エンタープライズ監査ログの REST API エンドポイント
REST API を使って、エンタープライズの監査ログを取得します。
メモ
これらのエンドポイントでは、personal access token (classic) を使う認証のみがサポートされます。 詳しくは、「個人用アクセス トークンを管理する」をご覧ください。
Get the audit log for an enterprise
Gets the audit log for an enterprise.
The authenticated user must be an enterprise admin to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
fine_grained_access
works_with_fine_grained_tokens:
permission_set:
- "Enterprise administration" enterprise permissions (read)
"Get the audit log for an enterprise" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
enterprise string 必須The slug version of the enterprise name. |
| 名前, タイプ, 説明 |
|---|
phrase string A search phrase. For more information, see Searching the audit log. |
include string The event types to include:
The default is 次のいずれかにできます: |
after string A cursor, as given in the Link header. If specified, the query only searches for events after this cursor. |
before string A cursor, as given in the Link header. If specified, the query only searches for events before this cursor. |
order string The order of audit log events. To list newest events first, specify The default is 次のいずれかにできます: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." デフォルト: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." デフォルト: |
http_status_code
| status_code | 説明 |
|---|---|
200 | OK |
code_samples
request_example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-logResponse
Status: 200[
{
"actor_ip": "88.123.45.123",
"from": "pull_requests#merge",
"device_cookie": null,
"actor": "mona-admin",
"actor_id": 7,
"repo": "octo-org/octo-repo",
"repo_id": 17,
"business": "github",
"business_id": 1,
"org": "octo-org",
"org_id": 8,
"action": "pull_request.merge",
"@timestamp": 1635940599755,
"created_at": 1635940599755,
"operation_type": "modify",
"actor_location": {
"country_code": "GB",
"country_name": "United Kingdom",
"region": "ENG",
"region_name": "England",
"city": "Louth",
"postal_code": "LN11",
"location": {
"lat": 53.4457,
"lon": 0.141
}
},
"data": {
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...",
"method": "POST",
"request_id": "e4dabc4d-ba16-4bca-1234-649be7ae1188",
"server_id": "5d17aab5-fd9f-abcd-a820-16bed246441b",
"request_category": "other",
"controller_action": "merge",
"url": "https://example.com/octo-org/octo-repo/pull/1/merge",
"client_id": 322299977.1635936,
"referrer": "https://example.com/octo-org/octo-repo/pull/1",
"actor_session": 1,
"pull_request_id": 1,
"category_type": "Resource Management"
}
},
{
"actor_ip": "88.123.45.123",
"from": "pull_request_review_events#create",
"device_cookie": null,
"actor": "mona-admin",
"actor_id": 7,
"business_id": 1,
"org_id": 8,
"action": "pull_request_review.submit",
"@timestamp": 1635940593079,
"created_at": 1635940593079,
"operation_type": "modify",
"actor_location": {
"country_code": "GB",
"country_name": "United Kingdom",
"region": "ENG",
"region_name": "England",
"city": "Louth",
"postal_code": "LN11",
"location": {
"lat": 53.4457,
"lon": 0.141
}
},
"data": {
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...",
"method": "PUT",
"request_id": "c0f63bb7-17b6-4796-940c-12345c5a581b",
"server_id": "2abc1234-f651-43e3-9696-e942ad5f8c89",
"request_category": "other",
"controller_action": "create",
"url": "https://example.com/octo-org/octo-repo/pull/1/reviews",
"client_id": 322299977.1635936,
"referrer": "https://example.com/octo-org/octo-repo/pull/1/files",
"actor_session": 1,
"spammy": false,
"pull_request_id": 1,
"body": null,
"allowed": true,
"id": 1,
"state": 40,
"issue_id": 1,
"review_id": 1,
"category_type": "Resource Management"
}
},
{
"actor_ip": "88.123.45.123",
"from": "pull_requests#create",
"device_cookie": null,
"actor": "mona",
"actor_id": 9,
"user_id": 9,
"repo": "octo-org/octo-repo",
"repo_id": 17,
"business": "github",
"business_id": 1,
"org": "octo-org",
"org_id": 8,
"action": "pull_request.create",
"@timestamp": 1635940554161,
"created_at": 1635940554161,
"operation_type": "create",
"actor_location": {
"country_code": "GB",
"country_name": "United Kingdom",
"region": "ENG",
"region_name": "England",
"city": "Louth",
"postal_code": "LN11",
"location": {
"lat": 53.4457,
"lon": 0.141
}
},
"data": {
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...",
"method": "POST",
"request_id": "2773abeb-477f-4ebf-a017-f8e8a206c305",
"server_id": "796e3115-4ce8-4606-8fd0-99ea57a2e12b",
"request_category": "other",
"controller_action": "create",
"url": "https://example.com/octo-org/octo-repo/pull/create?base=octo-org%3Amain&head=mona%3Apatch-1",
"client_id": 386351111.163594,
"referrer": "https://example.com/octo-org/octo-repo/compare/main...mona:patch-1",
"actor_session": 2,
"pull_request_id": 1,
"category_type": "Resource Management"
}
}
]Get the audit log stream key for encrypting secrets
Retrieves the audit log streaming public key for encrypting secrets.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
fine_grained_access
no_fine_grained_access
"Get the audit log stream key for encrypting secrets" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
enterprise string 必須The slug version of the enterprise name. |
http_status_code
| status_code | 説明 |
|---|---|
200 | The stream key for the audit log streaming configuration was retrieved successfully. |
code_samples
request_example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log/stream-keyThe stream key for the audit log streaming configuration was retrieved successfully.
Status: 200{
"key_id": "123",
"key": "actual-public-key-value"
}List audit log stream configurations for an enterprise
Lists the configured audit log streaming configurations for an enterprise. This only lists configured streams for supported providers.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
fine_grained_access
no_fine_grained_access
"List audit log stream configurations for an enterprise" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
enterprise string 必須The slug version of the enterprise name. |
http_status_code
| status_code | 説明 |
|---|---|
200 | OK |
code_samples
request_example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log/streamsOK
Status: 200[
{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}
]Create an audit log streaming configuration for an enterprise
Creates an audit log streaming configuration for any of the supported streaming endpoints: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, Google Cloud Storage, Datadog.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
fine_grained_access
no_fine_grained_access
"Create an audit log streaming configuration for an enterprise" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
enterprise string 必須The slug version of the enterprise name. |
| 名前, タイプ, 説明 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
enabled boolean 必須This setting pauses or resumes a stream. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
stream_type string 必須The audit log streaming provider. The name is case sensitive. 次のいずれかにできます: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vendor_specific object 必須 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Can be one of these objects:
AzureHubConfig object Azure Event Hubs Config for audit log streaming configuration. Properties of |
| 名前, タイプ, 説明 |
|---|
name string 必須Instance name of Azure Event Hubs |
encrypted_connstring string 必須Encrypted Connection String for Azure Event Hubs |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
AmazonS3OIDCConfig object Amazon S3 OIDC Config for audit log streaming configuration.
Properties of AmazonS3OIDCConfig
| 名前, タイプ, 説明 |
|---|
bucket string 必須Amazon S3 Bucket Name. |
region string 必須AWS S3 Bucket Region. |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string 必須Authentication Type for Amazon S3. 価値: |
arn_role string 必須 |
AmazonS3AccessKeysConfig object Amazon S3 Access Keys Config for audit log streaming configuration.
Properties of AmazonS3AccessKeysConfig
| 名前, タイプ, 説明 |
|---|
bucket string 必須Amazon S3 Bucket Name. |
region string 必須Amazon S3 Bucket Name. |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string 必須Authentication Type for Amazon S3. 価値: |
encrypted_secret_key string 必須Encrypted AWS Secret Key. |
encrypted_access_key_id string 必須Encrypted AWS Access Key ID. |
SplunkConfig object Splunk Config for Audit Log Stream Configuration
Properties of SplunkConfig
| 名前, タイプ, 説明 |
|---|
domain string 必須Domain of Splunk instance. |
port integer 必須The port number for connecting to Splunk. |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_token string 必須Encrypted Token. |
ssl_verify boolean 必須SSL verification helps ensure your events are sent to your Splunk endpoint securely. |
HecConfig object Hec Config for Audit Log Stream Configuration
Properties of HecConfig
| 名前, タイプ, 説明 |
|---|
domain string 必須Domain of Hec instance. |
port integer 必須The port number for connecting to HEC. |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_token string 必須Encrypted Token. |
path string 必須Path to send events to. |
ssl_verify boolean 必須SSL verification helps ensure your events are sent to your HEC endpoint securely. |
GoogleCloudConfig object Google Cloud Config for audit log streaming configuration.
Properties of GoogleCloudConfig
| 名前, タイプ, 説明 |
|---|
bucket string 必須Google Cloud Bucket Name |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_json_credentials string 必須 |
DatadogConfig object Datadog Config for audit log streaming configuration.
Properties of DatadogConfig
| 名前, タイプ, 説明 |
|---|
encrypted_token string 必須Encrypted Splunk token. |
site string 必須Datadog Site to use. 次のいずれかにできます: |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
http_status_code
| status_code | 説明 |
|---|---|
200 | The audit log stream configuration was created successfully. |
code_samples
request_example
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log/streams \
-d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'The audit log stream configuration was created successfully.
Status: 200{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}List one audit log streaming configuration via a stream ID
Lists one audit log stream configuration via a stream ID.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
fine_grained_access
no_fine_grained_access
"List one audit log streaming configuration via a stream ID" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
enterprise string 必須The slug version of the enterprise name. |
stream_id integer 必須The ID of the audit log stream configuration. |
http_status_code
| status_code | 説明 |
|---|---|
200 | Lists one audit log stream configuration via stream ID. |
code_samples
request_example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log/streams/STREAM_IDLists one audit log stream configuration via stream ID.
Status: 200{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}Update an existing audit log stream configuration
Updates an existing audit log stream configuration for an enterprise.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
fine_grained_access
no_fine_grained_access
"Update an existing audit log stream configuration" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
enterprise string 必須The slug version of the enterprise name. |
stream_id integer 必須The ID of the audit log stream configuration. |
| 名前, タイプ, 説明 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
enabled boolean 必須This setting pauses or resumes a stream. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
stream_type string 必須The audit log streaming provider. The name is case sensitive. 次のいずれかにできます: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vendor_specific object 必須 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Can be one of these objects:
AzureHubConfig object Azure Event Hubs Config for audit log streaming configuration. Properties of |
| 名前, タイプ, 説明 |
|---|
name string 必須Instance name of Azure Event Hubs |
encrypted_connstring string 必須Encrypted Connection String for Azure Event Hubs |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
AmazonS3OIDCConfig object Amazon S3 OIDC Config for audit log streaming configuration.
Properties of AmazonS3OIDCConfig
| 名前, タイプ, 説明 |
|---|
bucket string 必須Amazon S3 Bucket Name. |
region string 必須AWS S3 Bucket Region. |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string 必須Authentication Type for Amazon S3. 価値: |
arn_role string 必須 |
AmazonS3AccessKeysConfig object Amazon S3 Access Keys Config for audit log streaming configuration.
Properties of AmazonS3AccessKeysConfig
| 名前, タイプ, 説明 |
|---|
bucket string 必須Amazon S3 Bucket Name. |
region string 必須Amazon S3 Bucket Name. |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string 必須Authentication Type for Amazon S3. 価値: |
encrypted_secret_key string 必須Encrypted AWS Secret Key. |
encrypted_access_key_id string 必須Encrypted AWS Access Key ID. |
SplunkConfig object Splunk Config for Audit Log Stream Configuration
Properties of SplunkConfig
| 名前, タイプ, 説明 |
|---|
domain string 必須Domain of Splunk instance. |
port integer 必須The port number for connecting to Splunk. |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_token string 必須Encrypted Token. |
ssl_verify boolean 必須SSL verification helps ensure your events are sent to your Splunk endpoint securely. |
HecConfig object Hec Config for Audit Log Stream Configuration
Properties of HecConfig
| 名前, タイプ, 説明 |
|---|
domain string 必須Domain of Hec instance. |
port integer 必須The port number for connecting to HEC. |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_token string 必須Encrypted Token. |
path string 必須Path to send events to. |
ssl_verify boolean 必須SSL verification helps ensure your events are sent to your HEC endpoint securely. |
GoogleCloudConfig object Google Cloud Config for audit log streaming configuration.
Properties of GoogleCloudConfig
| 名前, タイプ, 説明 |
|---|
bucket string 必須Google Cloud Bucket Name |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_json_credentials string 必須 |
DatadogConfig object Datadog Config for audit log streaming configuration.
Properties of DatadogConfig
| 名前, タイプ, 説明 |
|---|
encrypted_token string 必須Encrypted Splunk token. |
site string 必須Datadog Site to use. 次のいずれかにできます: |
key_id string 必須Key ID obtained from the audit log stream key endpoint used to encrypt secrets. |
http_status_code
| status_code | 説明 |
|---|---|
200 | Successful update |
422 | Validation error |
code_samples
request_example
curl -L \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID \
-d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'Successful update
Status: 200{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}Delete an audit log streaming configuration for an enterprise
Deletes an existing audit log stream configuration for an enterprise.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
fine_grained_access
no_fine_grained_access
"Delete an audit log streaming configuration for an enterprise" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
enterprise string 必須The slug version of the enterprise name. |
stream_id integer 必須The ID of the audit log stream configuration. |
http_status_code
| status_code | 説明 |
|---|---|
204 | The audit log stream configuration was deleted successfully. |
code_samples
request_example
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log/streams/STREAM_IDThe audit log stream configuration was deleted successfully.
Status: 204