Azure · marjoriehahn · Nov 6, 2025 · Nov 6, 2025 · Nov 6, 2025
@@ -73,8 +73,8 @@
               "parameters": {
                 "mapping": [
                   {
-                    "columnName": "Enterprise Name",
-                    "columnValue": "properties.addOnAttributes.EnterpriseName"
+                    "columnName": "Github Enterprise URL",
+                    "columnValue": "properties.addOnAttributes.ApiUrl"
                   }
                 ],
                 "menuItems": [
@@ -96,11 +96,10 @@
                       {
                         "type": "Textbox",
                         "parameters": {
-                          "label": "Enterprise Name",
-                          "placeholder": "Enter Enterprise Name",
-                          "description": "Your enterprise profile URL is https://github.com/enterprises/yourenterprisename",
+                          "label": "Github Enterprise URL",
+                          "placeholder": "Your Github Enterprise URL",
                           "type": "text",
-                          "name": "enterprisename"
+                          "name": "apiUrl"
                         }
                       },
                       {

@@ -14,7 +14,7 @@
             },
             "dataType": "GitHubAuditLogsV2_CL",
             "addOnAttributes": {
-                "EnterpriseName": "{{enterprisename}}"
+                "ApiUrl": "{{apiUrl}}"
             },
             "response": {
                 "eventsJsonPaths": [
@@ -33,7 +33,7 @@
                 "type": "APIKey"
             },
             "request": {
-                "apiEndpoint": "https://api.github.com/enterprises/{{enterprisename}}/audit-log?include=all",
+                "apiEndpoint": "{{apiUrl}}/audit-log?include=all",
                 "rateLimitQPS": 50,
                 "queryWindowInMin": 15,
                 "httpMethod": "GET",

@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/GitHub.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/GitHub/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [GitHub](https://github.com/) Solution for Microsoft Sentinel enables you to easily ingest events and logs from GitHub to Microsoft Sentinel using GitHub audit log API and  webhooks. This enables you to view and analyze this data in your workbooks, query it to create custom alerts, and incorporate it to improve your investigation process, giving you more insight into your platform security.\n \n **Underlying Microsoft Technologies used:** \n \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n \n 1. [Codeless Connector Framework (CCF) (used in GitHub Enterprise Audit Log data connector)](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal) \n \n 2. [Azure Functions ](https://azure.microsoft.com/services/functions/#overview)\n\n<p><span style='color:red; font-weight:bold;'>NOTE</span>: Microsoft recommends installation of \"GitHubAuditDefinitionV2\" (via Codeless Connector Framework). This connector is build on the Codeless Connector Framework (CCF), which uses the Log Ingestion API, which replaces ingestion via the <a href='https://aka.ms/Sentinel-Logs_migration' style='color:#1890F1;'>deprecated HTTP Data Collector API</a>. CCF-based data connectors also support <a href='https://aka.ms/Sentinel-DCR_Overview' style='color:#1890F1;'>Data Collection Rules</a> (DCRs) offering transformations and enrichment.</p>\n\n<p><span style='color:red; font-weight:bold;'>Important</span>: While the updated connector(s) can coexist with their legacy versions, running them together will result in duplicated data ingestion. You can disable the older versions of these connectors to avoid duplication of data.</p>\n\n**Data Connectors:** 3, **Parsers:** 4, **Workbooks:** 2, **Analytic Rules:** 14, **Hunting Queries:** 8\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/GitHub.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/GitHub/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [GitHub](https://github.com/) Solution for Microsoft Sentinel enables you to easily ingest events and logs from GitHub to Microsoft Sentinel using GitHub audit log API and  webhooks. This enables you to view and analyze this data in your workbooks, query it to create custom alerts, and incorporate it to improve your investigation process, giving you more insight into your platform security.\n \n **Underlying Microsoft Technologies used:** \n \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n \n 1. [Codeless Connector Framework (CCF) (used in GitHub Enterprise Audit Log data connector)](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal) \n \n 2. [Azure Functions ](https://azure.microsoft.com/services/functions/#overview)\n\n<p><span style='color:red; font-weight:bold;'>NOTE</span>: Microsoft recommends installation of \"GitHubAuditDefinitionV2\" (via Codeless Connector Framework). This connector is build on the Codeless Connector Framework (CCF), which uses the Log Ingestion API, which replaces ingestion via the <a href='https://aka.ms/Sentinel-Logs_migration' style='color:#1890F1;'>deprecated HTTP Data Collector API</a>. CCF-based data connectors also support <a href='https://aka.ms/Sentinel-DCR_Overview' style='color:#1890F1;'>Data Collection Rules</a> (DCRs) offering transformations and enrichment.</p>\n\n<p><span style='color:red; font-weight:bold;'>Important</span>: While the updated connector(s) can coexist with their legacy versions, running them together will result in duplicated data ingestion. You can disable the older versions of these connectors to avoid duplication of data..</p>\n\n**Data Connectors:** 3, **Parsers:** 4, **Workbooks:** 2, **Analytic Rules:** 14, **Hunting Queries:** 8\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,7 +60,31 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This Solution installs the data connector for GitHub. You can get GitHub data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for GitHub Enterprise Audit Log (via Codeless Connector Framework) (Preview). You can get GitHub Enterprise Audit Log (via Codeless Connector Framework) (Preview) data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors-link1",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more about connecting data sources",
+                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+              }
+            }
+          },
+          {
+            "name": "dataconnectors2-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for GitHub. You can get GitHub custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors3-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for GitHub. You can get GitHub custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {