Skip to main content

Hier erfährst du mehr über die Sicherheitsprotokollereignisse, die für dein persönliches Konto aufgezeichnet werden.

Hinweis

  • Dieser Artikel enthält die Ereignisse, die in der neuesten Version von GitHub Enterprise Server verfügbar sind. Einige der Ereignisse sind in früheren Versionen möglicherweise nicht verfügbar.
  • Dieser Artikel enthält die Ereignisse, die möglicherweise im Sicherheitsprotokoll deines Benutzerkontos angezeigt werden. Informationen zu den Ereignissen, die im Überwachungsprotokoll einer Organisation oder im Überwachungsprotokoll für ein Unternehmen angezeigt werden können, findest du unter Audit-Protokollereignisse für Ihre Organisation und Prüfprotokollereignisse für Ihr Unternehmen.

Informationen zu Sicherheitsprotokoll-Ereignissen

Der Name für jeden Überwachungsprotokolleintrag besteht aus einer Kategorie von Ereignissen gefolgt von einem Vorgangstyp. Der Eintrag repo.create verweist beispielsweise auf den Vorgang create in der Kategorie repo. Die Referenzinformationen in diesem Artikel sind nach Kategorien gruppiert.

Audit log events

account

account.plan_change
The account's plan changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type
Verweis
How GitHub billing works

actions_cache

actions_cache.delete
A GitHub Actions cache was deleted using the REST API.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actions_cache_id, actions_cache_key, actions_cache_scope, actions_cache_version, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name

artifact

artifact.destroy
A workflow run artifact was manually deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, workflow_run_id

billing

billing.budget_create
A billing budget was created for a business or organization. Includes details about the budget limit, alerting preferences, and recipients.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, alert_enabled, alert_recipient_user_ids, budget_limit_type, created_at, customer_id, exclude_cost_center_usage, oauth_application_id, operation_type, pricing_target_id, pricing_target_type, status, target_amount, target_id, target_type, user_programmatic_access_name
billing.budget_delete
A billing budget was deleted for a business or organization. Includes details about the removed budget and any alerting settings.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, alert_enabled, budget_limit_type, created_at, customer_id, exclude_cost_center_usage, oauth_application_id, operation_type, pricing_target_id, pricing_target_type, status, target_amount, target_type, user_programmatic_access_name, uuid
billing.budget_update
A billing budget was updated for a business or organization. Includes details about the updated limit and alerting settings.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, alert_enabled, budget_limit_type, created_at, customer_id, exclude_cost_center_usage, oauth_application_id, old_alert_enabled, old_budget_limit_type, old_pricing_target_id, old_pricing_target_type, old_target_amount, old_target_id, old_target_type, operation_type, pricing_target_id, pricing_target_type, status, target_amount, target_id, target_type, user_programmatic_access_name
billing.change_billing_type
The way the account pays for GitHub was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type
Verweis
Managing your payment and billing information
billing.change_email
The billing email address changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, email, oauth_application_id, operation_type, user_programmatic_access_name
Verweis
Managing your payment and billing information
billing.overage_policy_updated
The premium request paid usage policy for your GitHub account was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
Verweis
Optimizing your budget configuration

billing_customer

billing_customer.azure_subscription_linked
Azure subscription has been linked on this account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
billing_customer.azure_subscription_unlinked
Azure subscription has been unlinked on this account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type

business

business.add_admin
An enterprise owner was added to an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type
Verweis
Inviting people to manage your enterprise
business.add_billing_manager
A billing manager was added to an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type
business.add_support_entitlee
A support entitlement was added to a member of an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, name, operation_type
Verweis
Managing support entitlements for your enterprise
business.remove_admin
An enterprise owner was removed from an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type
Verweis
Inviting people to manage your enterprise
business.remove_billing_manager
A billing manager was removed from an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type
business.remove_member
A member was removed from an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type, user_programmatic_access_name
business.remove_support_entitlee
A support entitlement was removed from a member of an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type
Verweis
Managing support entitlements for your enterprise
business.security_center_export_code_scanning_metrics
A CSV export was requested on the "CodeQL pull request alerts" page.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, end_date, filename, operation_type, query, requested_at, start_date
business.security_center_export_coverage
A CSV export was requested on the "Coverage" page.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, filename, operation_type, query, requested_at
business.security_center_export_overview_dashboard
A CSV export was requested on the "Overview Dashboard" page.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, end_date, filename, operation_type, query, requested_at, start_date
business.security_center_export_risk
A CSV export was requested on the "Risk" page.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, filename, operation_type, query, requested_at
business.set_actions_cache_retention_policy
The cache retention policy for GitHub Actions was set for an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, name, operation_type
Verweis
Enforcing policies for GitHub Actions in your enterprise
business.set_actions_cache_storage_policy
The cache storage policy for GitHub Actions was set for an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type
Verweis
Enforcing policies for GitHub Actions in your enterprise
business.set_actions_fork_pr_approvals_policy
The policy for requiring approvals for workflows from public forks was changed for an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, name, operation_type, policy
Verweis
Enforcing policies for GitHub Actions in your enterprise
business.set_actions_private_fork_pr_approvals_policy
The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type, policy
Verweis
Enforcing policies for GitHub Actions in your enterprise
business.set_actions_retention_limit
The retention period for GitHub Actions artifacts and logs was changed for an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, limit, name, operation_type
Verweis
Enforcing policies for GitHub Actions in your enterprise
business.set_default_workflow_permissions
The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type
Verweis
Enforcing policies for GitHub Actions in your enterprise
business.set_fork_pr_workflows_policy
The policy for fork pull request workflows was changed for an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type, policy
Verweis
Enforcing policies for GitHub Actions in your enterprise
business.set_workflow_permission_can_approve_pr
The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type
Verweis
Enforcing policies for GitHub Actions in your enterprise

checks

checks.auto_trigger_disabled
Automatic creation of check suites was disabled on a repository in the organization or enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, operation_type, public_repo, visibility
Verweis
/rest/checks#update-repository-preferences-for-check-suites
checks.auto_trigger_enabled
Automatic creation of check suites was enabled on a repository in the organization or enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, operation_type, public_repo, visibility
Verweis
/rest/checks#update-repository-preferences-for-check-suites
checks.delete_logs
Logs in a check suite were deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name

codespaces

codespaces.allow_permissions
A codespace using custom permissions from its devcontainer.json file was launched.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, origin_repository
codespaces.connect
Credentials for a codespace were refreshed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, devcontainer_path, machine_type, name, oauth_application_id, operation_type, owner, public_repo, pull_request_id, user_programmatic_access_name
codespaces.create
A codespace was created
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, devcontainer_path, machine_type, name, oauth_application_id, operation_type, owner, public_repo, pull_request_id, user_programmatic_access_name
Verweis
Creating a codespace for a repository
codespaces.destroy
A user deleted a codespace.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type, owner, public_repo, pull_request_id, user_programmatic_access_name
Verweis
Deleting a codespace
codespaces.export_environment
A codespace was exported to a branch on GitHub.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, owner, public_repo, user_programmatic_access_name
codespaces.restore
A codespace was restored.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, owner, public_repo
codespaces.start_environment
A codespace was started.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, devcontainer_path, machine_type, name, oauth_application_id, operation_type, owner, public_repo, pull_request_id, user_programmatic_access_name
codespaces.suspend_environment
A codespace was stopped.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, devcontainer_path, machine_type, name, oauth_application_id, operation_type, owner, public_repo, pull_request_id, user_programmatic_access_name
codespaces.trusted_repositories_access_update
A personal account's access and security setting for Codespaces were updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type
Verweis
Managing access to other repositories within your codespace

copilot

copilot.cfb_seat_added
A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, owner, owner_type, user_programmatic_access_name
copilot.cfb_seat_assignment_created
A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, owner, owner_type, user_programmatic_access_name
Verweis
What is GitHub Copilot?
copilot.cfb_seat_assignment_refreshed
A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, owner, owner_type, user_programmatic_access_name
copilot.cfb_seat_assignment_reused
A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, owner, owner_type
copilot.cfb_seat_assignment_unassigned
A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, owner, owner_type, user_programmatic_access_name
copilot.cfb_seat_cancelled
A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type, owner, owner_type, seat_assignment
copilot.cfb_seat_cancelled_by_staff
A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, owner, owner_type, seat_assignment
copilot.swe_agent_firewall_allowlist_updated
Firewall allowlist for Copilot coding agent was updated for an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
copilot.swe_agent_repo_disabled
Specific repositories were disabled from using Copilot coding agent.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, owner, owner_type, public_repo, user_programmatic_access_name
copilot.swe_agent_repo_enabled
Specific repositories were enabled to use Copilot coding agent.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, owner, owner_type, public_repo, user_programmatic_access_name
copilot.swe_agent_repo_enablement_updated
Copilot coding agent access was updated for the organization's or user's repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, new_access, oauth_application_id, old_access, operation_type, owner, owner_type, user_programmatic_access_name

dependabot_alerts

dependabot_alerts.disable
Dependabot alerts were disabled for all existing repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type
Verweis
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories
dependabot_alerts.enable
Dependabot alerts were enabled for all existing repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
Verweis
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories

dependabot_alerts_new_repos

dependabot_alerts_new_repos.disable
Dependabot alerts were disabled for all new repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
Verweis
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added
dependabot_alerts_new_repos.enable
Dependabot alerts were enabled for all new repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
Verweis
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added

dependabot_closure_request

dependabot_closure_request.approve
Dismissal of Dependabot alerts was approved.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, alert_number, created_at, number, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
Dependabot alerts
dependabot_closure_request.cancel
Dismissal request for Dependabot alerts was canceled.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, alert_number, created_at, number, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
Dependabot alerts
dependabot_closure_request.create
Dismissal of Dependabot alerts was requested.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, alert_number, created_at, number, operation_type, public_repo
Verweis
Dependabot alerts
dependabot_closure_request.deny
Dismissal of Dependabot alerts was denied.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, alert_number, created_at, number, operation_type, public_repo
Verweis
Dependabot alerts

dependabot_repository_access

dependabot_repository_access.repositories_updated
The repositories that Dependabot can access were updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name

dependabot_security_updates

dependabot_security_updates.disable
Dependabot security updates were disabled for all existing repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type
Verweis
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependabot_security_updates.enable
Dependabot security updates were enabled for all existing repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name

dependabot_security_updates_new_repos

dependabot_security_updates_new_repos.disable
Dependabot security updates were disabled for all new repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
Verweis
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependabot_security_updates_new_repos.enable
Dependabot security updates were enabled for all new repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name

dependency_graph

dependency_graph.disable
The dependency graph was disabled for all existing repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type
Verweis
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependency_graph.enable
The dependency graph was enabled for all existing repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name

dependency_graph_new_repos

dependency_graph_new_repos.disable
The dependency graph was disabled for all new repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
Verweis
/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
dependency_graph_new_repos.enable
The dependency graph was enabled for all new repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name

environment

environment.add_protection_rule
A GitHub Actions deployment protection rule was created via the API.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, environment_name, integration, name, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name
Verweis
Managing environments for deployment
environment.create_actions_secret
A secret was created for a GitHub Actions environment.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, environment_name, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
Managing environments for deployment
environment.create_actions_variable
A variable was created for a GitHub Actions environment.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, environment_name, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
Store information in variables
environment.delete
An environment was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, environment_name, name, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
Managing environments for deployment
environment.remove_actions_secret
A secret was deleted for a GitHub Actions environment.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, environment_name, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
Managing environments for deployment
environment.remove_actions_variable
A variable was deleted for a GitHub Actions environment.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, environment_name, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
Store information in variables
environment.remove_protection_rule
A GitHub Actions deployment protection rule was deleted via the API.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, environment_name, integration, name, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
Managing environments for deployment
environment.update_actions_secret
A secret was updated for a GitHub Actions environment.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, environment_name, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
Managing environments for deployment
environment.update_actions_variable
A variable was updated for a GitHub Actions environment.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, environment_name, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
Store information in variables
environment.update_protection_rule
A GitHub Actions deployment protection rule was updated via the API.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, approvers, approvers_was, can_admins_bypass, environment_id, environment_name, new_value, old_value, prevent_self_review
Verweis
Managing environments for deployment

gist

gist.create
A gist was created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, gist, gist_id, oauth_application_id, operation_type, user_programmatic_access_name, visibility
gist.destroy
A gist was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, gist, gist_id, oauth_application_id, operation_type, user_programmatic_access_name, visibility
gist.visibility_change
The visibility of a gist was updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, gist, gist_id, oauth_application_id, operation_type, user_programmatic_access_name, visibility

git_signing_ssh_public_key

git_signing_ssh_public_key.create
An SSH key was added to a user account as a Git commit signing key.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, fingerprint, key, oauth_application_id, operation_type, title, user_programmatic_access_name
Verweis
/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key
git_signing_ssh_public_key.delete
An SSH key was removed from a user account as a Git commit signing key.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, explanation, fingerprint, key, oauth_application_id, operation_type, title, user_programmatic_access_name
Verweis
/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key

hook

hook.active_changed
A hook's active status was updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, active, active_was, actor_is_agent, actor_is_bot, created_at, events, hook_id, integration, name, oauth_application_id, operation_type, public_repo, sponsors_listing_id, user_programmatic_access_name
hook.config_changed
A hook's configuration was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, active, actor_is_agent, actor_is_bot, created_at, events, hook_id, integration, name, oauth_application_id, operation_type, public_repo, sponsors_listing_id, user_programmatic_access_name
hook.create
A new hook was added.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, active, actor_is_agent, actor_is_bot, created_at, events, hook_id, integration, name, oauth_application, oauth_application_id, operation_type, public_repo, sponsors_listing_id, user_programmatic_access_name
Verweis
About webhooks
hook.destroy
A hook was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, active, actor_is_agent, actor_is_bot, created_at, events, hook_id, integration, name, oauth_application_id, operation_type, public_repo, sponsors_listing_id, user_programmatic_access_name
hook.events_changed
A hook's configured events were changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, active, actor_is_agent, actor_is_bot, created_at, events, events_were, hook_id, integration, name, oauth_application_id, operation_type, public_repo, user_programmatic_access_name

integration

integration.create
A GitHub App was created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, application_client_id, created_at, integration, name, oauth_application_id, operation_type
integration.destroy
A GitHub App was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, application_client_id, created_at, integration, name, operation_type
integration.manager_added
A member of an enterprise or organization was added as a GitHub App manager.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, application_client_id, created_at, integration, manager, name, operation_type
Verweis
/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization
integration.manager_removed
A member of an enterprise or organization was removed from being a GitHub App manager.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, application_client_id, created_at, integration, manager, name, operation_type
Verweis
/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization
integration.remove_client_secret
A client secret for a GitHub App was removed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, application_client_id, created_at, integration, name, operation_type
integration.revoke_all_tokens
All user tokens for a GitHub App were requested to be revoked.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, application_client_id, created_at, integration, name, operation_type
integration.revoke_tokens
Token(s) for a GitHub App were revoked.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, application_client_id, created_at, integration, name, operation_type
integration.suspend
A GitHub App was suspended.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, application_client_id, created_at, integration, name, oauth_application_id, operation_type
Verweis
/apps/maintaining-github-apps/suspending-a-github-app-installation
integration.transfer
Ownership of a GitHub App was transferred to another user or organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, application_client_id, created_at, integration, name, operation_type, requester, requester_id, transfer_from, transfer_from_id, transfer_from_type, transfer_to, transfer_to_id, transfer_to_type
Verweis
/apps/maintaining-github-apps/transferring-ownership-of-a-github-app
integration.unsuspend
A GitHub App was unsuspended.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, application_client_id, created_at, integration, name, operation_type
Verweis
/apps/maintaining-github-apps/suspending-a-github-app-installation

integration_installation

integration_installation.create
A GitHub App was installed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, application_client_id, created_at, integration, name, oauth_application_id, operation_type, repository_selection, topic, trigger_id, user_programmatic_access_name
Verweis
/apps/using-github-apps/authorizing-github-apps
integration_installation.destroy
A GitHub App was uninstalled.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, application_client_id, created_at, integration, name, oauth_application_id, operation_type, repository_selection, topic
Verweis
/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access
integration_installation.repositories_added
Repositories were added to a GitHub App.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, application_client_id, created_at, integration, name, oauth_application_id, operation_type, repositories_added, repositories_added_names, repository_selection, topic, user_programmatic_access_name
Verweis
/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access
integration_installation.repositories_removed
Repositories were removed from a GitHub App.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, application_client_id, created_at, integration, name, oauth_application_id, operation_type, repositories_removed, repositories_removed_names, repository_selection, topic
Verweis
/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access
integration_installation.suspend
A GitHub App was suspended.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, application_client_id, created_at, integration, name, operation_type, repository_selection
Verweis
/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access
integration_installation.unsuspend
A GitHub App was unsuspended.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, application_client_id, created_at, integration, name, operation_type, repository_selection
Verweis
/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access
integration_installation.version_updated
Permissions for a GitHub App were updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, application_client_id, created_at, integration, name, operation_type, repository_selection
Verweis
/apps/using-github-apps/approving-updated-permissions-for-a-github-app

issue_dependencies

issue_dependencies.blocked_by_add
An issue was marked as blocked by another issue.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, title, user_programmatic_access_name
issue_dependencies.blocked_by_remove
The blocked by relationship between an issue and another issue was removed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, title, user_programmatic_access_name
issue_dependencies.blocking_add
An issue was marked as blocking another issue.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, title, user_programmatic_access_name
issue_dependencies.blocking_remove
The blocking relationship between an issue and another issue was removed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, title, user_programmatic_access_name

marketplace_agreement_signature

marketplace_agreement_signature.create
The GitHub Marketplace Developer Agreement was signed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type

marketplace_listing

marketplace_listing.approve
A listing was approved for inclusion in GitHub Marketplace.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, integration, marketplace_listing, oauth_application, oauth_application_id, operation_type, primary_category, secondary_category
marketplace_listing.change_category
A category for a listing for an app in GitHub Marketplace was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, integration, marketplace_listing, operation_type, primary_category, secondary_category
marketplace_listing.create
A listing for an app in GitHub Marketplace was created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, integration, marketplace_listing, oauth_application, oauth_application_id, operation_type, primary_category, secondary_category
marketplace_listing.delist
A listing was removed from GitHub Marketplace.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, integration, marketplace_listing, operation_type, primary_category, secondary_category
marketplace_listing.redraft
A listing was sent back to draft state.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, integration, marketplace_listing, oauth_application, oauth_application_id, operation_type, primary_category, secondary_category
marketplace_listing.reject
A listing was not accepted for inclusion in GitHub Marketplace.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, integration, marketplace_listing, oauth_application, oauth_application_id, operation_type, primary_category, secondary_category

