Puntos de conexión de API de REST para registros de auditoría de empresa

Get the audit log for an enterprise

Gets the audit log for an enterprise.

This endpoint has a rate limit of 1,750 queries per hour per user and IP address. If your integration receives a rate limit error (typically a 403 or 429 response), it should wait before making another request to the GitHub API. For more information, see "Rate limits for the REST API" and "Best practices for integrators."

The authenticated user must be an enterprise admin to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the read:audit_log scope to use this endpoint.

Tokens de acceso específicos para "Get the audit log for an enterprise"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Enterprise administration" business permissions (read)

Parámetros para "Get the audit log for an enterprise"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`enterprise` string Requerido The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Parámetros de consulta
Nombre, Tipo, Descripción
`phrase` string A search phrase. For more information, see Searching the audit log.
`include` string The event types to include: `web` - returns web (non-Git) events. `git` - returns Git events. `all` - returns both web and Git events. The default is `web`. Puede ser uno de los siguientes: `web`, `git`, `all`
`after` string A cursor, as given in the Link header. If specified, the query only searches for events after this cursor.
`before` string A cursor, as given in the Link header. If specified, the query only searches for events before this cursor.
`order` string The order of audit log events. To list newest events first, specify `desc`. To list oldest events first, specify `asc`. The default is `desc`. Puede ser uno de los siguientes: `desc`, `asc`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Valor predeterminado: `1`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Valor predeterminado: `30`

Códigos de estado de respuesta HTTP para "Get the audit log for an enterprise"

status code	Descripción
`200`	OK

Ejemplos de código para "Get the audit log for an enterprise"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

get/enterprises/{enterprise}/audit-log

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log

Response

Status: 200

[
  {
    "@timestamp": 1606929874512,
    "action": "team.add_member",
    "actor": "octocat",
    "created_at": 1606929874512,
    "_document_id": "xJJFlFOhQ6b-5vaAFy9Rjw",
    "org": "octo-corp",
    "team": "octo-corp/example-team",
    "user": "monalisa"
  },
  {
    "@timestamp": 1606507117008,
    "action": "org.create",
    "actor": "octocat",
    "created_at": 1606507117008,
    "_document_id": "Vqvg6kZ4MYqwWRKFDzlMoQ",
    "org": "octocat-test-org"
  },
  {
    "@timestamp": 1605719148837,
    "action": "repo.destroy",
    "actor": "monalisa",
    "created_at": 1605719148837,
    "_document_id": "LwW2vpJZCDS-WUmo9Z-ifw",
    "org": "mona-org",
    "repo": "mona-org/mona-test-repo",
    "visibility": "private"
  }
]

Get the audit log stream key for encrypting secrets

Retrieves the audit log streaming public key for encrypting secrets.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Tokens de acceso específicos para "Get the audit log stream key for encrypting secrets"

Este punto de conexión no funciona con tokens de acceso de usuario de aplicación de GitHub, tokens de acceso de instalación de aplicaciones de GitHub ni tokens de acceso personales específicos.

Parámetros para "Get the audit log stream key for encrypting secrets"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`enterprise` string Requerido The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Códigos de estado de respuesta HTTP para "Get the audit log stream key for encrypting secrets"

status code	Descripción
`200`	The stream key for the audit log streaming configuration was retrieved successfully.

Ejemplos de código para "Get the audit log stream key for encrypting secrets"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

get/enterprises/{enterprise}/audit-log/stream-key

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/stream-key

The stream key for the audit log streaming configuration was retrieved successfully.

Status: 200

{
  "key_id": "123",
  "key": "actual-public-key-value"
}

List audit log stream configurations for an enterprise

Lists the configured audit log streaming configurations for an enterprise. This only lists configured streams for supported providers.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Tokens de acceso específicos para "List audit log stream configurations for an enterprise"

Este punto de conexión no funciona con tokens de acceso de usuario de aplicación de GitHub, tokens de acceso de instalación de aplicaciones de GitHub ni tokens de acceso personales específicos.

Parámetros para "List audit log stream configurations for an enterprise"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`enterprise` string Requerido The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Códigos de estado de respuesta HTTP para "List audit log stream configurations for an enterprise"

status code	Descripción
`200`	OK

Ejemplos de código para "List audit log stream configurations for an enterprise"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

get/enterprises/{enterprise}/audit-log/streams

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams

OK

Status: 200

[
  {
    "id": 1,
    "stream_type": "Splunk",
    "stream_details": "US",
    "enabled": true,
    "created_at": "2024-06-06T08:00:00Z",
    "updated_at": "2024-06-06T08:00:00Z",
    "paused_at": null
  }
]

Create an audit log streaming configuration for an enterprise

Creates an audit log streaming configuration for any of the supported streaming endpoints: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, Google Cloud Storage, Datadog.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Tokens de acceso específicos para "Create an audit log streaming configuration for an enterprise"

Este punto de conexión no funciona con tokens de acceso de usuario de aplicación de GitHub, tokens de acceso de instalación de aplicaciones de GitHub ni tokens de acceso personales específicos.

Parámetros para "Create an audit log streaming configuration for an enterprise"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`enterprise` string Requerido The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Nombre, Tipo, Descripción

enabled boolean Requerido

This setting pauses or resumes a stream.

stream_type string Requerido

The audit log streaming provider. The name is case sensitive.

Puede ser uno de los siguientes: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object Requerido

Can be one of these objects:

Nombre, Tipo, Descripción

AzureBlobConfig object Requerido

Azure Blob Config for audit log streaming configuration.

Properties of AzureBlobConfig

Nombre, Tipo, Descripción
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_sas_url` string Requerido

AzureHubConfig object Requerido

Azure Event Hubs Config for audit log streaming configuration.

Properties of AzureHubConfig

Nombre, Tipo, Descripción
`name` string Requerido Instance name of Azure Event Hubs
`encrypted_connstring` string Requerido Encrypted Connection String for Azure Event Hubs
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object Requerido

Amazon S3 OIDC Config for audit log streaming configuration.

Properties of AmazonS3OIDCConfig

Nombre, Tipo, Descripción
`bucket` string Requerido Amazon S3 Bucket Name.
`region` string Requerido AWS S3 Bucket Region.
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Requerido Authentication Type for Amazon S3. Valor: `oidc`
`arn_role` string Requerido

AmazonS3AccessKeysConfig object Requerido

Amazon S3 Access Keys Config for audit log streaming configuration.

Properties of AmazonS3AccessKeysConfig

Nombre, Tipo, Descripción
`bucket` string Requerido Amazon S3 Bucket Name.
`region` string Requerido Amazon S3 Bucket Name.
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Requerido Authentication Type for Amazon S3. Valor: `access_keys`
`encrypted_secret_key` string Requerido Encrypted AWS Secret Key.
`encrypted_access_key_id` string Requerido Encrypted AWS Access Key ID.

SplunkConfig object Requerido

Splunk Config for Audit Log Stream Configuration

Properties of SplunkConfig

Nombre, Tipo, Descripción
`domain` string Requerido Domain of Splunk instance.
`port` integer Requerido The port number for connecting to Splunk.
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_token` string Requerido Encrypted Token.
`ssl_verify` boolean Requerido SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object Requerido

Google Cloud Config for audit log streaming configuration.

Properties of GoogleCloudConfig

Nombre, Tipo, Descripción
`bucket` string Requerido Google Cloud Bucket Name
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_json_credentials` string Requerido

DatadogConfig object Requerido

Datadog Config for audit log streaming configuration.

Properties of DatadogConfig

Nombre, Tipo, Descripción
`encrypted_token` string Requerido Encrypted Splunk token.
`site` string Requerido Datadog Site to use. Puede ser uno de los siguientes: `US`, `US3`, `US5`, `EU1`, `US1-FED`, `AP1`
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

Códigos de estado de respuesta HTTP para "Create an audit log streaming configuration for an enterprise"

status code	Descripción
`200`	The audit log stream configuration was created successfully.

Ejemplos de código para "Create an audit log streaming configuration for an enterprise"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

post/enterprises/{enterprise}/audit-log/streams

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams \
  -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

The audit log stream configuration was created successfully.

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

List one audit log streaming configuration via a stream ID

Lists one audit log stream configuration via a stream ID.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Tokens de acceso específicos para "List one audit log streaming configuration via a stream ID"

Este punto de conexión no funciona con tokens de acceso de usuario de aplicación de GitHub, tokens de acceso de instalación de aplicaciones de GitHub ni tokens de acceso personales específicos.

Parámetros para "List one audit log streaming configuration via a stream ID"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`enterprise` string Requerido The slug version of the enterprise name. You can also substitute this value with the enterprise id.
`stream_id` integer Requerido The ID of the audit log stream configuration.

Códigos de estado de respuesta HTTP para "List one audit log streaming configuration via a stream ID"

status code	Descripción
`200`	Lists one audit log stream configuration via stream ID.

Ejemplos de código para "List one audit log streaming configuration via a stream ID"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

get/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

Lists one audit log stream configuration via stream ID.

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

Update an existing audit log stream configuration

Updates an existing audit log stream configuration for an enterprise.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Tokens de acceso específicos para "Update an existing audit log stream configuration"

Este punto de conexión no funciona con tokens de acceso de usuario de aplicación de GitHub, tokens de acceso de instalación de aplicaciones de GitHub ni tokens de acceso personales específicos.

Parámetros para "Update an existing audit log stream configuration"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`enterprise` string Requerido The slug version of the enterprise name. You can also substitute this value with the enterprise id.
`stream_id` integer Requerido The ID of the audit log stream configuration.

Nombre, Tipo, Descripción

enabled boolean Requerido

This setting pauses or resumes a stream.

stream_type string Requerido

The audit log streaming provider. The name is case sensitive.

Puede ser uno de los siguientes: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object Requerido

Can be one of these objects:

Nombre, Tipo, Descripción

AzureBlobConfig object Requerido

Azure Blob Config for audit log streaming configuration.

Properties of AzureBlobConfig

Nombre, Tipo, Descripción
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_sas_url` string Requerido

AzureHubConfig object Requerido

Azure Event Hubs Config for audit log streaming configuration.

Properties of AzureHubConfig

Nombre, Tipo, Descripción
`name` string Requerido Instance name of Azure Event Hubs
`encrypted_connstring` string Requerido Encrypted Connection String for Azure Event Hubs
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object Requerido

Amazon S3 OIDC Config for audit log streaming configuration.

Properties of AmazonS3OIDCConfig

Nombre, Tipo, Descripción
`bucket` string Requerido Amazon S3 Bucket Name.
`region` string Requerido AWS S3 Bucket Region.
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Requerido Authentication Type for Amazon S3. Valor: `oidc`
`arn_role` string Requerido

AmazonS3AccessKeysConfig object Requerido

Amazon S3 Access Keys Config for audit log streaming configuration.

Properties of AmazonS3AccessKeysConfig

Nombre, Tipo, Descripción
`bucket` string Requerido Amazon S3 Bucket Name.
`region` string Requerido Amazon S3 Bucket Name.
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Requerido Authentication Type for Amazon S3. Valor: `access_keys`
`encrypted_secret_key` string Requerido Encrypted AWS Secret Key.
`encrypted_access_key_id` string Requerido Encrypted AWS Access Key ID.

SplunkConfig object Requerido

Splunk Config for Audit Log Stream Configuration

Properties of SplunkConfig

Nombre, Tipo, Descripción
`domain` string Requerido Domain of Splunk instance.
`port` integer Requerido The port number for connecting to Splunk.
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_token` string Requerido Encrypted Token.
`ssl_verify` boolean Requerido SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object Requerido

Google Cloud Config for audit log streaming configuration.

Properties of GoogleCloudConfig

Nombre, Tipo, Descripción
`bucket` string Requerido Google Cloud Bucket Name
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_json_credentials` string Requerido

DatadogConfig object Requerido

Datadog Config for audit log streaming configuration.

Properties of DatadogConfig

Nombre, Tipo, Descripción
`encrypted_token` string Requerido Encrypted Splunk token.
`site` string Requerido Datadog Site to use. Puede ser uno de los siguientes: `US`, `US3`, `US5`, `EU1`, `US1-FED`, `AP1`
`key_id` string Requerido Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

Códigos de estado de respuesta HTTP para "Update an existing audit log stream configuration"

status code	Descripción
`200`	Successful update
`422`	Validation error

Ejemplos de código para "Update an existing audit log stream configuration"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

put/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID \
  -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

Successful update

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`enterprise` string Requerido The slug version of the enterprise name. You can also substitute this value with the enterprise id.
`stream_id` integer Requerido The ID of the audit log stream configuration.

Códigos de estado de respuesta HTTP para "Delete an audit log streaming configuration for an enterprise"

status code	Descripción
`204`	The audit log stream configuration was deleted successfully.

Ejemplos de código para "Delete an audit log streaming configuration for an enterprise"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

delete/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

The audit log stream configuration was deleted successfully.

Status: 204