespaces prebuild configuration for a repository was deleted.
フィールド: user_agent, request_id, actor, actor_id, branch, repository, repository_id, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, public_repo
リファレンス: /codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds

prebuild_configuration.run_triggered: A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.
フィールド: user_agent, request_id, actor, actor_id, branch, repository, repository_id, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, public_repo
リファレンス: /codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds

prebuild_configuration.update: A GitHub Codespaces prebuild configuration for a repository was edited.
フィールド: user_agent, request_id, actor, actor_id, branch, repository, repository_id, org, org_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, public_repo
リファレンス: /codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds

private_repository_forking

private_repository_forking.clear: An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.
フィールド: user_agent, user_id, action, operation_type, @timestamp, business_id, actor_id, user, business, request_id, actor, created_at, _document_id

private_repository_forking.disable: An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.
フィールド: repo_id, created_at, actor_id, _document_id, actor, user, repo, action, user_agent, @timestamp, org, operation_type, request_id, user_id, org_id, programmatic_access_type, request_access_security_header

private_repository_forking.enable: An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.
フィールド: actor_id, user_id, operation_type, _document_id, action, @timestamp, repo, org, business, user_agent, request_id, actor, repo_id, user, org_id, created_at, business_id

profile_picture

profile_picture.update: A profile picture was updated.
フィールド: user, actor_id, user_id, @timestamp, created_at, owner, action, _document_id, request_id, user_agent, actor, operation_type
リファレンス: Personalize your profile

project

project.access: A project board visibility was changed.
フィールド: actor_id, actor, user_agent, operation_type, user, created_at, user_id, action, request_id, _document_id, @timestamp

project.close: A project board was closed.
フィールド: org_id, user_agent, request_id, operation_type, @timestamp, created_at, repo_id, org, _document_id, project_id, action, actor, actor_id, repo, project_kind
リファレンス: Closing a project (classic)

project.create: A project board was created.
フィールド: operation_type, user, _document_id, request_id, user_id, user_agent, @timestamp, actor_id, action, created_at, actor

project.delete: A project board was deleted.
フィールド: request_id, action, actor_id, operation_type, actor, user_id, @timestamp, created_at, _document_id, user_agent, user

project.link: A repository was linked to a project board.
フィールド: repo_id, action, actor_id, org_id, user_agent, request_id, actor, operation_type, @timestamp, _document_id, created_at, org, repo

project.open: A project board was reopened.
フィールド: actor, request_id, actor_id, action, user_id, project_id, _document_id, user_agent, operation_type, user, @timestamp, created_at, project_kind, project_name
リファレンス: Reopening a closed project (classic)

project.rename: A project board was renamed.
フィールド: action, created_at, request_id, actor_id, old_name, operation_type, @timestamp, repo, _document_id, user_agent, org_id, business_id, actor, repo_id, org, business

project.unlink: A repository was unlinked from a project board.
フィールド: repo, repo_id, operation_type, actor, action, created_at, actor_id, _document_id, request_id, @timestamp, user_agent, org, org_id

project.update_org_permission: The project's base-level permission for all organization members was changed or removed.
フィールド: actor, org, @timestamp, _document_id, operation_type, created_at, request_id, actor_id, action, org_id, user_agent

project.update_team_permission: A team's project board permission level was changed or when a team was added or removed from a project board.
フィールド: created_at, org_id, operation_type, org, actor_id, _document_id, request_id, team, @timestamp, action, user_agent, actor

project.update_user_permission: A user was added to or removed from a project board or had their permission level changed.
フィールド: request_id, user_id, operation_type, @timestamp, actor_id, user, user_agent, actor, created_at, org, _document_id, org_id, action, programmatic_access_type

project.visibility_private: A project's visibility was changed from public to private.
フィールド: user_agent, request_id, actor, actor_id, project_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, project_kind, project_name

project.visibility_public: A project's visibility was changed from private to public.
フィールド: user_agent, request_id, actor, actor_id, project_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, project_kind, project_name, request_access_security_header

project_base_role

project_base_role.update: A project's base role was updated.
フィールド: actor, actor_id, user_agent, request_id, old_project_base_role, new_project_base_role, project_number, public_project, business, project_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

project_collaborator

project_collaborator.add: A collaborator was added to a project.
フィールド: actor, actor_id, user_agent, request_id, collaborator_type, org, org_id, collaborator, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, public_project, project_name, project_role, old_project_role, request_access_security_header

project_collaborator.remove: A collaborator was removed from a project.
フィールド: actor, actor_id, user_agent, request_id, collaborator_type, user, user_id, collaborator, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

project_collaborator.update: A project collaborator's permission level was changed.
フィールド: actor, actor_id, user_agent, request_id, public_project, project_name, collaborator_type, project_role, old_project_role, project_id, user, user_id, collaborator, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

project_field

project_field.create: A field was created in a project board.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /issues/planning-and-tracking-with-projects/understanding-fields

project_field.delete: A field was deleted in a project board.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields

project_view

project_view.create: A view was created in a project board.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views

project_view.delete: A view was deleted in a project board.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views

protected_branch

protected_branch.authorized_users_teams: The users, teams, or integrations allowed to bypass a branch protection were changed.
フィールド: repo, action, org_id, user_agent, name, created_at, _document_id, operation_type, actor, repo_id, org, request_id, actor_id, oauth_application_id, @timestamp, programmatic_access_type
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches

protected_branch.branch_allowances: A protected branch allowance was given to a specific user, team or integration.
フィールド: user_agent, request_id, token_id, hashed_token, programmatic_access_type, actor, actor_id, name, authorized_actors, policy, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header

protected_branch.create: Branch protection was enabled on a branch.
フィールド: operation_type, repo_id, user_id, @timestamp, user_agent, repo, name, org_id, user, _document_id, request_id, actor, actor_id, org, action, created_at, authorized_actor_names, token_scopes, required_deployments_enforcement_level, merge_queue_enforcement_level, create_protected

protected_branch.destroy: Branch protection was disabled on a branch.
フィールド: name, repo, @timestamp, actor, org, actor_id, request_id, repo_id, org_id, operation_type, action, user_agent, created_at, _document_id, token_scopes, required_deployments_enforcement_level, merge_queue_enforcement_level, create_protected

protected_branch.dismiss_stale_reviews: Enforcement of dismissing stale pull requests was updated on a branch.
フィールド: user_agent, dismiss_stale_reviews_on_push, org_id, action, created_at, request_id, _document_id, @timestamp, actor_id, repo_id, operation_type, actor, repo, org, name, programmatic_access_type

protected_branch.dismissal_restricted_users_teams: Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.
フィールド: repo, repo_id, actor, oauth_application_id, authorized_actors_only, authorized_actors, created_at, user_agent, name, _document_id, org_id, request_id, @timestamp, actor_id, org, action, operation_type, programmatic_access_type

protected_branch.policy_override: A branch protection requirement was overridden by a repository administrator.
フィールド: repo_id, created_at, actor, reasons, @timestamp, before, after, actor_id, repo, operation_type, user_agent, branch, overridden_codes, org, org_id, action, _document_id, request_id, referrer, business, business_id, deploy_key_fingerprint, token_scopes, programmatic_access_type, compliant_pull_request_ids, rule_suite_id

protected_branch.rejected_ref_update: A branch update attempt was rejected.
フィールド: repo, org, @timestamp, created_at, _document_id, business, org_id, operation_type, request_id, repo_id, actor, branch, before, overridden_codes, after, action, reasons, actor_id, business_id, deploy_key_fingerprint, token_scopes, programmatic_access_type, compliant_pull_request_ids, actor_is_bot, rule_suite_id

protected_branch.update_admin_enforced: Branch protection was enforced for repository administrators.
フィールド: request_id, actor_id, admin_enforced, operation_type, user_agent, actor, org, name, repo, @timestamp, action, repo_id, org_id, _document_id, created_at, token_scopes, programmatic_access_type

protected_branch.update_allow_force_pushes_enforcement_level: Force pushes were enabled or disabled for a branch.
フィールド: org_id, actor_id, name, _document_id, actor, repo, operation_type, request_id, allow_force_pushes_enforcement_level, @timestamp, org, action, created_at, user_agent, repo_id, token_scopes, programmatic_access_type

protected_branch.update_ignore_approvals_from_contributors: Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.
フィールド: actor, actor_id, user_agent, request_id, name, ignore_approvals_from_contributors, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule

protected_branch.update_lock_allows_fetch_and_merge: Fork syncing was enabled or disabled for a read-only branch
フィールド: actor, actor_id, user_agent, request_id, name, lock_allows_fetch_and_merge, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, programmatic_access_type, request_access_security_header
リファレンス: repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch

protected_branch.update_lock_branch_enforcement_level: The enforcement of a branch lock was updated.
フィールド: actor, actor_id, user_agent, request_id, name, enforcement_level, lock_branch_enforcement_level, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, programmatic_access_type, request_access_security_header
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch

protected_branch.update_merge_queue_enforcement_level: Enforcement of the merge queue was modified for a branch.
フィールド: actor, actor_id, user_agent, request_id, name, merge_queue_enforcement_level, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue

protected_branch.update_name: A branch name pattern was updated for a branch.
フィールド: user_agent, request_id, actor, actor_id, name, old_name, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, request_access_security_header

protected_branch.update_pull_request_reviews_enforcement_level: Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).
フィールド: name, org_id, _document_id, actor_id, @timestamp, business_id, request_id, pull_request_reviews_enforcement_level, org, repo, action, business, user_agent, created_at, repo_id, operation_type, actor, token_scopes, programmatic_access_type

protected_branch.update_require_code_owner_review: Enforcement of required code owner review was updated for a branch.
フィールド: org_id, created_at, require_code_owner_review, operation_type, name, user_agent, action, @timestamp, actor, actor_id, repo, request_id, org, repo_id, _document_id, programmatic_access_type

protected_branch.update_require_last_push_approval: Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.
フィールド: actor, actor_id, user_agent, request_id, name, require_last_push_approval, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, programmatic_access_type, request_access_security_header
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging

protected_branch.update_required_approving_review_count: Enforcement of the required number of approvals before merging was updated on a branch.
フィールド: required_approving_review_count, repo, request_id, repo_id, created_at, actor, operation_type, user_agent, name, org_id, action, actor_id, _document_id, org, @timestamp, programmatic_access_type

protected_branch.update_required_status_checks_enforcement_level: Enforcement of required status checks was updated for a branch.
フィールド: actor, org_id, user_agent, @timestamp, _document_id, name, repo, action, business_id, repo_id, business, actor_id, operation_type, created_at, request_id, required_status_checks_enforcement_level, org, token_scopes, programmatic_access_type

protected_branch.update_signature_requirement_enforcement_level: Enforcement of required commit signing was updated for a branch.
フィールド: operation_type, name, @timestamp, created_at, _document_id, request_id, repo_id, org, org_id, action, actor, actor_id, signature_requirement_enforcement_level, repo, user_agent, programmatic_access_type

protected_branch.update_strict_required_status_checks_policy: Enforcement of required status checks was updated for a branch.
フィールド: request_id, actor_id, _document_id, org, @timestamp, created_at, repo_id, org_id, user_agent, name, actor, repo, operation_type, action, strict_required_status_checks_policy, programmatic_access_type

public_key

public_key.create: An SSH key was added to a user account or a deploy key was added to a repository.
フィールド: read_only, user_agent, actor_id, operation_type, created_at, _document_id, key, fingerprint, actor, action, user, user_id, @timestamp, request_id, title, token_scopes, programmatic_access_type
リファレンス: /authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account

public_key.delete: An SSH key was removed from a user account or a deploy key was removed from a repository.
フィールド: fingerprint, user_agent, read_only, explanation, repo, @timestamp, action, key, operation_type, _document_id, actor, title, request_id, actor_id, repo_id, created_at, token_scopes, programmatic_access_type
リファレンス: /authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys

public_key.unverification_failure: A user account's SSH key or a repository's deploy key was unable to be unverified.
フィールド: user_agent, request_id, title, key, fingerprint, read_only, user, user_id, action, _document_id, @timestamp, created_at, operation_type, token_scopes
リファレンス: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.unverify: A user account's SSH key or a repository's deploy key was unverified.
フィールド: created_at, operation_type, _document_id, title, request_id, key, action, actor, read_only, explanation, repo_id, @timestamp, actor_id, repo, user_agent, fingerprint
リファレンス: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.update: A user account's SSH key or a repository's deploy key was updated.
フィールド: actor, user_agent, key, fingerprint, read_only, repo_id, operation_type, created_at, actor_id, repo, action, _document_id, request_id, title, @timestamp, programmatic_access_type
リファレンス: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.verification_failure: A user account's SSH key or a repository's deploy key was unable to be verified.
フィールド: repo_id, actor, key, fingerprint, @timestamp, request_id, actor_id, oauth_application_id, title, action, user_agent, created_at, repo, read_only, operation_type, _document_id, user, user_id, programmatic_access_type
リファレンス: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.verify: A user account's SSH key or a repository's deploy key was verified.
フィールド: operation_type, user, @timestamp, _document_id, action, created_at, key, fingerprint, actor_id, actor, title, user_agent, user_id, request_id, read_only, token_scopes, programmatic_access_type
リファレンス: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

pull_request

pull_request.close: A pull request was closed without being merged.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type, actor_is_bot
リファレンス: /pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request

pull_request.converted_to_draft: A pull request was converted to a draft.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, business_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, token_scopes, programmatic_access_type, request_access_security_header
リファレンス: /pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft

pull_request.create: A pull request was created.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, user_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type, actor_is_bot, actor_is_agent
リファレンス: /pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request

pull_request.create_review_request: A review was requested on a pull request.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, business_id, org_id, reviewer_type, reviewer, reviewer_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type, actor_is_agent
リファレンス: /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews

pull_request.in_progress: A pull request was marked as in progress.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, business_id, action, operation_type, @timestamp, created_at, _document_id

pull_request.indirect_merge: A pull request was considered merged because the pull request's commits were merged into the target branch.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, business_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type

pull_request.merge: A pull request was merged.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, token_scopes, programmatic_access_type, actor_is_bot
リファレンス: /pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request

pull_request.ready_for_review: A pull request was marked as ready for review.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, business_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, token_scopes, programmatic_access_type, request_access_security_header
リファレンス: /pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review

pull_request.rebase: A pull request was rebased.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, pull_request_url, pull_request_title, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, programmatic_access_type, request_access_security_header

pull_request.remove_review_request: A review request was removed from a pull request.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, business_id, org_id, reviewer_type, reviewer, reviewer_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type
リファレンス: /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews

pull_request.reopen: A pull request was reopened after previously being closed.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type

pull_request_review_comment

pull_request_review_comment.create: A review comment was added to a pull request.
フィールド: user_agent, request_id, actor, actor_id, comment_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, request_access_security_header, actor_is_agent
リファレンス: /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews

pull_request_review_comment.delete: A review comment on a pull request was deleted.
フィールド: user_agent, actor, @timestamp, _document_id, repo, created_at, request_id, comment_id, actor_id, repo_id, action, operation_type, token_scopes, programmatic_access_type

pull_request_review_comment.update: A review comment on a pull request was changed.
フィールド: operation_type, user_agent, request_id, actor_id, action, created_at, actor, _document_id, @timestamp, comment_id, token_scopes, programmatic_access_type

pull_request_review

pull_request_review.delete: A review on a pull request was deleted.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, review_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, token_scopes, programmatic_access_type, request_access_security_header

pull_request_review.dismiss: A review on a pull request was dismissed.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, business_id, review_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type
リファレンス: /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review

pull_request_review.submit: A review on a pull request was submitted.
フィールド: user_agent, request_id, actor, actor_id, pull_request_id, review_id, action, operation_type, @timestamp, created_at, _document_id, pull_request_url, programmatic_access_type, actor_is_agent
リファレンス: /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review

repo

repo.access: The visibility of a repository changed.
フィールド: repo_id, user, request_id, operation_type, @timestamp, actor_id, user_id, created_at, user_agent, actor, action, repo, visibility, _document_id, previous_visibility, programmatic_access_type
リファレンス: /repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility

repo.actions_enabled: GitHub Actions was enabled for a repository.
フィールド: user_agent, request_id, actor, actor_id, created_at, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, token_scopes, programmatic_access_type
リファレンス: organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api

repo.add_member: A collaborator was added to a repository.
フィールド: visibility, repo, created_at, user_agent, operation_type, @timestamp, _document_id, actor, actor_id, repo_id, user, request_id, action, user_id, oauth_application_id, org, org_id, token_scopes, programmatic_access_type
リファレンス: Inviting collaborators to a personal repository

repo.add_topic: A topic was added to a repository.
フィールド: action, user_agent, actor, repo, repo_id, user, org, org_id, request_id, actor_id, topic, @timestamp, _document_id, user_id, created_at, operation_type, programmatic_access_type
リファレンス: /repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics

repo.advanced_security_disabled: GitHub Advanced Security was disabled for a repository.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, repository, repository_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, actor_is_bot, request_access_security_header
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository

repo.advanced_security_enabled: GitHub Advanced Security was enabled for a repository.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, repository, repository_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, actor_is_bot
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository

repo.archived: A repository was archived.
フィールド: repo_id, user_agent, user_id, created_at, @timestamp, repo, user, operation_type, visibility, action, actor_id, actor, _document_id, request_id, token_scopes, programmatic_access_type
リファレンス: /repositories/archiving-a-github-repository

repo.change_merge_setting: Pull request merge options were changed for a repository.
フィールド: actor, oauth_application_id, user_agent, request_id, created_at, @timestamp, _document_id, actor_id, operation_type, action, public_repo, token_scopes, programmatic_access_type, actor_is_bot

repo.code_scanning_analysis_deleted: Code scanning analysis for a repository was deleted.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, tool, category, request_access_security_header
リファレンス: /rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository

repo.code_scanning_autofix_disabled: Autofix for code scanning alerts was disabled for a repository.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

repo.code_scanning_autofix_enabled: Autofix for code scanning alerts was enabled for a repository.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

repo.code_scanning_autofix_third_party_tools_disabled: Autofix for third party tools for code scanning alerts was disabled for a repository.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

repo.code_scanning_autofix_third_party_tools_enabled: Autofix for third party tools for code scanning alerts was enabled for a repository.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

repo.code_scanning_configuration_for_branch_deleted: A code scanning configuration for a branch of a repository was deleted.
フィールド: actor, actor_id, user_agent, request_id, tool, branch, category, repo, repo_id, public_repo, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: Resolving code scanning alerts

repo.code_scanning_delegated_alert_dismissal_disabled: Prevention of direct alert dismissal for code scanning was disabled for a repository.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type

repo.code_scanning_delegated_alert_dismissal_enabled: Prevention of direct alert dismissal for code scanning was enabled for a repository.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type

repo.codeql_disabled: Code scanning using the default setup was disabled for a repository.
フィールド: user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, token_id, token_scopes, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning

repo.codeql_enabled: Code scanning using the default setup was enabled for a repository.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, query_suite, threat_model, languages, request_access_security_header
リファレンス: /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning

repo.codeql_updated: Code scanning using the default setup was updated for a repository.
フィールド: actor, actor_id, user_agent, request_id, query_suite, threat_model, languages, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning

repo.codespaces_trusted_repo_access_granted: GitHub Codespaces was granted trusted repository access to this repository.
フィールド: user_agent, request_id, actor, actor_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo

repo.codespaces_trusted_repo_access_revoked: GitHub Codespaces trusted repository access to this repository was revoked.
フィールド: user_agent, request_id, actor, actor_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id

repo.config.disable_collaborators_only: The interaction limit for collaborators only was disabled.
フィールド: user_agent, actor, actor_id, repo_id, _document_id, action, created_at, repo, operation_type, @timestamp, request_id
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.disable_contributors_only: The interaction limit for prior contributors only was disabled in a repository.
フィールド: repo, @timestamp, request_id, actor, _document_id, user_agent, actor_id, repo_id, action, operation_type, created_at
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.disable_sockpuppet_disallowed: The interaction limit for existing users only was disabled in a repository.
フィールド: actor, request_id, repo_id, action, user_agent, _document_id, @timestamp, created_at, actor_id, repo, operation_type
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.enable_collaborators_only: The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.
フィールド: actor, oauth_application_id, created_at, action, request_id, repo_id, repo, @timestamp, _document_id, user_agent, actor_id, operation_type
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.enable_contributors_only: The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.
フィールド: user_agent, request_id, operation_type, created_at, actor, org, action, actor_id, repo, repo_id, org_id, @timestamp, _document_id
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.enable_sockpuppet_disallowed: The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.
フィールド: actor, operation_type, created_at, user_agent, request_id, action, actor_id, repo, repo_id, @timestamp, _document_id
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.configure_self_hosted_jit_runner: A new just-in-time GitHub Actions self-hosted runner was configured
フィールド: user_agent, request_id, hashed_token, programmatic_access_type, actor, actor_id, oauth_application_id, token_id, token_scopes, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository

repo.create: A repository was created.
フィールド: repo, user_id, visibility, repo_id, user, request_id, actor_id, action, operation_type, request_category, @timestamp, created_at, _document_id, actor, user_agent, org, oauth_application_id, org_id, request_method, business, business_id, public_repo, token_scopes, programmatic_access_type, actor_is_bot
リファレンス: /repositories/creating-and-managing-repositories/creating-a-new-repository

repo.create_actions_secret: A GitHub Actions secret was created for a repository.
フィールド: user_agent, request_id, actor, actor_id, key, repo, repo_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type
リファレンス: Using secrets in GitHub Actions

repo.create_actions_variable: A GitHub Actions variable was created for a repository.
フィールド: actor, actor_id, user_agent, request_id, key, visibility, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
リファレンス: Store information in variables

repo.create_integration_secret: A Codespaces or Dependabot secret was created for a repository.
フィールド: user_agent, request_id, actor, actor_id, key, visibility, integration, repo, repo_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, request_access_security_header

repo.destroy: A repository was deleted.
フィールド: repo, _document_id, user_agent, user_id, actor, action, user, repo_id, operation_type, request_category, actor_id, visibility, request_id, created_at, @timestamp, request_method, oauth_application_id, token_scopes, programmatic_access_type, actor_is_bot
リファレンス: /repositories/creating-and-managing-repositories/deleting-a-repository

repo.download_zip: A source code archive of a repository was downloaded as a ZIP file.
フィールド: user_agent, request_id, actor, actor_id, visibility, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, public_repo, token_scopes, programmatic_access_type, actor_is_bot
リファレンス: /repositories/working-with-files/using-files/downloading-source-code-archives

repo.immutable_releases_settings_disabled: The setting for immutable releases was disabled for a repository.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, visibility, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot

repo.immutable_releases_settings_enabled: The setting for immutable releases was enabled for a repository.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, visibility, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

repo.pages_cname: A GitHub Pages custom domain was modified in a repository.
フィールド: actor, @timestamp, visibility, repo, repo_id, user, request_id, actor_id, cname, user_agent, user_id, created_at, _document_id, action, operation_type, old_cname, programmatic_access_type

repo.pages_create: A GitHub Pages site was created.
フィールド: actor_id, user, _document_id, user_id, visibility, action, user_agent, operation_type, repo_id, created_at, @timestamp, request_id, actor, repo, programmatic_access_type

repo.pages_destroy: A GitHub Pages site was deleted.
フィールド: created_at, user_id, action, request_id, user, repo, user_agent, _document_id, actor_id, @timestamp, actor, visibility, operation_type, repo_id, programmatic_access_type

repo.pages_https_redirect_disabled: HTTPS redirects were disabled for a GitHub Pages site.
フィールド: user, actor_id, repo_id, _document_id, user_agent, actor, visibility, user_id, request_id, repo, @timestamp, operation_type, action, created_at, programmatic_access_type, request_access_security_header

repo.pages_https_redirect_enabled: HTTPS redirects were enabled for a GitHub Pages site.
フィールド: request_id, @timestamp, user_agent, user_id, created_at, visibility, actor, actor_id, user, operation_type, repo_id, action, repo, _document_id, request_access_security_header

repo.pages_private: A GitHub Pages site visibility was changed to private.
フィールド: user_agent, request_id, actor, actor_id, visibility, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id

repo.pages_public: A GitHub Pages site visibility was changed to public.
フィールド: user_agent, request_id, actor, actor_id, visibility, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header

repo.pages_soft_delete: A GitHub Pages site was soft-deleted because its owner's plan changed.
フィールド: visibility, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

repo.pages_soft_delete_restore: A GitHub Pages site that was previously soft-deleted was restored.
フィールド: actor, actor_id, user_agent, request_id, visibility, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

repo.pages_source: A GitHub Pages source was modified.
フィールド: user_id, actor_id, operation_type, user_agent, actor, @timestamp, repo_id, user, _document_id, request_id, visibility, repo, created_at, action, programmatic_access_type

repo.register_self_hosted_runner: A new self-hosted runner was registered.
フィールド: actor_id, repo, operation_type, action, @timestamp, actor, user_agent, created_at, _document_id, request_id, repo_id, request_access_security_header
リファレンス: Adding self-hosted runners

repo.remove_actions_secret: A GitHub Actions secret was deleted for a repository.
フィールド: user_agent, request_id, actor, actor_id, key, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type
リファレンス: Using secrets in GitHub Actions

repo.remove_actions_variable: A GitHub Actions variable was deleted for a repository.
フィールド: actor, actor_id, user_agent, request_id, key, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
リファレンス: Store information in variables

repo.remove_integration_secret: A Codespaces or Dependabot secret was deleted for a repository.
フィールド: user_agent, request_id, actor, actor_id, key, integration, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, request_access_security_header

repo.remove_member: A collaborator was removed from a repository.
フィールド: request_id, user, business, action, actor_id, org, org_id, actor, created_at, repo_id, user_agent, business_id, user_id, operation_type, @timestamp, _document_id, visibility, repo, token_scopes, programmatic_access_type
リファレンス: Removing a collaborator from a personal repository

repo.remove_self_hosted_runner: A self-hosted runner was removed.
フィールド: request_id, actor_id, repo_id, @timestamp, _document_id, repo, org_id, action, operation_type, user_agent, actor, created_at, org, token_scopes, programmatic_access_type
リファレンス: Removing self-hosted runners

repo.remove_topic: A topic was removed from a repository.
フィールド: user, action, repo_id, user_agent, topic, operation_type, user_id, org, org_id, actor, business, request_id, repo, @timestamp, created_at, _document_id, actor_id, business_id, programmatic_access_type

repo.rename: A repository was renamed.
フィールド: user_agent, @timestamp, request_id, actor_id, actor, old_name, repo, user_id, created_at, user, action, operation_type, visibility, repo_id, _document_id, programmatic_access_type
リファレンス: /repositories/creating-and-managing-repositories/renaming-a-repository

repo.self_hosted_runner_offline: The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: repo_id, repo, org_id, org, runner_id, runner_name, action, _document_id, operation_type, created_at, @timestamp
リファレンス: Monitoring and troubleshooting self-hosted runners

repo.self_hosted_runner_online: The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: repo_id, repo, org_id, org, runner_id, runner_name, action, _document_id, operation_type, created_at, @timestamp
リファレンス: Monitoring and troubleshooting self-hosted runners

repo.self_hosted_runner_updated: The runner application was updated. This event is not included in the JSON/CSV export.
フィールド: repo_id, runner_id, runner_name, source_version, target_version, runner_group_id, runner_group_name
リファレンス: Self-hosted runners

repo.set_actions_cache_retention_policy: The cache retention policy for GitHub Actions was set for a repository.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, visibility, repo, repo_id, public_repo, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository

repo.set_actions_cache_storage_policy: The cache storage policy for GitHub Actions was set for a repository.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, visibility, repo, repo_id, public_repo, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository

repo.set_actions_fork_pr_approvals_policy: The setting for requiring approvals for workflows from public forks was changed for a repository.
フィールド: user_agent, request_id, actor, actor_id, visibility, policy, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, public_repo
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks

repo.set_actions_private_fork_pr_approvals_policy: The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.
フィールド: actor, actor_id, user_agent, request_id, visibility, policy, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories

repo.set_actions_retention_limit: The retention period for GitHub Actions artifacts and logs in a repository was changed.
フィールド: user_agent, request_id, actor, actor_id, visibility, limit, repo, repo_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository

repo.set_default_workflow_permissions: The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.
フィールド: actor, actor_id, user_agent, request_id, visibility, repo, repo_id, public_repo, user, user_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository

repo.set_fork_pr_workflows_policy: Triggered when the policy for workflows on private repository forks is changed.
フィールド: user_agent, request_id, actor, actor_id, visibility, policy, repo, repo_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks

repo.set_workflow_permission_can_approve_pr: The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.
フィールド: actor, actor_id, user_agent, request_id, visibility, repo, repo_id, public_repo, user, user_id, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests

repo.staff_unlock: An enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.
フィールド: @timestamp, _document_id, user_agent, actor_id, created_at, actor, repo_id, action, org, org_id, request_id, repo, operation_type

repo.temporary_access_granted: Temporary access was enabled for a repository.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: Accessing user-owned repositories in your enterprise

repo.transfer: A user accepted a request to receive a transferred repository.
フィールド: @timestamp, user_id, _document_id, request_id, actor_id, repo_id, owner, user, old_user, action, operation_type, created_at, user_agent, repo, visibility, repo_was, actor
リファレンス: /repositories/creating-and-managing-repositories/transferring-a-repository

repo.transfer_outgoing: A repository was transferred to another repository network.
フィールド: user_agent, request_id, actor, actor_id, repo, repo_id, new_nwo, visibility, org, org_id, action, _document_id, @timestamp, created_at, operation_type, public_repo, request_access_security_header

repo.transfer_start: A user sent a request to transfer a repository to another user or organization.
フィールド: @timestamp, _document_id, operation_type, user_id, request_id, user, action, user_agent, created_at, actor, visibility, repo_id, actor_id, repo, request_access_security_header

repo.unarchived: A repository was unarchived.
フィールド: actor, request_id, actor_id, repo, operation_type, created_at, _document_id, repo_id, user, @timestamp, visibility, user_agent, user_id, action, programmatic_access_type
リファレンス: /repositories/archiving-a-github-repository

repo.update_actions_access_settings: The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.
フィールド: user_agent, request_id, actor, actor_id, visibility, policy, old_policy, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id

repo.update_actions_secret: A GitHub Actions secret was updated for a repository.
フィールド: user_agent, request_id, actor, actor_id, oauth_application_id, key, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id, token_scopes, programmatic_access_type
リファレンス: Using secrets in GitHub Actions

repo.update_actions_settings: A repository administrator changed GitHub Actions policy settings for a repository.
フィールド: user_agent, request_id, actor, actor_id, visibility, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, new_policy, old_policy, updated_access_policy, programmatic_access_type, actor_is_bot

repo.update_actions_variable: A GitHub Actions variable was updated for a repository.
フィールド: actor, actor_id, user_agent, request_id, key, visibility, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, request_access_security_header
リファレンス: Store information in variables

repo.update_default_branch: The default branch for a repository was changed.
フィールド: user_agent, request_id, actor, actor_id, visibility, repo, repo_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes, programmatic_access_type, actor_is_bot

repo.update_integration_secret: A Codespaces or Dependabot secret was updated for a repository.
フィールド: user_agent, request_id, actor, actor_id, key, visibility, integration, repo, repo_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, token_scopes, programmatic_access_type, request_access_security_header

repo.update_member: A user's permission to a repository was changed.
フィールド: user_agent, action, _document_id, actor, repo_id, created_at, oauth_application_id, user, @timestamp, repo, operation_type, request_id, org_id, actor_id, visibility, old_permission, org, user_id, old_base_role, old_repo_permission, old_repo_base_role, new_repo_base_role, new_repo_permission, token_scopes, programmatic_access_type, actor_is_bot

repository_advisory

repository_advisory.close: Someone closed a security advisory.
フィールド: actor, repo, @timestamp, business, business_id, user_agent, actor_id, request_id, action, operation_type, created_at, repo_id, _document_id, org, org_id, request_access_security_header
リファレンス: /code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories

repository_advisory.cve_request: Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.
フィールド: repo_id, repo, org_id, actor, action, request_id, org, operation_type, @timestamp, user_agent, actor_id, _document_id, created_at

repository_advisory.github_broadcast: GitHub made a security advisory public in the GitHub Advisory Database.
フィールド: user_agent, request_id, actor, actor_id, repo, repo_id, action, operation_type, @timestamp, created_at, _document_id, public_repo

repository_advisory.github_withdraw: GitHub withdrew a security advisory that was published in error.
フィールド: user_agent, request_id, actor, actor_id, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id

repository_advisory.open: Someone opened a draft security advisory.
フィールド: operation_type, user_agent, actor_id, actor, repo, created_at, _document_id, repo_id, action, @timestamp, request_id, request_access_security_header

repository_advisory.publish: Someone published a security advisory.
フィールド: operation_type, user_agent, actor_id, @timestamp, actor, repo_id, _document_id, repo, business_id, business, request_id, action, created_at, org_id, org

repository_advisory.reopen: Someone reopened as draft security advisory.
フィールド: operation_type, user_agent, repo, action, created_at, @timestamp, request_id, actor_id, _document_id, actor, repo_id, public_repo

repository_advisory.update: Someone edited a draft or published security advisory.
フィールド: actor_id, repo_id, org_id, business, actor, user_agent, created_at, _document_id, business_id, repo, action, operation_type, org, @timestamp, request_id

repository_branch_protection_evaluation

repository_branch_protection_evaluation.disable: Branch protections were disabled for the repository.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, org, org_id, business_id, user, user_id, business, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule

repository_branch_protection_evaluation.enable: Branch protections were enabled for this repository.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, org, org_id, business_id, user, user_id, business, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule

repository_code_security

repository_code_security.disable: Code security was disabled for a repository.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot

repository_code_security.enable: Code security was enabled for a repository.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot

repository_content_analysis

repository_content_analysis.disable: Data use settings were disabled for a private repository.
フィールド: user, repo_id, request_id, actor_id, created_at, user_agent, action, operation_type, actor, repo, user_id, @timestamp, _document_id
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories

repository_content_analysis.enable: Data use settings were enabled for a private repository.
フィールド: user, org, user_id, repo_id, @timestamp, request_id, actor, action, operation_type, created_at, actor_id, repo, user_agent, org_id, _document_id
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories

repository_dependency_graph

repository_dependency_graph.disable: The dependency graph was disabled for a private repository.
フィールド: repo_id, operation_type, user_id, repo, _document_id, actor, user, action, @timestamp, org_id, actor_id, org, created_at, user_agent, request_id, programmatic_access_type, request_access_security_header
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-fea, tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories

repository_dependency_graph.enable: The dependency graph was enabled for a private repository.
フィールド: request_id, user, org, org_id, action, repo, user_id, created_at, user_agent, actor_id, repo_id, operation_type, actor, @timestamp, _document_id, public_repo, token_scopes, programmatic_access_type, actor_is_bot

repository_image

repository_image.create: An image to represent a repository was uploaded.
フィールド: user_agent, operation_type, created_at, actor_id, repo_id, action, request_id, actor, content_type, repo, @timestamp, _document_id, user, user_id, request_access_security_header

repository_image.destroy: An image to represent a repository was deleted.
フィールド: content_type, created_at, actor_id, user_id, operation_type, request_id, _document_id, actor, repo_id, user_agent, repo, user, action, @timestamp, request_access_security_header

repository_invitation

repository_invitation.accept: An invitation to join a repository was accepted.
フィールド: actor_id, created_at, request_id, repo, invitee, operation_type, actor, repo_id, _document_id, action, user_agent, inviter, @timestamp, token_scopes, programmatic_access_type

repository_invitation.cancel: An invitation to join a repository was canceled.
フィールド: inviter, action, operation_type, _document_id, repo_id, repo, @timestamp, user_agent, invitee, created_at, request_id, actor, actor_id, request_access_security_header

repository_invitation.create: An invitation to join a repository was sent.
フィールド: _document_id, actor, actor_id, @timestamp, invitee, action, request_id, inviter, repo, created_at, user_agent, repo_id, operation_type, token_scopes, programmatic_access_type

repository_invitation.reject: An invitation to join a repository was declined.
フィールド: repo, _document_id, actor, invitee, action, @timestamp, request_id, actor_id, operation_type, created_at, inviter, user_agent, repo_id

repository_projects_change

repository_projects_change.clear: The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.
フィールド: request_id, created_at, _document_id, action, user_agent, user, business_id, business, operation_type, actor, actor_id, user_id, @timestamp
リファレンス: Enforcing policies for projects in your enterprise

repository_projects_change.disable: Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.
フィールド: created_at, @timestamp, repo, action, operation_type, _document_id, actor_id, user, user_id, user_agent, repo_id, actor, request_id, programmatic_access_type

repository_projects_change.enable: Repository projects were enabled for a repository, all repositories in an organization, or all organizations in an enterprise.
フィールド: @timestamp, actor, repo_id, org, request_id, user, user_agent, created_at, org_id, action, user_id, operation_type, _document_id, actor_id, repo

repository_ruleset

repository_ruleset.create: A repository ruleset was created.
フィールド: actor, actor_id, user_agent, request_id, name, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules, ruleset_conditions, ruleset_bypass_actors, request_access_security_header
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository

repository_ruleset.destroy: A repository ruleset was deleted.
フィールド: actor, actor_id, user_agent, request_id, name, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules, ruleset_bypass_actors, request_access_security_header
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset

repository_ruleset.update: A repository ruleset was edited.
フィールド: actor, actor_id, user_agent, request_id, old_name, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules_updated, ruleset_conditions_added, ruleset_conditions_deleted, ruleset_old_enforcement, ruleset_rules_added, ruleset_rules_deleted, ruleset_old_name, ruleset_conditions_updated, ruleset_bypass_actors_added, ruleset_bypass_actors_deleted, ruleset_bypass_actors_updated, actor_is_bot
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset

repository_secret_scanning_automatic_validity_checks

repository_secret_scanning_automatic_validity_checks.disabled: Automatic partner validation checks have been disabled at the repository level
フィールド: actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository

repository_secret_scanning_automatic_validity_checks.enabled: Automatic partner validation checks have been enabled at the repository level
フィールド: actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository

repository_secret_scanning_custom_pattern

repository_secret_scanning_custom_pattern.create: A custom pattern was created for secret scanning in a repository.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, public_repo
リファレンス: Defining custom patterns for secret scanning

repository_secret_scanning_custom_pattern.delete: A custom pattern was removed from secret scanning in a repository.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, public_repo
リファレンス: Defining custom patterns for secret scanning

repository_secret_scanning_custom_pattern.publish: A custom pattern was published for secret scanning in a repository.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: Defining custom patterns for secret scanning

repository_secret_scanning_custom_pattern.update: Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, public_repo
リファレンス: Defining custom patterns for secret scanning

repository_secret_scanning_custom_pattern_push_protection

repository_secret_scanning_custom_pattern_push_protection.disabled: Push protection for a custom pattern for secret scanning was disabled for your repository.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id
リファレンス: Defining custom patterns for secret scanning

repository_secret_scanning_custom_pattern_push_protection.enabled: Push protection for a custom pattern for secret scanning was enabled for your repository.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: Defining custom patterns for secret scanning

repository_secret_scanning

repository_secret_scanning.disable: Secret scanning was disabled for a repository.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, public_repo, programmatic_access_type
リファレンス: About secret scanning

repository_secret_scanning.enable: Secret scanning was enabled for a repository.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, programmatic_access_type

repository_secret_scanning_generic_secrets

repository_secret_scanning_generic_secrets.disabled: Generic secrets have been disabled at the repository level
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

repository_secret_scanning_generic_secrets.enabled: Generic secrets have been enabled at the repository level
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot

repository_secret_scanning_non_provider_patterns

repository_secret_scanning_non_provider_patterns.disabled: Secret scanning for non-provider patterns was disabled at the repository level.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: Supported secret scanning patterns

repository_secret_scanning_non_provider_patterns.enabled: Secret scanning for non-provider patterns was enabled at the repository level.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: Supported secret scanning patterns

repository_secret_scanning_push_protection_bypass_list

repository_secret_scanning_push_protection_bypass_list.add: A role or team was added to the push protection bypass list at the repository level.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: About push protection

repository_secret_scanning_push_protection_bypass_list.disable: Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Specific roles or teams" to "Anyone with write access" at the repository level.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: About push protection

repository_secret_scanning_push_protection_bypass_list.enable: Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Anyone with write access" to "Specific roles or teams" at the repository level.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: About push protection

repository_secret_scanning_push_protection_bypass_list.remove: A role or team was removed from the push protection bypass list at the repository level.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header
リファレンス: About push protection

repository_secret_scanning_push_protection

repository_secret_scanning_push_protection.disable: Secret scanning push protection was disabled for a repository.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, public_repo, programmatic_access_type, request_access_security_header
リファレンス: About push protection

repository_secret_scanning_push_protection.enable: Secret scanning push protection was enabled for a repository.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, repo, repo_id, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, public_repo, programmatic_access_type, request_access_security_header
リファレンス: About push protection

repository_security_configuration

repository_security_configuration.applied: A code security configuration was applied to a repository.
フィールド: actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, repository_security_configuration_state, repository_security_configuration_failure_reason, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

repository_security_configuration.failed: A code security configuration failed to attach to the repository.
フィールド: actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, repository_security_configuration_failure_reason, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

repository_security_configuration.removed: A code security configuration was removed from a repository.
フィールド: actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, repository_security_configuration_state, repository_security_configuration_failure_reason, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

repository_security_configuration.removed_by_settings_change: A code security configuration was removed due to a change in repository or enterprise settings.
フィールド: actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, repository_security_configuration_state, repository_security_configuration_failure_reason, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

repository_visibility_change

repository_visibility_change.clear: The repository visibility change setting was cleared for an organization or enterprise.
フィールド: created_at, _document_id, request_id, actor_id, business, action, operation_type, user, user_id, business_id, @timestamp, user_agent, actor, request_access_security_header
リファレンス: /organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, Enforcing repository management policies in your enterprise

repository_visibility_change.disable: The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.
フィールド: user, org_id, created_at, user_agent, actor, actor_id, org, operation_type, _document_id, @timestamp, user_id, action, request_id, request_access_security_header

repository_visibility_change.enable: The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.
フィールド: actor, operation_type, _document_id, @timestamp, user_agent, user, created_at, org, org_id, action, actor_id, user_id, request_id

repository_vulnerability_alert

repository_vulnerability_alert.auto_dismiss: A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.
フィールド: actor, actor_id, user_agent, request_id, alert_id, alert_number, ghsa_id, action, repo, repo_id, public_repo, owner, org, org_id, _document_id, @timestamp, created_at, operation_type, business, business_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, request_access_security_header
リファレンス: About Dependabot auto-triage rules

repository_vulnerability_alert.auto_reopen: A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.
フィールド: actor, actor_id, user_agent, request_id, alert_id, alert_number, ghsa_id, action, repo, repo_id, public_repo, owner, org, org_id, _document_id, @timestamp, created_at, operation_type, business, business_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, request_access_security_header
リファレンス: About Dependabot auto-triage rules

repository_vulnerability_alert.create: GitHub created a Dependabot alert because the repository uses a vulnerable dependency.
フィールド: operation_type, request_id, repo_id, @timestamp, user_agent, alert_id, action, repo, created_at, _document_id, token_scopes, alert_number, programmatic_access_type
リファレンス: /code-security/dependabot/dependabot-alerts/about-dependabot-alerts

repository_vulnerability_alert.dismiss: A Dependabot alert was manually dismissed.
フィールド: repo_id, org_id, user_id, request_id, @timestamp, operation_type, user_agent, alert_id, actor, repo, created_at, org, _document_id, action, actor_id, dismiss_reason, user, dismiss_comment, alert_number, actor_is_bot

repository_vulnerability_alert.reintroduce: A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.
フィールド: user_agent, request_id, actor, actor_id, alert_id, created_at, action, repo, repo_id, public_repo, owner, _document_id, @timestamp, operation_type, token_scopes, alert_number

repository_vulnerability_alert.reopen: A Dependabot alert was manually reopened.
フィールド: user_agent, request_id, actor, actor_id, alert_id, created_at, action, repo, repo_id, owner, org, org_id, _document_id, @timestamp, operation_type, business, business_id, public_repo, alert_number, request_access_security_header

repository_vulnerability_alert.resolve: Changes were pushed to update and resolve a Dependabot alert in a project dependency.
フィールド: alert_id, repo, operation_type, action, repo_id, _document_id, user_agent, request_id, @timestamp, created_at, actor, actor_id, token_scopes, alert_number, programmatic_access_type

repository_vulnerability_alert.withdraw: A Dependabot alert was withdrawn.
フィールド: alert_id, alert_number, ghsa_id, created_at, active, action, repository_id, repo, repo_id, public_repo, owner, org, org_id, _document_id, @timestamp, operation_type

repository_vulnerability_alerts

repository_vulnerability_alerts.authorized_users_teams: The list of people or teams authorized to receive Dependabot alerts for the repository was updated.
フィールド: org, _document_id, repo, org_id, operation_type, created_at, actor, action, @timestamp, user_agent, repo_id, request_id, actor_id, request_access_security_header
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts

repository_vulnerability_alerts.disable: Dependabot alerts was disabled.
フィールド: repo, request_id, repo_id, action, actor_id, @timestamp, created_at, actor, user_agent, org_id, user, org, _document_id, user_id, operation_type, token_scopes, programmatic_access_type

repository_vulnerability_alerts.enable: Dependabot alerts was enabled.
フィールド: actor, user_agent, created_at, @timestamp, repo_id, action, user, repo, org, org_id, actor_id, _document_id, user_id, operation_type, request_id, token_scopes, programmatic_access_type, actor_is_bot

repository_vulnerability_alerts_auto_dismissal

repository_vulnerability_alerts_auto_dismissal.disable: Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id

repository_vulnerability_alerts_auto_dismissal.enable: Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

required_status_check

required_status_check.create: A status check was marked as required for a protected branch.
フィールド: org, actor_id, @timestamp, business, request_id, context, repo_id, action, repo, _document_id, operation_type, business_id, org_id, actor, created_at, user_agent, token_scopes, programmatic_access_type
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging

required_status_check.destroy: A status check was no longer marked as required for a protected branch.
フィールド: actor_id, actor, created_at, context, operation_type, @timestamp, request_id, org, user_agent, repo_id, org_id, action, _document_id, repo, programmatic_access_type
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging

restrict_notification_delivery

restrict_notification_delivery.disable: Email notification restrictions for an organization or enterprise were disabled.
フィールド: user_agent, request_id, actor, actor_id, business, business_id, owner, action, operation_type, @timestamp, created_at, _document_id
リファレンス: Restricting email notifications for your organization, Restricting email notifications for your enterprise

restrict_notification_delivery.enable: Email notification restrictions for an organization or enterprise were enabled.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, business_id, owner, action, operation_type, @timestamp, created_at, _document_id
リファレンス: Restricting email notifications for your organization, Restricting email notifications for your enterprise

role

role.create: A new custom repository role was created.
フィールド: user_agent, request_id, actor, actor_id, created_at, name, owner, base_role, org, org_id, business, business_id, action, operation_type, @timestamp, _document_id, role_permissions, old_role_permissions
リファレンス: Managing custom repository roles for an organization

role.destroy: A custom repository role was deleted.
フィールド: user_agent, request_id, actor, actor_id, created_at, name, owner, role_permissions, base_role, org, org_id, business, business_id, action, operation_type, @timestamp, _document_id
リファレンス: Managing custom repository roles for an organization

role.update: A custom repository role was edited.
フィールド: user_agent, request_id, actor, actor_id, name, owner, role_permissions, base_role, org, org_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, old_role_permissions, old_base_role
リファレンス: Managing custom repository roles for an organization

secret_scanning_alert

secret_scanning_alert.assign: A user was assigned to a secret scanning alert.
フィールド: repo_id, repo, actor_id, actor, org_id, org, business, business_id, number, secret_type, secret_type_display_name, publicly_leaked, multi_repo, created_at
リファレンス: /code-security/secret-scanning/managing-alerts-from-secret-scanning

secret_scanning_alert.create: GitHub detected a secret and created a secret scanning alert.
フィールド: repo_id, repo, actor_id, actor, org_id, org, business, business_id, number, secret_type, secret_type_display_name, publicly_leaked, multi_repo
リファレンス: /code-security/secret-scanning/managing-alerts-from-secret-scanning

secret_scanning_alert.public_leak: A secret scanning alert was leaked in a public repo.
フィールド: repo_id, repo, actor_id, actor, org_id, org, business, business_id, number, secret_type, secret_type_display_name, publicly_leaked, multi_repo, created_at
リファレンス: /code-security/secret-scanning/managing-alerts-from-secret-scanning

secret_scanning_alert.reopen: A secret scanning alert was reopened.
フィールド: user_agent, request_id, actor, actor_id, number, user, user_id, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, token_scopes, secret_type_display_name

secret_scanning_alert.report: A leaked secret was reported to the secret's provider by secret scanning.
フィールド: repo_id, repo, actor_id, actor, org_id, org, business, business_id, number, secret_type, created_at, secret_type_display_name, secret_type_provider, report_result
リファレンス: /code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts

secret_scanning_alert.resolve: A secret scanning alert was resolved.
フィールド: user_agent, request_id, actor, actor_id, number, resolution, user, user_id, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, token_scopes, secret_type, secret_type_display_name, publicly_leaked, multi_repo, request_access_security_header

secret_scanning_alert.revoke: A secret scanning alert was revoked.
フィールド: user_agent, request_id, actor, actor_id, number, user, user_id, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id

secret_scanning_alert.unassign: A user was unassigned from a secret scanning alert.
フィールド: repo_id, repo, actor_id, actor, org_id, org, business, business_id, number, secret_type, secret_type_display_name, publicly_leaked, multi_repo, created_at
リファレンス: /code-security/secret-scanning/managing-alerts-from-secret-scanning

secret_scanning_alert.validate: A secret scanning alert was validated.
フィールド: repo_id, repo, actor_id, actor, org_id, org, business, business_id, number, created_at, previous_validity, current_validity, secret_type, secret_type_display_name, publicly_leaked, multi_repo
リファレンス: /code-security/secret-scanning/managing-alerts-from-secret-scanning

secret_scanning_closure_request

secret_scanning_closure_request.approve: A request to close a secret scanning alert was approved by a user.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, number, alert_number, request_reviewer_comment, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot

secret_scanning_closure_request.deny: A request to close a secret scanning alert was denied by a user.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, number, alert_number, request_reviewer_comment, repo, repo_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot

secret_scanning

secret_scanning.disable: Secret scanning was disabled for all existing repositories.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id
リファレンス: About secret scanning

secret_scanning.enable: Secret scanning was enabled for all existing repositories.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
リファレンス: About secret scanning

secret_scanning_new_repos

secret_scanning_new_repos.disable: Secret scanning was disabled for all new repositories.
フィールド: user_agent, request_id, actor, actor_id, user, user_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes
リファレンス: About secret scanning

secret_scanning_new_repos.enable: Secret scanning was enabled for all new repositories.
フィールド: user_agent, request_id, actor, actor_id, created_at, user, user_id, org, org_id, action, operation_type, @timestamp, _document_id
リファレンス: About secret scanning

secret_scanning_push_protection

secret_scanning_push_protection.bypass: Triggered when a user bypasses the push protection on a secret detected by secret scanning.
フィールド: repo_id, repo, actor_id, actor, org_id, org, business, business_id, number, created_at, push_protection_bypass_reason, secret_type, secret_type_display_name, publicly_leaked, multi_repo, request_reviewer, request_reviewer_id
リファレンス: About push protection

secret_scanning_push_protection_request

secret_scanning_push_protection_request.approve: A request to bypass secret scanning push protection was approved by a user.
フィールド: actor, actor_id, user_agent, request_id, number, repository, repository_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: About push protection

secret_scanning_push_protection_request.cancel: A user canceled a request to bypass secret scanning push protection.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, number, repository, repository_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: Working with secret scanning and push protection

secret_scanning_push_protection_request.complete: A user pushed a commit containing a secret for which there is an approved secret scanning push protection bypass request.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, number, repository, repository_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot
リファレンス: Working with secret scanning and push protection

secret_scanning_push_protection_request.deny: A request to bypass secret scanning push protection was denied by a user.
フィールド: actor, actor_id, user_agent, request_id, number, repository, repository_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header, request_reviewer_comment
リファレンス: About push protection

secret_scanning_push_protection_request.request: A user requested to bypass secret scanning push protection.
フィールド: actor, actor_id, user_agent, request_id, number, repository, repository_id, public_repo, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header
リファレンス: Working with secret scanning and push protection

secret_scanning_scan

secret_scanning_scan.completed: A secret scanning scan has completed on this repository.
フィールド: repo_id, org_id, business_id, source, type, source_slug, type_slug, started_at, completed_at, repo, public_repo, org, business, action, _document_id, @timestamp, created_at, operation_type, secret_types, custom_pattern_name, custom_pattern_scope
リファレンス: About secret scanning

security_configuration

security_configuration.create: A security configuration was created
フィールド: actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, security_configuration_description, security_configuration_created_at, security_configuration_updated_at, security_configuration_enable_ghas, security_configuration_private_vulnerability_reporting, security_configuration_dependency_graph, security_configuration_dependabot_alerts, security_configuration_dependabot_security_updates, security_configuration_code_scanning, security_configuration_secret_scanning, security_configuration_secret_scanning_push_protection, security_configuration_secret_scanning_validity_checks, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, security_configuration_dependency_graph_autosubmit_action, security_configuration_secret_scanning_non_provider_patterns, security_configuration_secret_scanning_delegated_bypass, security_configuration_secret_scanning_generic_secrets, security_configuration_secret_scanning_delegated_alert_dismissal, security_configuration_code_scanning_delegated_alert_dismissal, security_configuration_code_security_sku_enabled, security_configuration_secret_protection_sku_enabled

security_configuration.delete: A security configuration was deleted
フィールド: actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, security_configuration_description, security_configuration_created_at, security_configuration_updated_at, security_configuration_enable_ghas, security_configuration_private_vulnerability_reporting, security_configuration_dependency_graph, security_configuration_dependabot_alerts, security_configuration_dependabot_security_updates, security_configuration_code_scanning, security_configuration_secret_scanning, security_configuration_secret_scanning_push_protection, security_configuration_secret_scanning_validity_checks, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, security_configuration_dependency_graph_autosubmit_action, security_configuration_secret_scanning_non_provider_patterns, security_configuration_secret_scanning_delegated_bypass, security_configuration_secret_scanning_delegated_alert_dismissal, security_configuration_code_scanning_delegated_alert_dismissal, security_configuration_code_security_sku_enabled, security_configuration_secret_protection_sku_enabled

security_configuration.update: A security configuration was updated
フィールド: actor, actor_id, user_agent, request_id, security_configuration_id, security_configuration_name, security_configuration_description, security_configuration_created_at, security_configuration_updated_at, security_configuration_enable_ghas, security_configuration_private_vulnerability_reporting, security_configuration_dependency_graph, security_configuration_dependabot_alerts, security_configuration_dependabot_security_updates, security_configuration_code_scanning, security_configuration_secret_scanning, security_configuration_secret_scanning_push_protection, security_configuration_secret_scanning_validity_checks, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, security_configuration_dependency_graph_autosubmit_action, security_configuration_secret_scanning_non_provider_patterns, security_configuration_secret_scanning_delegated_bypass, security_configuration_secret_scanning_generic_secrets, security_configuration_secret_scanning_delegated_alert_dismissal, security_configuration_code_scanning_delegated_alert_dismissal, security_configuration_code_security_sku_enabled, security_configuration_secret_protection_sku_enabled

security_configuration_default

security_configuration_default.delete: A default security configuration setting for new repositories was removed.
フィールド: actor, actor_id, user_agent, request_id, default_for_new_private_repos, default_for_new_public_repos, security_configuration_name, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot

security_configuration_default.update: A default security configuration setting for new repositories was updated.
フィールド: actor, actor_id, user_agent, request_id, default_for_new_private_repos, default_for_new_public_repos, security_configuration_name, org, org_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot

security_configuration_policy

security_configuration_policy.update: A security configuration policy was updated
フィールド: actor, actor_id, user_agent, request_id, enforcement, security_configuration_name, action, _document_id, @timestamp, created_at, operation_type

ssh_certificate_authority

ssh_certificate_authority.create: An SSH certificate authority for an organization or enterprise was created.
フィールド: @timestamp, _document_id, fingerprint, operation_type, openssh_public_key, org_id, actor, created_at, org, action, user_agent, actor_id, request_id
リファレンス: Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise

ssh_certificate_authority.destroy: An SSH certificate authority for an organization or enterprise was deleted.
フィールド: created_at, _document_id, fingerprint, operation_type, actor, org_id, openssh_public_key, org, action, user_agent, actor_id, @timestamp, request_id
リファレンス: Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise

ssh_certificate_requirement

ssh_certificate_requirement.disable: The requirement for members to use SSH certificates to access an organization resources was disabled.
フィールド: user, user_agent, operation_type, _document_id, request_id, org, org_id, created_at, actor, action, user_id, business, business_id, @timestamp, actor_id
リファレンス: Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise

ssh_certificate_requirement.enable: The requirement for members to use SSH certificates to access an organization resources was enabled.
フィールド: actor_id, user_id, org, operation_type, request_id, @timestamp, _document_id, actor, user, action, org_id, created_at, user_agent
リファレンス: Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise

sso_redirect

Note: Automatically redirecting users to sign in is currently in beta for Enterprise Managed Users and subject to change.

sso_redirect.disable: Automatic redirects for users to single sign-on (SSO) was disabled.
フィールド: user_agent, request_id, actor, actor_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

sso_redirect.enable: Automatic redirects for users to single sign-on (SSO) was enabled.
フィールド: user_agent, request_id, actor, actor_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type

staff

staff.set_domain_token_expiration: The verification code expiry time for an organization or enterprise domain was set.
フィールド: user_agent, request_id, actor, actor_id, owner_type, domain_name, business_id, token_expires_at, owner, action, operation_type, @timestamp, created_at, _document_id

staff.unverify_domain: An organization or enterprise domain was unverified.
フィールド: user_agent, request_id, actor, actor_id, created_at, owner_type, domain_name, owner, action, operation_type, @timestamp, _document_id

staff.verify_domain: An organization or enterprise domain was verified.
フィールド: user_agent, request_id, actor, actor_id, domain_name, action, operation_type, @timestamp, created_at, _document_id

team

team.add_member: A member of an organization was added to a team.
フィールド: user_agent, request_id, org_id, user_id, team, user, @timestamp, actor_id, created_at, operation_type, _document_id, org, action, actor, programmatic_access_type, team_type
リファレンス: /organizations/organizing-members-into-teams/adding-organization-members-to-a-team

team.add_repository: A team was given access and permissions to a repository.
フィールド: actor, team, action, operation_type, request_id, created_at, @timestamp, org, repo, actor_id, _document_id, repo_id, user_agent, org_id, token_scopes, programmatic_access_type, actor_is_bot

team.add_to_organization: A team was added to an organization.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, team_type, team, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

team.change_parent_team: A child team was created or a child team's parent was changed.
フィールド: org, @timestamp, created_at, _document_id, team, action, operation_type, actor, request_id, actor_id, user_agent, org_id, programmatic_access_type, request_access_security_header
リファレンス: /organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy

team.change_privacy: A team's privacy level was changed.
フィールド: user_agent, request_id, org, action, team, created_at, operation_type, actor_id, org_id, @timestamp, actor, _document_id, team_type
リファレンス: /organizations/organizing-members-into-teams/changing-team-visibility

team.create: A new team is created.
フィールド: request_id, actor_id, oauth_application_id, action, operation_type, @timestamp, org_id, user_agent, team, org, actor, created_at, _document_id, token_scopes, programmatic_access_type, team_type

team.demote_maintainer: A user was demoted from a team maintainer to a team member.
フィールド: user_agent, request_id, actor, actor_id, team, org, org_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, token_scopes
リファレンス: /organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member

team.destroy: A team was deleted.
フィールド: created_at, org, team, org_id, actor_id, actor, action, @timestamp, user_agent, request_id, operation_type, _document_id, programmatic_access_type, team_type

team.promote_maintainer: A user was promoted from a team member to a team maintainer.
フィールド: user_agent, request_id, actor, actor_id, team, org, org_id, user, user_id, action, operation_type, @timestamp, created_at, _document_id, programmatic_access_type, request_access_security_header
リファレンス: /organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer

team.remove_from_organization: A team was removed from an organization.
フィールド: actor, actor_id, user_agent, request_id, request_access_security_header, team_type, team, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot

team.remove_member: An organization member was removed from a team.
フィールド: request_id, operation_type, created_at, actor_id, org, org_id, team, user_id, actor, user, action, @timestamp, user_agent, _document_id, token_scopes, programmatic_access_type, team_type
リファレンス: /organizations/organizing-members-into-teams/removing-organization-members-from-a-team

team.remove_repository: A repository was removed from a team's control.
フィールド: request_id, org_id, repo, repo_id, action, _document_id, actor, @timestamp, actor_id, user_agent, created_at, team, org, operation_type, programmatic_access_type

team.rename: A team's name was changed.
フィールド: name, user_agent, created_at, team, operation_type, actor_id, org, action, request_id, actor, org_id, @timestamp, _document_id, programmatic_access_type, request_access_security_header, team_type

team.update_repository_permission: A team's permission to a repository was changed.
フィールド: actor_id, team, org_id, @timestamp, org, _document_id, old_permission, request_id, repo, action, repo_id, actor, operation_type, created_at, user_agent, permission, new_repo_permission, new_repo_base_role, old_repo_permission, old_repo_base_role, token_scopes, programmatic_access_type

team_discussions

team_discussions.clear: An organization owner cleared the setting to allow team discussions for an organization or enterprise.
フィールド: business_id, operation_type, @timestamp, user_agent, actor, actor_id, user, business, action, request_id, created_at, user_id, _document_id

team_discussions.disable: Team discussions were disabled for an organization.
フィールド: org_id, action, operation_type, request_id, actor, org, created_at, actor_id, user, user_id, @timestamp, user_agent, _document_id
リファレンス: Organizations and teams documentation

team_discussions.enable: Team discussions were enabled for an organization.
フィールド: actor_id, @timestamp, action, _document_id, user_agent, user_id, business_id, request_id, user, business, operation_type, actor, created_at

team_sync_tenant

team_sync_tenant.disabled: Team synchronization with a tenant was disabled.
フィールド: action, created_at, actor, request_id, org_id, actor_id, operation_type, _document_id, @timestamp, org, user_agent
リファレンス: Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise

team_sync_tenant.enabled: Team synchronization with a tenant was enabled.
フィールド: org_id, business_id, actor, created_at, user_agent, @timestamp, operation_type, business, actor_id, org, request_id, action, _document_id
リファレンス: Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise

team_sync_tenant.update_okta_credentials: The Okta credentials for team synchronization with a tenant were changed.
フィールド: user_agent, request_id, actor, actor_id, org, org_id, action, operation_type, @timestamp, created_at, _document_id, business, business_id

user_content_edit

user_content_edit.delete: Triggered when a user content edit is deleted.
フィールド: request_id, actor, user_content_id, user_content_type, created_at, user_agent, deleted_by, editor_id, _document_id, deleted_at, action, actor_id, editor, deleted_by_id, deleted_content, operation_type, @timestamp

user_email

user_email.confirm_claim: An enterprise managed user claimed an email address.
フィールド: actor, actor_id, user_agent, request_id, user, user_id, action, _document_id, @timestamp, created_at, operation_type, business, business_id, actor_is_bot, request_access_security_header

vulnerability_alert_rule

vulnerability_alert_rule.create: A Dependabot rule was created.
フィールド: actor, actor_id, user_agent, request_id, repo_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, action, _document_id, @timestamp, created_at, operation_type

vulnerability_alert_rule.delete: A Dependabot rule was deleted.
フィールド: actor, actor_id, user_agent, request_id, repo_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, action, _document_id, @timestamp, created_at, operation_type

vulnerability_alert_rule.disable: A Dependabot rule was disabled for a single repository or disabled by default for an organization.
フィールド: actor, actor_id, user_agent, request_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type

vulnerability_alert_rule.enable: A Dependabot rule was enabled for a single repository or enabled by default for an organization.
フィールド: actor, actor_id, user_agent, request_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, repo, repo_id, public_repo, action, _document_id, @timestamp, created_at, operation_type, request_access_security_header

vulnerability_alert_rule.force_disable: A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.
フィールド: actor, actor_id, user_agent, request_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, action, org, org_id, _document_id, @timestamp, created_at, operation_type, business, business_id

vulnerability_alert_rule.force_enable: A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.
フィールド: actor, actor_id, user_agent, request_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, action, org, org_id, _document_id, @timestamp, created_at, operation_type, business, business_id

vulnerability_alert_rule.update: A Dependabot rule's conditions, actions, or metadata changed.
フィールド: actor, actor_id, user_agent, request_id, repo_id, vulnerability_alert_rule_id, vulnerability_alert_rule_name, action, _document_id, @timestamp, created_at, operation_type

workflows

workflows.approve_workflow_job: A workflow job was approved.
フィールド: user_agent, request_id, actor, actor_id, workflow_run_id, run_number, user, user_id, repo, repo_id, business, business_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, token_scopes, programmatic_access_type, request_access_security_header
リファレンス: Reviewing deployments

workflows.cancel_workflow_run: A workflow run was cancelled.
フィールド: user_agent, request_id, actor, actor_id, created_at, started_at, event, name, workflow_run_id, head_branch, head_sha, run_number, cancelled_at, workflow_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, business, business_id, trigger_id, public_repo, programmatic_access_type, request_access_security_header
リファレンス: Canceling a workflow run

workflows.completed_workflow_run: A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: user_agent, request_id, actor, actor_id, created_at, started_at, event, name, workflow_run_id, head_branch, head_sha, completed_at, conclusion, run_number, workflow_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, business, business_id, trigger_id, run_attempt, programmatic_access_type, actor_is_bot, actor_is_agent
リファレンス: Viewing workflow run history

workflows.created_workflow_run: A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: user_agent, request_id, actor, actor_id, created_at, started_at, event, name, workflow_run_id, head_branch, head_sha, workflow_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, business, business_id, trigger_id, public_repo, programmatic_access_type, actor_is_bot, request_access_security_header, actor_is_agent
リファレンス: Understanding GitHub Actions

workflows.delete_workflow_run: A workflow run was deleted.
フィールド: user_agent, request_id, actor, actor_id, repo, repo_id, action, operation_type, @timestamp, created_at, _document_id, workflow_run_id, started_at, head_branch, head_sha, trigger_id, programmatic_access_type
リファレンス: Deleting a workflow run

workflows.disable_workflow: A workflow was disabled.
フィールド: user_agent, request_id, actor, actor_id, repo, repo_id, workflow_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, actor_is_bot, request_access_security_header

workflows.enable_workflow: A workflow was enabled, after previously being disabled by disable_workflow.
フィールド: user_agent, request_id, actor, actor_id, repo, repo_id, workflow_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, request_access_security_header

workflows.pin_workflow: A workflow was pinned.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, workflow_id, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

workflows.prepared_workflow_job: A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
フィールド: repo_id, repo, org_id, org, business_id, business, workflow_run_id, job_name, runner_labels, is_hosted_runner, environment_name, secrets_passed, action, _document_id, operation_type, created_at, @timestamp, runner_owner_type, job_workflow_ref, calling_workflow_refs, calling_workflow_shas, imposer_repo
リファレンス: Events that trigger workflows

workflows.reject_workflow_job: A workflow job was rejected.
フィールド: user_agent, request_id, actor, actor_id, workflow_run_id, run_number, user, user_id, repo, repo_id, action, operation_type, @timestamp, created_at, _document_id, public_repo, programmatic_access_type, request_access_security_header
リファレンス: Reviewing deployments

workflows.rerun_workflow_run: A workflow run was re-run.
フィールド: user_agent, request_id, actor, actor_id, created_at, started_at, event, name, workflow_run_id, head_branch, head_sha, run_number, workflow_id, repo, repo_id, org, org_id, action, operation_type, @timestamp, _document_id, business, business_id, trigger_id, run_attempt, rerun_type, check_run_id, programmatic_access_type, actor_is_bot
リファレンス: Re-running workflows and jobs

workflows.unpin_workflow: A workflow was unpinned after previously being pinned.
フィールド: actor, actor_id, user_agent, request_id, repo, repo_id, public_repo, workflow_id, org, org_id, business, business_id, action, _document_id, @timestamp, created_at, operation_type, actor_is_bot, request_access_security_header

エンタープライズの監査ログ イベント

この機能を使用できるユーザーについて

この記事の内容

エンタープライズの監査ログイベント