mcp_registry

mcp_registry.allowlist_add_server
A server was added to an MCP registry allowlist.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, allowlist_id, server_id, server_name
mcp_registry.allowlist_assign
An MCP registry allowlist was assigned to an organization or enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, allowlist_id, assignment_type
mcp_registry.allowlist_create
An MCP registry allowlist was created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, allowlist_description, allowlist_id, allowlist_name
mcp_registry.allowlist_delete
An MCP registry allowlist was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, allowlist_id, allowlist_name
mcp_registry.allowlist_remove_assignment
An MCP registry allowlist assignment was removed from an organization or enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, allowlist_id, assignment_type
mcp_registry.allowlist_remove_server
A server was removed from an MCP registry allowlist.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, allowlist_id, server_id, server_name
mcp_registry.allowlist_set_server_entries
Entries were set for a server in an MCP registry allowlist.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, allowlist_id, entries, server_id
mcp_registry.allowlist_update
An MCP registry allowlist was updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, allowlist_id, allowlist_name, old_allowlist_name

merge_queue

merge_queue.pull_request_dequeued
A pull request was removed from a merge queue.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
merge_queue.pull_request_queue_jump
A pull request was moved ahead in a merge queue.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
merge_queue.queue_cleared
A merge queue was cleared.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic
merge_queue.update_settings
The settings for a merge queue were updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, check_response_timeout_minutes, created_at, max_entries_to_build, max_entries_to_merge, merge_method, merging_strategy, min_entries_to_merge, min_entries_to_merge_wait_minutes, operation_type, public_repo

migration

migration.create
A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo

oauth_access

oauth_access.create
An OAuth access token was generated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, integration, oauth_application_id, oauth_application_name, operation_type, topic, user_programmatic_access_name
Verweis
/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens
oauth_access.destroy
An OAuth access token was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, explanation, integration, oauth_application_id, oauth_application_name, operation_type, topic, user_programmatic_access_name
Verweis
/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps
oauth_access.regenerate
An OAuth access token was regenerated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, integration, oauth_application_id, oauth_application_name, operation_type, topic, user_programmatic_access_name
oauth_access.revoke
An OAuth access token was revoked.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, explanation, operation_type
oauth_access.update
An OAuth access token was updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type

oauth_application

oauth_application.create
An OAuth application was created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application, oauth_application_id, operation_type
Verweis
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.destroy
An OAuth application was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application, oauth_application_id, operation_type
Verweis
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.generate_client_secret
An OAuth application's secret key was generated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application, oauth_application_id, operation_type
Verweis
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.remove_client_secret
An OAuth application's secret key was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application, oauth_application_id, operation_type
Verweis
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.reset_secret
The secret key for an OAuth application was reset.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application, oauth_application_id, operation_type
Verweis
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.revoke_all_tokens
All user tokens for an OAuth application were requested to be revoked.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application, oauth_application_id, operation_type
Verweis
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.revoke_tokens
Token(s) for an OAuth application were revoked.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application, oauth_application_id, operation_type
Verweis
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
oauth_application.transfer
An OAuth application was transferred from one account to another.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application, oauth_application_id, operation_type
Verweis
/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_authorization

oauth_authorization.create
An authorization for an OAuth application was created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, integration, oauth_application_id, oauth_application_name, operation_type, topic, user_programmatic_access_name
Verweis
/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps
oauth_authorization.destroy
An authorization for an OAuth application was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, explanation, integration, oauth_application_id, oauth_application_name, operation_type, user_programmatic_access_name
Verweis
Reviewing and revoking authorization of GitHub Apps
oauth_authorization.update
An authorization for an OAuth application was updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_name, operation_type
Verweis
/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps

org

org.add_member
A user joined an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, invitation_id, oauth_application_id, operation_type, permission, user_programmatic_access_name
org.add_outside_collaborator
An outside collaborator was added to a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, invitee, inviter, oauth_application_id, operation_type, permission, public_repo
org.advanced_security_disabled_for_new_repos
GitHub Advanced Security was disabled for new repositories in an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
org.advanced_security_disabled_on_all_repos
GitHub Advanced Security was disabled for all repositories in an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type
org.advanced_security_enabled_for_new_repos
GitHub Advanced Security was enabled for new repositories in an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
org.advanced_security_enabled_on_all_repos
GitHub Advanced Security was enabled for all repositories in an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type
org.remove_member
A member was removed from an organization, either manually or due to a two-factor authentication requirement.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
org.security_center_export_code_scanning_metrics
A CSV export was requested on the CodeQL pull request alerts page.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, end_date, filename, operation_type, query, requested_at, start_date
org.security_center_export_coverage
A CSV export was requested on the Coverage page.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, filename, operation_type, query, requested_at
org.security_center_export_overview_dashboard
A CSV export was requested on the Overview Dashboard page.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, end_date, filename, operation_type, query, requested_at, start_date
org.security_center_export_risk
A CSV export was requested on the Risk page.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, filename, operation_type, query, requested_at
org.set_actions_cache_retention_policy
The cache retention policy for GitHub Actions was set for an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
Verweis
/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization
org.set_actions_cache_storage_policy
The cache storage policy for GitHub Actions was set for an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type
Verweis
/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization
org.set_actions_fork_pr_approvals_policy
The setting for requiring approvals for workflows from public forks was changed for an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, policy, user_programmatic_access_name
Verweis
/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks
org.set_actions_private_fork_pr_approvals_policy
The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, policy, user_programmatic_access_name
Verweis
/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks
org.set_actions_retention_limit
The retention period for GitHub Actions artifacts and logs in an organization was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, limit, oauth_application_id, operation_type, user_programmatic_access_name
Verweis
/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization
org.set_default_workflow_permissions
The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
Verweis
/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization
org.set_fork_pr_workflows_policy
The policy for workflows on private repository forks was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, policy, user_programmatic_access_name
Verweis
/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks
org.set_workflow_permission_can_approve_pr
The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
Verweis
/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests
org.update_member
A person's role was changed from owner to member or member to owner.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, old_permission, operation_type, permission, user_programmatic_access_name
org.update_member_repository_creation_permission
The create repository permission for organization members was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, permission, user_programmatic_access_name, visibility
org.update_member_repository_invitation_permission
An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, permission
Verweis
Setting permissions for adding outside collaborators

