Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for GitHub Audit Log Streaming #3

Closed
derkkila-splunk opened this issue Jul 19, 2021 · 1 comment
Closed

Add support for GitHub Audit Log Streaming #3

derkkila-splunk opened this issue Jul 19, 2021 · 1 comment
Assignees
@derkkila-splunk
Labels
enhancement New feature or request in progress Work on this Issue is in progress.
Projects
GitHub App for Splunk Project
Milestone
1.0.2: Minor enha...

Comments

@derkkila-splunk
Copy link
Collaborator

Is your feature request related to a problem? Please describe.
With GitHub adding Audit log streaming as a service, please make sure that those events will work alongside audit log events collected via the GitHub Audit Log Monitoring Add-On for Splunk or via syslog forwarding from GitHub Enterprise Server.

Describe the solution you'd like
Streamed audit logs appear in the Audit dashboards

Describe alternatives you've considered
n/a

Additional context
n/a
@derkkila-splunk derkkila-splunk added this to To do in GitHub App for Splunk Project via automation Jul 19, 2021
@derkkila-splunk derkkila-splunk moved this from To do to In progress in GitHub App for Splunk Project Jul 19, 2021
@derkkila-splunk derkkila-splunk added the enhancement New feature or request label Jul 19, 2021
@derkkila-splunk derkkila-splunk self-assigned this Jul 19, 2021
@derkkila-splunk derkkila-splunk added the in progress Work on this Issue is in progress. label Jul 19, 2021
@derkkila-splunk
Copy link
Collaborator Author

derkkila-splunk commented Jul 26, 2021
edited

There is a slight delay between when the audit event is created and when it gets streamed. Created a new sourcetype github_audit that uses the @timestamp field for establishing the Splunk event timestamp. Otherwise, streamed logs work exactly the same as TA fetched ones.

GitHub App for Splunk Project automation moved this from In progress to Done Jul 26, 2021
@derkkila-splunk derkkila-splunk moved this from Done to Released in GitHub App for Splunk Project Jul 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@derkkila-splunk derkkila-splunk

Labels
enhancement New feature or request in progress Work on this Issue is in progress.
Projects
GitHub App for Splunk Project
Released
Milestone
1.0.2: Minor enhancements after initi...
Development

No branches or pull requests
1 participant
@derkkila-splunk