Anki Narravula
GitHub
Коммит
9bf01a76ab
|
|
@ -20,7 +20,7 @@
|
|||
"title": "GitHub Enterprise Audit Log",
|
||||
"publisher": "GitHub",
|
||||
"descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.",
|
||||
"graphQueriesTableName": "GitHubAuditLogPolling_CL",
|
||||
"graphQueriesTableName": "GitHubAuditData",
|
||||
"graphQueries": [
|
||||
{
|
||||
"metricName": "Total events received",
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
id: 0b85a077-8ba5-4cb5-90f7-1e882afe10c5
|
||||
name: (Preview) GitHub - Oauth application - a client secret was removed
|
||||
description: |
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
id: 0b85a077-8ba5-4cb5-90f7-1e882afe10c2
|
||||
name: (Preview) GitHub - Repository was created
|
||||
description: |
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
id: 0b85a077-8ba5-4cb5-90f7-1e882afe10c3
|
||||
name: (Preview) GitHub - Repository was destroyed
|
||||
description: |
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
id: 0b85a077-8ba5-4cb5-90f7-1e882afe20c9
|
||||
name: (Preview) GitHub - User visibility Was changed
|
||||
description: |
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
id: 0b85a077-8ba5-4cb5-90f7-1e882afe10c4
|
||||
name: (Preview) GitHub - User was added to the organization
|
||||
description: |
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
id: 0b85a077-8ba5-4cb5-90f7-1e882afe10c8
|
||||
name: (Preview) GitHub - User was blocked
|
||||
description: |
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
id: 0b85a077-8ba5-4cb5-90f7-1e882afe40c9
|
||||
name: (Preview) GitHub - User was invited to the repository
|
||||
description: |
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
id: 0b85a077-8ba5-4cb5-90f7-1e882afe10c7
|
||||
name: (Preview) GitHub - pull request was created
|
||||
description: |
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
id: 0b85a077-8ba5-4cb5-90f7-1e882afe10c6
|
||||
name: (Preview) GitHub - pull request was merged
|
||||
description: |
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@
|
|||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "GitHubAuditLogPolling_CL \n| extend TimeGenerated = created_at_d\n| where action_s == \"org.add_member\" or action_s == \"org.remove_member\"\n| extend MemberName = actor_s\n| extend Action = iif(action_s==\"org.add_member\", \"Added\", \"Removed\")\n| extend Organization = org_s\n| sort by TimeGenerated desc\n| project MemberName, Action, Organization\n",
|
||||
"query": "GitHubAuditData \n| where Action == \"org.add_member\" or Action == \"org.remove_member\"\n| extend Action = iif(Action==\"org.add_member\", \"Added\", \"Removed\")\n| sort by TimeGenerated desc\n| project MemberName=Actor, Action, Organization\n",
|
||||
"size": 1,
|
||||
"title": "Members Added or Removed",
|
||||
"timeContext": {
|
||||
|
|
@ -100,7 +100,7 @@
|
|||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "GitHubAuditLogPolling_CL \r\n| extend TimeGenerated = created_at_d\r\n| where action_s == \"repo.create\"\r\n| extend RepoName = repo_s\r\n| extend Actor = actor_s\r\n| extend Private = visibility_s\r\n| sort by TimeGenerated desc\r\n| project RepoName, Actor, Private\r\n\r\n\r\n\r\n",
|
||||
"query": "GitHubAuditData \r\n| where Action == \"repo.create\"\r\n| sort by TimeGenerated desc\r\n| project Repository, Actor, Visibility\r\n\r\n\r\n\r\n",
|
||||
"size": 0,
|
||||
"title": "Repositories Created",
|
||||
"timeContext": {
|
||||
|
|
@ -117,7 +117,7 @@
|
|||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "GitHubAuditLogPolling_CL\r\n| extend TimeGenerated = created_at_d\r\n| where action_s == \"team.add_repository\" or action_s == \"team.remove_repository\"\r\n| extend Organization = org_s\r\n| extend RepoName = repo_s\r\n| extend Action = iif(action_s==\"team.add_repository\", \"Added\", \"Removed\")\r\n| sort by TimeGenerated desc\r\n| project Organization, RepoName, Action",
|
||||
"query": "GitHubAuditData \r\n| where Action == \"team.add_repository\" or Action == \"team.remove_repository\"\r\n| extend Action = iif(Action==\"team.add_repository\", \"Added\", \"Removed\")\r\n| sort by TimeGenerated desc\r\n| project Organization, Repository, Action",
|
||||
"size": 0,
|
||||
"title": "Teams Added/Removed Repository",
|
||||
"timeContext": {
|
||||
|
|
@ -134,7 +134,7 @@
|
|||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "GitHubAuditLogPolling_CL \r\n| extend TimeGenerated = created_at_d\r\n| where action_s == \"repo.access\" and visibility_s == \"PUBLIC\"\r\n| extend Organiation = org_s\r\n| extend Repo = repo_s\r\n| extend Actor = actor_s\r\n| sort by TimeGenerated desc\r\n| project Organiation, Repo, Actor\r\n",
|
||||
"query": "GitHubAuditData \r\n| where Action == \"repo.access\" and Visibility == \"PUBLIC\"\r\n| sort by TimeGenerated desc\r\n| project Organization, Repository, Actor\r\n",
|
||||
"size": 0,
|
||||
"title": "Private Repos made Public",
|
||||
"timeContext": {
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче