[New Rule] Organization Owner Role Granted to User

## Description


This rule detects when a member is granted the organization owner role of a GitHub organization. This role provides admin level privileges and new owner roles should be verified to ensure their legitimacy.
## Required Info

### Target indexes

logs-github.audit-*
### Platforms

GitHub

## Optional Info

### Query
```
iam where event.dataset== "github.audit" and event.action== "org.update_member" and github.permission== "admin"
```
### References



## Example Data



![image](https://github.com/elastic/detection-rules/assets/59296946/d46ae721-96de-4046-be5e-7fd2221408d1)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[New Rule] Organization Owner Role Granted to User #3084

Description

Required Info

Target indexes

Platforms

Optional Info

Query

References

Example Data

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[New Rule] Organization Owner Role Granted to User #3084

Description

Description

Required Info

Target indexes

Platforms

Optional Info

Query

References

Example Data

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions