Points de terminaison d’API REST pour les journaux d’audit de l’entreprise

Get the audit log for an enterprise

Gets the audit log for an enterprise.

This endpoint has a rate limit of 1,750 queries per hour per user and IP address. If your integration receives a rate limit error (typically a 403 or 429 response), it should wait before making another request to the GitHub API. For more information, see "Rate limits for the REST API" and "Best practices for integrators."

The authenticated user must be an enterprise admin to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the read:audit_log scope to use this endpoint.

Jetons d’accès affinés pour « Get the audit log for an enterprise »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

"Enterprise administration" business permissions (read)

Paramètres pour « Get the audit log for an enterprise »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`enterprise` string Obligatoire The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Paramètres de requête
Nom, Type, Description
`phrase` string A search phrase. For more information, see Searching the audit log.
`include` string The event types to include: `web` - returns web (non-Git) events. `git` - returns Git events. `all` - returns both web and Git events. The default is `web`. Peut être: `web`, `git`, `all`
`after` string A cursor, as given in the Link header. If specified, the query only searches for events after this cursor.
`before` string A cursor, as given in the Link header. If specified, the query only searches for events before this cursor.
`order` string The order of audit log events. To list newest events first, specify `desc`. To list oldest events first, specify `asc`. The default is `desc`. Peut être: `desc`, `asc`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`

Codes d’état de la réponse HTTP pour « Get the audit log for an enterprise »

Code d’état	Description
`200`	OK

Exemples de code pour « Get the audit log for an enterprise »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

get/enterprises/{enterprise}/audit-log

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log

Response

Status: 200

[
  {
    "@timestamp": 1606929874512,
    "action": "team.add_member",
    "actor": "octocat",
    "created_at": 1606929874512,
    "_document_id": "xJJFlFOhQ6b-5vaAFy9Rjw",
    "org": "octo-corp",
    "team": "octo-corp/example-team",
    "user": "monalisa"
  },
  {
    "@timestamp": 1606507117008,
    "action": "org.create",
    "actor": "octocat",
    "created_at": 1606507117008,
    "_document_id": "Vqvg6kZ4MYqwWRKFDzlMoQ",
    "org": "octocat-test-org"
  },
  {
    "@timestamp": 1605719148837,
    "action": "repo.destroy",
    "actor": "monalisa",
    "created_at": 1605719148837,
    "_document_id": "LwW2vpJZCDS-WUmo9Z-ifw",
    "org": "mona-org",
    "repo": "mona-org/mona-test-repo",
    "visibility": "private"
  }
]

Get the audit log stream key for encrypting secrets

Retrieves the audit log streaming public key for encrypting secrets.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Jetons d’accès affinés pour « Get the audit log stream key for encrypting secrets »

Ce point de terminaison ne fonctionne pas avec les jetons d’accès utilisateur d’application GitHub, les jetons d’accès d’installation d’application GitHub ou les jetons d’accès personnels affinés.

Paramètres pour « Get the audit log stream key for encrypting secrets »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`enterprise` string Obligatoire The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Codes d’état de la réponse HTTP pour « Get the audit log stream key for encrypting secrets »

Code d’état	Description
`200`	The stream key for the audit log streaming configuration was retrieved successfully.

Exemples de code pour « Get the audit log stream key for encrypting secrets »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

get/enterprises/{enterprise}/audit-log/stream-key

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/stream-key

The stream key for the audit log streaming configuration was retrieved successfully.

Status: 200

{
  "key_id": "123",
  "key": "actual-public-key-value"
}

List audit log stream configurations for an enterprise

Lists the configured audit log streaming configurations for an enterprise. This only lists configured streams for supported providers.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Jetons d’accès affinés pour « List audit log stream configurations for an enterprise »

Paramètres pour « List audit log stream configurations for an enterprise »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`enterprise` string Obligatoire The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Codes d’état de la réponse HTTP pour « List audit log stream configurations for an enterprise »

Code d’état	Description
`200`	OK

Exemples de code pour « List audit log stream configurations for an enterprise »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

get/enterprises/{enterprise}/audit-log/streams

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams

OK

Status: 200

[
  {
    "id": 1,
    "stream_type": "Splunk",
    "stream_details": "US",
    "enabled": true,
    "created_at": "2024-06-06T08:00:00Z",
    "updated_at": "2024-06-06T08:00:00Z",
    "paused_at": null
  }
]

Create an audit log streaming configuration for an enterprise

Creates an audit log streaming configuration for any of the supported streaming endpoints: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, Google Cloud Storage, Datadog.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Jetons d’accès affinés pour « Create an audit log streaming configuration for an enterprise »

Paramètres pour « Create an audit log streaming configuration for an enterprise »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`enterprise` string Obligatoire The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Nom, Type, Description

enabled boolean Obligatoire

This setting pauses or resumes a stream.

stream_type string Obligatoire

The audit log streaming provider. The name is case sensitive.

Peut être: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object Obligatoire

Can be one of these objects:

Nom, Type, Description

AzureBlobConfig object Obligatoire

Azure Blob Config for audit log streaming configuration.

Properties of AzureBlobConfig

Nom, Type, Description
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_sas_url` string Obligatoire

AzureHubConfig object Obligatoire

Azure Event Hubs Config for audit log streaming configuration.

Properties of AzureHubConfig

Nom, Type, Description
`name` string Obligatoire Instance name of Azure Event Hubs
`encrypted_connstring` string Obligatoire Encrypted Connection String for Azure Event Hubs
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object Obligatoire

Amazon S3 OIDC Config for audit log streaming configuration.

Properties of AmazonS3OIDCConfig

Nom, Type, Description
`bucket` string Obligatoire Amazon S3 Bucket Name.
`region` string Obligatoire AWS S3 Bucket Region.
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Obligatoire Authentication Type for Amazon S3. Value: `oidc`
`arn_role` string Obligatoire

AmazonS3AccessKeysConfig object Obligatoire

Amazon S3 Access Keys Config for audit log streaming configuration.

Properties of AmazonS3AccessKeysConfig

Nom, Type, Description
`bucket` string Obligatoire Amazon S3 Bucket Name.
`region` string Obligatoire Amazon S3 Bucket Name.
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Obligatoire Authentication Type for Amazon S3. Value: `access_keys`
`encrypted_secret_key` string Obligatoire Encrypted AWS Secret Key.
`encrypted_access_key_id` string Obligatoire Encrypted AWS Access Key ID.

SplunkConfig object Obligatoire

Splunk Config for Audit Log Stream Configuration

Properties of SplunkConfig

Nom, Type, Description
`domain` string Obligatoire Domain of Splunk instance.
`port` integer Obligatoire The port number for connecting to Splunk.
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_token` string Obligatoire Encrypted Token.
`ssl_verify` boolean Obligatoire SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object Obligatoire

Google Cloud Config for audit log streaming configuration.

Properties of GoogleCloudConfig

Nom, Type, Description
`bucket` string Obligatoire Google Cloud Bucket Name
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_json_credentials` string Obligatoire

DatadogConfig object Obligatoire

Datadog Config for audit log streaming configuration.

Properties of DatadogConfig

Nom, Type, Description
`encrypted_token` string Obligatoire Encrypted Splunk token.
`site` string Obligatoire Datadog Site to use. Peut être: `US`, `US3`, `US5`, `EU1`, `US1-FED`, `AP1`
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

Codes d’état de la réponse HTTP pour « Create an audit log streaming configuration for an enterprise »

Code d’état	Description
`200`	The audit log stream configuration was created successfully.

Exemples de code pour « Create an audit log streaming configuration for an enterprise »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

post/enterprises/{enterprise}/audit-log/streams

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams \
  -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

The audit log stream configuration was created successfully.

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

List one audit log streaming configuration via a stream ID

Lists one audit log stream configuration via a stream ID.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Jetons d’accès affinés pour « List one audit log streaming configuration via a stream ID »

Paramètres pour « List one audit log streaming configuration via a stream ID »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`enterprise` string Obligatoire The slug version of the enterprise name. You can also substitute this value with the enterprise id.
`stream_id` integer Obligatoire The ID of the audit log stream configuration.

Codes d’état de la réponse HTTP pour « List one audit log streaming configuration via a stream ID »

Code d’état	Description
`200`	Lists one audit log stream configuration via stream ID.

Exemples de code pour « List one audit log streaming configuration via a stream ID »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

get/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

Lists one audit log stream configuration via stream ID.

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

Update an existing audit log stream configuration

Updates an existing audit log stream configuration for an enterprise.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Jetons d’accès affinés pour « Update an existing audit log stream configuration »

Paramètres pour « Update an existing audit log stream configuration »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`enterprise` string Obligatoire The slug version of the enterprise name. You can also substitute this value with the enterprise id.
`stream_id` integer Obligatoire The ID of the audit log stream configuration.

Nom, Type, Description

enabled boolean Obligatoire

This setting pauses or resumes a stream.

stream_type string Obligatoire

The audit log streaming provider. The name is case sensitive.

Peut être: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object Obligatoire

Can be one of these objects:

Nom, Type, Description

AzureBlobConfig object Obligatoire

Azure Blob Config for audit log streaming configuration.

Properties of AzureBlobConfig

Nom, Type, Description
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_sas_url` string Obligatoire

AzureHubConfig object Obligatoire

Azure Event Hubs Config for audit log streaming configuration.

Properties of AzureHubConfig

Nom, Type, Description
`name` string Obligatoire Instance name of Azure Event Hubs
`encrypted_connstring` string Obligatoire Encrypted Connection String for Azure Event Hubs
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object Obligatoire

Amazon S3 OIDC Config for audit log streaming configuration.

Properties of AmazonS3OIDCConfig

Nom, Type, Description
`bucket` string Obligatoire Amazon S3 Bucket Name.
`region` string Obligatoire AWS S3 Bucket Region.
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Obligatoire Authentication Type for Amazon S3. Value: `oidc`
`arn_role` string Obligatoire

AmazonS3AccessKeysConfig object Obligatoire

Amazon S3 Access Keys Config for audit log streaming configuration.

Properties of AmazonS3AccessKeysConfig

Nom, Type, Description
`bucket` string Obligatoire Amazon S3 Bucket Name.
`region` string Obligatoire Amazon S3 Bucket Name.
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Obligatoire Authentication Type for Amazon S3. Value: `access_keys`
`encrypted_secret_key` string Obligatoire Encrypted AWS Secret Key.
`encrypted_access_key_id` string Obligatoire Encrypted AWS Access Key ID.

SplunkConfig object Obligatoire

Splunk Config for Audit Log Stream Configuration

Properties of SplunkConfig

Nom, Type, Description
`domain` string Obligatoire Domain of Splunk instance.
`port` integer Obligatoire The port number for connecting to Splunk.
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_token` string Obligatoire Encrypted Token.
`ssl_verify` boolean Obligatoire SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object Obligatoire

Google Cloud Config for audit log streaming configuration.

Properties of GoogleCloudConfig

Nom, Type, Description
`bucket` string Obligatoire Google Cloud Bucket Name
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_json_credentials` string Obligatoire

DatadogConfig object Obligatoire

Datadog Config for audit log streaming configuration.

Properties of DatadogConfig

Nom, Type, Description
`encrypted_token` string Obligatoire Encrypted Splunk token.
`site` string Obligatoire Datadog Site to use. Peut être: `US`, `US3`, `US5`, `EU1`, `US1-FED`, `AP1`
`key_id` string Obligatoire Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

Codes d’état de la réponse HTTP pour « Update an existing audit log stream configuration »

Code d’état	Description
`200`	Successful update
`422`	Validation error

Exemples de code pour « Update an existing audit log stream configuration »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

put/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID \
  -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

Successful update

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`enterprise` string Obligatoire The slug version of the enterprise name. You can also substitute this value with the enterprise id.
`stream_id` integer Obligatoire The ID of the audit log stream configuration.

Codes d’état de la réponse HTTP pour « Delete an audit log streaming configuration for an enterprise »

Code d’état	Description
`204`	The audit log stream configuration was deleted successfully.

Exemples de code pour « Delete an audit log streaming configuration for an enterprise »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

delete/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

The audit log stream configuration was deleted successfully.

Status: 204