-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Expand file tree
/
Copy pathGitHubAuditLogs_PollerConfig.json
More file actions
54 lines (54 loc) · 1.98 KB
/
GitHubAuditLogs_PollerConfig.json
File metadata and controls
54 lines (54 loc) · 1.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
[
{
"name": "GitHubAuditLogsRequest",
"apiVersion": "2022-12-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectors",
"location": "{{location}}",
"kind": "RestApiPoller",
"properties": {
"connectorDefinitionName":"GitHubAuditDefinitionV2",
"dcrConfig": {
"dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
"dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}",
"streamName": "Custom-GitHubAuditLogs"
},
"dataType": "GitHubAuditLogsV2_CL",
"addOnAttributes": {
"ApiUrl": "[[replace(parameters('ApiUrl'), 'https://github.com/', 'https://api.github.com/')]"
},
"response": {
"eventsJsonPaths": [
"$"
],
"format": "json"
},
"paging": {
"pagingType": "LinkHeader",
"pageSizeParaName": "per_page"
},
"auth": {
"apiKeyName": "Authorization",
"ApiKey": "{{apikey}}",
"apiKeyIdentifier": "token",
"type": "APIKey"
},
"request": {
"apiEndpoint": "[[concat(replace(parameters('ApiUrl'), 'https://github.com/', 'https://api.github.com/'),'/audit-log?include=all')]",
"rateLimitQPS": 50,
"queryWindowInMin": 15,
"httpMethod": "GET",
"queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
"retryCount": 2,
"timeoutInSeconds": 60,
"headers": {
"Accept": "application/json",
"User-Agent": "Scuba"
},
"queryParameters": {
"phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}"
}
},
"isActive": true
}
}
]