pages_protected_domain

pages_protected_domain.create
A GitHub Pages verified domain was created for an organization or enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, domain, operation_type, owner, owner_type, state
Verweis
/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages
pages_protected_domain.delete
A GitHub Pages verified domain was deleted from an organization or enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, domain, operation_type, owner, owner_type, state
Verweis
/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages
pages_protected_domain.verify
A GitHub Pages domain was verified for an organization or enterprise.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, domain, operation_type, owner, owner_type, state
Verweis
/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

passkey

passkey.register
A new passkey was added.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, nickname, operation_type
passkey.remove
A new passkey was removed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, nickname, operation_type

payment_method

payment_method.create
A new payment method was added, such as a new credit card or PayPal account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type
payment_method.remove
A payment method was removed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type
payment_method.update
An existing payment method was updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type

personal_access_token

personal_access_token.access_granted
A fine-grained personal access token was granted access to resources.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, operation_type, repositories, repository_selection, user_programmatic_access_id, user_programmatic_access_name
Verweis
/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization
personal_access_token.access_revoked
A fine-grained personal access token was revoked. The token can still read public organization resources.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, repositories, repository_selection, user_programmatic_access_id, user_programmatic_access_name
Verweis
/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization
personal_access_token.create
Triggered when you create a fine-grained personal access token.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, repository_selection, user_programmatic_access_name
personal_access_token.credential_regenerated
Triggered when you regenerate a fine-grained personal access token.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, user_programmatic_access_name
personal_access_token.credential_revoked
A fine-grained personal access token was revoked by GitHub Advanced Security.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, explanation, operation_type, user_programmatic_access_name
Verweis
/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users
personal_access_token.destroy
Triggered when you delete a fine-grained personal access token.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, explanation, operation_type, user_programmatic_access_name
personal_access_token.request_cancelled
A pending request for a fine-grained personal access token to access organization resources was canceled.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, repository_selection, user_programmatic_access_name, user_programmatic_access_request_id
personal_access_token.request_created
Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, repositories, repository_selection, user_programmatic_access_id, user_programmatic_access_name, user_programmatic_access_request_id
Verweis
/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization
personal_access_token.request_denied
A request for a fine-grained personal access token to access organization resources was denied.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, operation_type, repository_selection, user_programmatic_access_name, user_programmatic_access_request_id
Verweis
/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization
personal_access_token.update
A fine-grained personal access token was updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, pat_field_changed, repository_selection, user_programmatic_access_name
Verweis
/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens

profile_picture

profile_picture.update
A profile picture was updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, integration, marketplace_listing, oauth_application, oauth_application_id, operation_type, owner, team
Verweis
Personalize your profile

project

project.access
A project board visibility was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
project.close
A project board was closed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, project_id, project_kind, project_name, public_project, user_programmatic_access_name
Verweis
Planning and tracking with Projects
project.create
A project board was created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
project.delete
A project board was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, public_repo
project.link
A repository was linked to a project board.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
project.open
A project board was reopened.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, project_id, project_kind, project_name, public_project, user_programmatic_access_name
Verweis
Planning and tracking with Projects
project.rename
A project board was renamed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, old_name, operation_type
project.unlink
A repository was unlinked from a project board.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
project.update_org_permission
The project's base-level permission for all organization members was changed or removed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
project.update_team_permission
A team's project board permission level was changed or when a team was added or removed from a project board.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, team
project.update_user_permission
A user was added to or removed from a project board or had their permission level changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
project.visibility_private
A project's visibility was changed from public to private.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, project_id, project_kind, project_name, public_project
project.visibility_public
A project's visibility was changed from private to public.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, project_id, project_kind, project_name, public_project, user_programmatic_access_name

project_collaborator

project_collaborator.add
A collaborator was added to a project.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, collaborator, collaborator_type, created_at, old_project_role, operation_type, project_id, project_name, project_role, public_project
project_collaborator.remove
A collaborator was removed from a project.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, collaborator, collaborator_type, created_at, old_project_role, operation_type, project_id, project_name, project_role, public_project
project_collaborator.update
A project collaborator's permission level was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, collaborator, collaborator_type, created_at, old_project_role, operation_type, project_id, project_name, project_role, public_project

project_field

project_field.create
A field was created in a project board.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
Verweis
/issues/planning-and-tracking-with-projects/understanding-fields
project_field.delete
A field was deleted in a project board.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, topic, user_programmatic_access_name
Verweis
/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields

project_view

project_view.create
A view was created in a project board.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
Verweis
/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views
project_view.delete
A view was deleted in a project board.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type
Verweis
/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views

protected_branch

protected_branch.update_merge_queue_enforcement_level
Enforcement of the merge queue was modified for a branch.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, merge_queue_enforcement_level, name, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue

public_key

public_key.create
An SSH key was added to a user account or a deploy key was added to a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, fingerprint, key, oauth_application_id, operation_type, public_repo, read_only, title, user_programmatic_access_name
Verweis
/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account
public_key.delete
An SSH key was removed from a user account or a deploy key was removed from a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, explanation, fingerprint, key, oauth_application_id, operation_type, public_repo, read_only, title, user_programmatic_access_name
Verweis
/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys
public_key.unverification_failure
A user account's SSH key or a repository's deploy key was unable to be unverified.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, fingerprint, key, operation_type, read_only, title
Verweis
/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.unverify
A user account's SSH key or a repository's deploy key was unverified.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, explanation, fingerprint, key, operation_type, public_repo, read_only, title
Verweis
/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.update
A user account's SSH key or a repository's deploy key was updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, fingerprint, key, oauth_application_id, operation_type, public_repo, read_only, title, user_programmatic_access_name
Verweis
/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.verification_failure
A user account's SSH key or a repository's deploy key was unable to be verified.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, fingerprint, key, oauth_application_id, operation_type, public_repo, read_only, title, user_programmatic_access_name
Verweis
/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
public_key.verify
A user account's SSH key or a repository's deploy key was verified.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, fingerprint, key, oauth_application_id, operation_type, public_repo, read_only, title, user_programmatic_access_name
Verweis
/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

repo

repo.access
The visibility of a repository changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, previous_visibility, public_repo, user_programmatic_access_name, visibility
Verweis
/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility
repo.actions_enabled
GitHub Actions was enabled for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, integration, name, oauth_application_id, operation_type, public_repo, repository_selection, topic, user_programmatic_access_name
Verweis
organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api
repo.add_member
A collaborator was added to a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, permission, public_repo, user_programmatic_access_name, visibility
Verweis
Inviting collaborators to a personal repository
repo.add_topic
A topic was added to a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name
Verweis
/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics
repo.advanced_security_disabled
GitHub Advanced Security was disabled for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name, visibility
Verweis
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository
repo.advanced_security_enabled
GitHub Advanced Security was enabled for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name, visibility
Verweis
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository
repo.archived
A repository was archived.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
/repositories/archiving-a-github-repository
repo.change_merge_setting
Pull request merge options were changed for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
repo.code_scanning_analysis_deleted
Code scanning analysis for a repository was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, category, created_at, oauth_application_id, operation_type, public_repo, tool, user_programmatic_access_name
Verweis
/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository
repo.code_scanning_configuration_for_branch_deleted
A code scanning configuration for a branch of a repository was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, branch, category, created_at, operation_type, public_repo, tool
Verweis
Resolving code scanning alerts
repo.config.disable_collaborators_only
The interaction limit for collaborators only was disabled.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name
Verweis
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.disable_contributors_only
The interaction limit for prior contributors only was disabled in a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic
Verweis
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.disable_sockpuppet_disallowed
The interaction limit for existing users only was disabled in a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name
Verweis
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.enable_collaborators_only
The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.enable_contributors_only
The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo
Verweis
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.config.enable_sockpuppet_disallowed
The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
repo.configure_self_hosted_jit_runner
A new just-in-time GitHub Actions self-hosted runner was configured
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository
repo.create
A repository was created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, request_category, request_method, user_programmatic_access_name, visibility
Verweis
/repositories/creating-and-managing-repositories/creating-a-new-repository
repo.create_actions_secret
A GitHub Actions secret was created for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
Using secrets in GitHub Actions
repo.create_actions_variable
A GitHub Actions variable was created for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
Store information in variables
repo.create_integration_secret
A Codespaces or Dependabot secret was created for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, integration, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
repo.destroy
A repository was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, request_category, request_method, user_programmatic_access_name, visibility
Verweis
/repositories/creating-and-managing-repositories/deleting-a-repository
repo.pages_cname
A GitHub Pages custom domain was modified in a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, cname, created_at, oauth_application_id, old_cname, operation_type, public_repo, topic, user_programmatic_access_name, visibility
repo.pages_create
A GitHub Pages site was created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name, visibility
repo.pages_destroy
A GitHub Pages site was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name, visibility
repo.pages_https_redirect_disabled
HTTPS redirects were disabled for a GitHub Pages site.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name, visibility
repo.pages_https_redirect_enabled
HTTPS redirects were enabled for a GitHub Pages site.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name, visibility
repo.pages_private
A GitHub Pages site visibility was changed to private.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name, visibility
repo.pages_public
A GitHub Pages site visibility was changed to public.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name, visibility
repo.pages_soft_delete
A GitHub Pages site was soft-deleted because its owner's plan changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, visibility
repo.pages_soft_delete_restore
A GitHub Pages site that was previously soft-deleted was restored.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
repo.pages_source
A GitHub Pages source was modified.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name, visibility
repo.register_self_hosted_runner
A new self-hosted runner was registered.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, operation_type, public_repo
Verweis
Adding self-hosted runners
repo.remove_actions_secret
A GitHub Actions secret was deleted for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
Using secrets in GitHub Actions
repo.remove_actions_variable
A GitHub Actions variable was deleted for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
Store information in variables
repo.remove_integration_secret
A Codespaces or Dependabot secret was deleted for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, integration, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
repo.remove_member
A collaborator was removed from a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
Removing a collaborator from a personal repository
repo.remove_self_hosted_runner
A self-hosted runner was removed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
Removing self-hosted runners
repo.remove_topic
A topic was removed from a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name
repo.rename
A repository was renamed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, old_name, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
/repositories/creating-and-managing-repositories/renaming-a-repository
repo.set_actions_cache_retention_policy
The cache retention policy for GitHub Actions was set for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository
repo.set_actions_cache_storage_policy
The cache storage policy for GitHub Actions was set for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, visibility
Verweis
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository
repo.set_actions_fork_pr_approvals_policy
The setting for requiring approvals for workflows from public forks was changed for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, policy, public_repo, user_programmatic_access_name, visibility
Verweis
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks
repo.set_actions_private_fork_pr_approvals_policy
The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, policy, public_repo, user_programmatic_access_name, visibility
Verweis
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories
repo.set_actions_retention_limit
The retention period for GitHub Actions artifacts and logs in a repository was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, limit, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository
repo.set_default_workflow_permissions
The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository
repo.set_fork_pr_workflows_policy
Triggered when the policy for workflows on private repository forks is changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, policy, public_repo, user_programmatic_access_name, visibility
Verweis
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks
repo.set_workflow_permission_can_approve_pr
The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests
repo.staff_unlock
An enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, public_repo
repo.temporary_access_granted
Temporary access was enabled for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo
Verweis
Accessing user-owned repositories in your enterprise
repo.transfer
A user accepted a request to receive a transferred repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, old_user, operation_type, owner, public_repo, repo_was, visibility
Verweis
/repositories/creating-and-managing-repositories/transferring-a-repository
repo.transfer_outgoing
A repository was transferred to another repository network.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, new_nwo, oauth_application_id, operation_type, public_repo, visibility
repo.transfer_start
A user sent a request to transfer a repository to another user or organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, visibility
repo.unarchived
A repository was unarchived.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
/repositories/archiving-a-github-repository
repo.update_actions_access_settings
The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, old_policy, operation_type, policy, visibility
repo.update_actions_secret
A GitHub Actions secret was updated for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
Using secrets in GitHub Actions
repo.update_actions_settings
A repository administrator changed GitHub Actions policy settings for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, new_policy, oauth_application_id, old_policy, operation_type, public_repo, updated_access_policy, updated_allowed_types, updated_github_owned_allowed, updated_patterns, updated_verified_allowed, user_programmatic_access_name, visibility
repo.update_actions_variable
A GitHub Actions variable was updated for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
Verweis
Store information in variables
repo.update_default_branch
The default branch for a repository was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, topic, user_programmatic_access_name, visibility
repo.update_integration_secret
A Codespaces or Dependabot secret was updated for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, integration, key, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, visibility
repo.update_member
A user's permission to a repository was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, new_repo_base_role, new_repo_permission, oauth_application_id, old_base_role, old_permission, old_repo_base_role, old_repo_permission, operation_type, public_repo, user_programmatic_access_name, visibility

repository_image

repository_image.create
An image to represent a repository was uploaded.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, content_type, created_at, operation_type, public_repo
repository_image.destroy
An image to represent a repository was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, content_type, created_at, operation_type, public_repo

repository_invitation

repository_invitation.accept
An invitation to join a repository was accepted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, invitee, inviter, oauth_application_id, operation_type, public_repo
repository_invitation.cancel
An invitation to join a repository was canceled.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, invitee, inviter, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
repository_invitation.create
An invitation to join a repository was sent.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, invitee, inviter, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
repository_invitation.reject
An invitation to join a repository was declined.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, invitee, inviter, oauth_application_id, operation_type, public_repo

repository_ruleset

repository_ruleset.create
A repository ruleset was created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type, public_repo, ruleset_bypass_actors, ruleset_conditions, ruleset_enforcement, ruleset_id, ruleset_name, ruleset_rules, ruleset_source_type, user_programmatic_access_name
Verweis
/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository
repository_ruleset.destroy
A repository ruleset was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, name, oauth_application_id, operation_type, public_repo, ruleset_bypass_actors, ruleset_conditions, ruleset_enforcement, ruleset_id, ruleset_name, ruleset_rules, ruleset_source_type, user_programmatic_access_name
Verweis
/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset
repository_ruleset.update
A repository ruleset was edited.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, old_name, operation_type, public_repo, ruleset_bypass_actors_added, ruleset_bypass_actors_deleted, ruleset_bypass_actors_updated, ruleset_conditions_added, ruleset_conditions_deleted, ruleset_conditions_updated, ruleset_enforcement, ruleset_id, ruleset_name, ruleset_old_enforcement, ruleset_old_name, ruleset_rules_added, ruleset_rules_deleted, ruleset_rules_updated, ruleset_source_type, user_programmatic_access_name
Verweis
/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset

security_key

security_key.register
A security key was registered for an account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
security_key.remove
A security key was removed from an account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type

social_identity

social_identity.linked
A user linked a social identity to their account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
social_identity.unlinked
A user unlinked a social identity from their account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
social_identity.unlinked_all
A user unlinked all social identities from their account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

sponsors

sponsors.agreement_sign
A GitHub Sponsors agreement was signed on behalf of an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, sponsors_listing_id
sponsors.custom_amount_settings_change
Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, sponsors_listing_id
Verweis
/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers
sponsors.fiscal_host_change
The fiscal host for a GitHub Sponsors listing was updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, sponsors_listing_id
sponsors.repo_funding_links_file_action
The FUNDING file in a repository was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, operation_type, public_repo, topic, visibility
Verweis
/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository
sponsors.sponsor_sponsorship_cancel
A sponsorship was canceled.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, active, actor_is_bot, created_at, oauth_application_id, operation_type
Verweis
Downgrading a sponsorship
sponsors.sponsor_sponsorship_create
A sponsorship was created, by sponsoring an account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, active, actor_is_bot, created_at, operation_type
Verweis
/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes
sponsors.sponsor_sponsorship_payment_complete
After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, active, actor_is_bot, created_at, operation_type
Verweis
/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes
sponsors.sponsor_sponsorship_preference_change
The option to receive email updates from a sponsored account was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, active, actor_is_bot, created_at, oauth_application_id, operation_type
Verweis
/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship
sponsors.sponsor_sponsorship_tier_change
A sponsorship was upgraded or downgraded.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, active, actor_is_bot, created_at, operation_type
Verweis
Upgrading a sponsorship, Downgrading a sponsorship
sponsors.sponsored_developer_approve
A GitHub Sponsors account was approved.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, sponsors_listing_id
Verweis
/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.sponsored_developer_create
A GitHub Sponsors account was created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, sponsors_listing_id
Verweis
/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.sponsored_developer_disable
A GitHub Sponsors account was disabled.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, sponsors_listing_id
sponsors.sponsored_developer_profile_update
The profile for GitHub Sponsors account was edited.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, sponsors_listing_id
Verweis
/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors
sponsors.sponsored_developer_redraft
A GitHub Sponsors account was returned to draft state from approved state.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, sponsors_listing_id
sponsors.sponsored_developer_request_approval
An application for GitHub Sponsors was submitted for approval.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, sponsors_listing_id
Verweis
/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.sponsored_developer_tier_description_update
The description for a sponsorship tier was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, public_repo, sponsors_listing_id
Verweis
/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers
sponsors.sponsored_developer_update_newsletter_send
Triggered when you send an email update to your sponsors.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
Verweis
/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors
sponsors.sponsors_patreon_user_create
A Patreon account was linked to a user account for use with GitHub Sponsors.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, patreon_email, patreon_username
Verweis
/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account
sponsors.sponsors_patreon_user_destroy
A Patreon account for use with GitHub Sponsors was unlinked from a user account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, patreon_email, patreon_username
Verweis
Unlinking your Patreon account from GitHub
sponsors.update_tier_repository
A GitHub Sponsors tier changed access for a repository.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, public_repo, sponsors_listing_id
sponsors.update_tier_welcome_message
The welcome message for a GitHub Sponsors tier for an organization was updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, public_repo, sponsors_listing_id
sponsors.waitlist_join
You join the waitlist to join GitHub Sponsors.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, sponsors_listing_id
Verweis
/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account
sponsors.withdraw_agreement_signature
A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, sponsors_listing_id

sub_issues

sub_issues.parent_issue_add
A parent issue was added to an issue.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, title, user_programmatic_access_name
sub_issues.parent_issue_remove
A parent issue was removed from an issue.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, title, user_programmatic_access_name
sub_issues.sub_issue_add
A sub-issue was added to an issue.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, title, user_programmatic_access_name
sub_issues.sub_issue_remove
A sub-issue was removed from an issue.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, title, user_programmatic_access_name

successor_invitation

successor_invitation.accept
Triggered when you accept a succession invitation.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Verweis
Maintaining ownership continuity of your personal account's repositories
successor_invitation.cancel
Triggered when you cancel a succession invitation.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Verweis
Maintaining ownership continuity of your personal account's repositories
successor_invitation.create
Triggered when you create a succession invitation.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Verweis
Maintaining ownership continuity of your personal account's repositories
successor_invitation.decline
Triggered when you decline a succession invitation.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Verweis
Maintaining ownership continuity of your personal account's repositories
successor_invitation.revoke
Triggered when you revoke a succession invitation.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type
Verweis
Maintaining ownership continuity of your personal account's repositories

trusted_device

trusted_device.register
A new trusted device was added.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
trusted_device.remove
A trusted device was removed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

two_factor_authentication

two_factor_authentication.add_factor
A secondary authentication factor was added to a user account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
Verweis
/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication
two_factor_authentication.disabled
Two-factor authentication was disabled for a user account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
Verweis
Disabling two-factor authentication for your personal account
two_factor_authentication.enabled
Two-factor authentication was enabled for a user account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
Verweis
Configuring two-factor authentication
two_factor_authentication.password_reset_fallback_sms
A one-time password code was sent to a user account fallback phone number.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
two_factor_authentication.recovery_codes_regenerated
Two factor recovery codes were regenerated for a user account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
two_factor_authentication.remove_factor
A secondary authentication factor was removed from a user account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
Verweis
/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication
two_factor_authentication.sign_in_fallback_sms
A one-time password code was sent to a user account fallback phone number.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
two_factor_authentication.update_fallback
The two-factor authentication fallback for a user account was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user

user.add_email
An email address was added to a user account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, email, oauth_application_id, operation_type, user_programmatic_access_name
Verweis
Adding an email address to your GitHub account
user.async_delete
An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.audit_log_export
Audit log entries were exported.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, query_phrase
user.block_user
A user was blocked by another user.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, blocked_user, created_at, oauth_application_id, operation_type, user_programmatic_access_name
user.change_password
A user changed their password.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.codespaces_trusted_repo_access_granted
Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name
Verweis
Managing access to other repositories within your codespace
user.codespaces_trusted_repo_access_revoked
Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, topic
Verweis
Managing access to other repositories within your codespace
user.create
A new user account was created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, email, oauth_application_id, operation_type
user.create_integration_secret
A user secret for Codespaces was created.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, integration, key, oauth_application_id, operation_type, user_programmatic_access_name, visibility
user.creation_rate_limit_exceeded
The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type, user_programmatic_access_name
user.delete
A user account was destroyed by an asynchronous job.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
user.demote
A site administrator was demoted to an ordinary user account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type
user.destroy
A user deleted his or her account, triggering user.async_delete.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
user.failed_login
A user tried to sign in with an incorrect username, password, or two-factor authentication code.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.forgot_password
A user requested a password reset.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, email, operation_type
Verweis
/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials
user.hide_private_contributions_count
A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
Verweis
Manage visibility settings for private contributions
user.login
A user signed in.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, passkey_nickname
user.logout
A user signed out.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.new_device_used
A user signed in from a new device.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.promote
An ordinary user account was promoted to a site administrator.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type
user.recreate
A user's account was restored.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
user.remove_email
An email address was removed from a user account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, email, oauth_application_id, operation_type, user_programmatic_access_name
user.remove_integration_secret
A user secret for Codespaces was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, integration, key, oauth_application_id, operation_type, user_programmatic_access_name
user.rename
A username was changed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, old_login, operation_type
user.reset_password
A user reset their account password.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.show_private_contributions_count
A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now shown.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
Verweis
Manage visibility settings for private contributions
user.sign_in_from_unrecognized_device
A user signed in from an unrecognized device.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.sign_in_from_unrecognized_device_and_location
A user signed in from an unrecognized device and location.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.suspend
A user account was suspended.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type
user.two_factor_challenge_failure
A 2FA challenge issued for a user account failed.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.two_factor_challenge_success
A 2FA challenge issued for a user account succeeded.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.two_factor_recover
A user used their 2FA recovery codes.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.two_factor_recovery_codes_downloaded
A user downloaded 2FA recovery codes for their account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.two_factor_recovery_codes_printed
A user printed 2FA recovery codes for their account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.two_factor_recovery_codes_viewed
A user viewed 2FA recovery codes for their account.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
user.two_factor_requested
A user was prompted for a two-factor authentication code.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type
Verweis
/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication
user.unblock_user
A user was unblocked by another user.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, blocked_user, created_at, oauth_application_id, operation_type, user_programmatic_access_name
user.unsuspend
A user account was unsuspended.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, oauth_application_id, operation_type
user.update_integration_secret
A user secret for Codespaces was updated.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, integration, key, oauth_application_id, operation_type, user_programmatic_access_name, visibility

user_email

user_email.confirm_claim
An enterprise managed user claimed an email address.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type

user_status

user_status.destroy
Triggered when you clear the status on your profile.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, emoji, limited_availability, message, oauth_application_id, operation_type, user_programmatic_access_name
user_status.update
Triggered when you set or change the status on your profile.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, emoji, limited_availability, message, oauth_application_id, operation_type
Verweis
Personalize your profile

workflows

workflows.approve_workflow_job
A workflow job was approved.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, run_number, topic, user_programmatic_access_name, workflow_run_id
Verweis
Reviewing deployments
workflows.delete_workflow_run
A workflow run was deleted.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, event, head_branch, head_sha, name, oauth_application_id, operation_type, public_repo, run_number, started_at, topic, trigger_id, user_programmatic_access_name, workflow_id, workflow_run_id
Verweis
Deleting a workflow run
workflows.disable_workflow
A workflow was disabled.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, workflow_id
workflows.enable_workflow
A workflow was enabled, after previously being disabled by disable_workflow.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, user_programmatic_access_name, workflow_id
workflows.pin_workflow
A workflow was pinned.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, public_repo, workflow_id
workflows.reject_workflow_job
A workflow job was rejected.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_agent, actor_is_bot, created_at, oauth_application_id, operation_type, public_repo, run_number, user_programmatic_access_name, workflow_run_id
Verweis
Reviewing deployments
workflows.unpin_workflow
A workflow was unpinned after previously being pinned.
Felder
@timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, actor_is_bot, created_at, operation_type, public_repo, workflow_id