Skip to content

Adding CCP connector files for GitHub Audit log #12306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
v-utpalkumar wants to merge 7 commits into from
Closed

Adding CCP connector files for GitHub Audit log #12306

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
4af9e14
Adding 4 CCP files for GitHub Audit connector
v-utpalkumar Jun 11, 2025
517c28d
Update Solution_GitHub.json
v-utpalkumar Jun 11, 2025
e87258c
Columns 'Type' are invalid or reserved and is not allowed in customer…
v-utpalkumar Jun 11, 2025
6d84ba0
Repeated fields
v-utpalkumar Jun 11, 2025
ae0f044
Repeated fields
v-utpalkumar Jun 11, 2025
6d384aa
DCR field must be non-null with length between 0 and 60
v-utpalkumar Jun 11, 2025
7bea9a5
Fields removed from DCR
v-utpalkumar Jun 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
124 changes: 124 additions & 0 deletions ...tions/GitHub/Data Connectors/GitHubAuditLogs_CCP/GitHubAuditLogs_ConnectorDefinition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
{
"name": "{{workspace}}/Microsoft.SecurityInsights/GitHubAuditDefinitionV2",
"apiVersion": "2022-09-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
"location": "{{location}}",
"kind": "Customizable",
"properties": {
"connectorUiConfig": {
"id":"GitHubAuditDefinitionV2",
"title": "GitHub Enterprise Audit Log (Using REST API)",
"publisher": "Microsoft",
"descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Microsoft Sentinel. By connecting GitHub audit logs into Microsoft Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process. \n\n **Note:** If you intended to ingest GitHub subscribed events into Microsoft Sentinel, please refer to GitHub (using Webhooks) Connector from \"**Data Connectors**\" gallery.",
"graphQueriesTableName": "GitHubAuditLogsV2_CL",
"graphQueries": [
{
"metricName": "Total events received",
"legend": "GitHubAuditLogEvents",
"baseQuery": "{{graphQueriesTableName}}"
}
],
"sampleQueries": [
{
"description": "GitHub Audit Logs",
"query": "{{graphQueriesTableName}}\n | take 10"
}
],
"dataTypes": [
{
"name": "{{graphQueriesTableName}}",
"lastDataReceivedQuery": "{{graphQueriesTableName}}\n|summarize Time = max (TimeGenerated)\n|where isnotempty(Time)"
}
],
"connectivityCriteria": [
{
"type": "HasDataConnectors"
}
],
"availability": {
"isPreview": false
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "Read and Write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"read": true,
"delete": true
}
}
],
"customs": [
{
"name": "GitHub API personal access token",
"description": "You need a GitHub personal access token to enable polling for the organization audit log. You may use either a classic token with 'read:org' scope OR a fine-grained token with 'Administration: Read-only' scope."
},
{
"name": "GitHub Enterprise type",
"description": "This connector will only function with GitHub Enterprise Cloud; it will not support GitHub Enterprise Server."
}
]
},
"instructionSteps": [
{
"title": "Connect the GitHub Enterprise Organization-level Audit Log to Microsoft Sentinel",
"description": "Enable GitHub audit logs. \n Follow [this guide](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal access token.",
"instructions": [
{
"type": "DataConnectorsGrid",
"parameters": {
"mapping": [
{
"columnName": "Organization Name",
"columnValue": "properties.addOnAttributes.OrganizationName"
}
],
"menuItems": [
"DeleteConnector"
]
}
},
{
"type": "ContextPane",
"parameters": {
"isPrimary": true,
"label": "Add Organization",
"title": "Add Organization",
"subtitle": "Enter the credentials",
"contextPaneType": "DataConnectorsContextPane",
"instructionSteps": [
{
"instructions": [
{
"type": "Textbox",
"parameters": {
"label": "Organization Name",
"placeholder": "Enter Organization Name",
"type": "text",
"name": "organizationname"
}
},
{
"type": "Textbox",
"parameters": {
"label": "API Key",
"placeholder": "Enter API Key",
"type": "password",
"name": "apikey"
}
}
]
}
]
}
}
]
}
]
}
}
}
Loading
Loading