エンタープライズ監査ログの REST API エンドポイント

Get the audit log for an enterprise

Gets the audit log for an enterprise.

This endpoint has a rate limit of 1,750 queries per hour per user and IP address. If your integration receives a rate limit error (typically a 403 or 429 response), it should wait before making another request to the GitHub API. For more information, see "Rate limits for the REST API" and "Best practices for integrators."

The authenticated user must be an enterprise admin to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the read:audit_log scope to use this endpoint.

"Get the audit log for an enterprise" のきめ細かいアクセストークン

このエンドポイントは、次の粒度の細かいトークンの種類で動作します:

粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:

"Enterprise administration" business permissions (read)

"Get the audit log for an enterprise" のパラメーター

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`enterprise` string 必須 The slug version of the enterprise name. You can also substitute this value with the enterprise id.

クエリパラメーター
名前, Type, 説明
`phrase` string A search phrase. For more information, see Searching the audit log.
`include` string The event types to include: `web` - returns web (non-Git) events. `git` - returns Git events. `all` - returns both web and Git events. The default is `web`. 次のいずれかにできます: `web`, `git`, `all`
`after` string A cursor, as given in the Link header. If specified, the query only searches for events after this cursor.
`before` string A cursor, as given in the Link header. If specified, the query only searches for events before this cursor.
`order` string The order of audit log events. To list newest events first, specify `desc`. To list oldest events first, specify `asc`. The default is `desc`. 次のいずれかにできます: `desc`, `asc`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`

"Get the audit log for an enterprise" の HTTP 応答状態コード

状態コード	説明
`200`	OK

"Get the audit log for an enterprise" のコードサンプル

GHE.com で GitHub にアクセスする場合は、api.github.com を api.SUBDOMAIN.ghe.com にあるエンタープライズの専用サブドメインに置き換えます。

要求の例

get/enterprises/{enterprise}/audit-log

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log

Response

Status: 200

[
  {
    "@timestamp": 1606929874512,
    "action": "team.add_member",
    "actor": "octocat",
    "created_at": 1606929874512,
    "_document_id": "xJJFlFOhQ6b-5vaAFy9Rjw",
    "org": "octo-corp",
    "team": "octo-corp/example-team",
    "user": "monalisa"
  },
  {
    "@timestamp": 1606507117008,
    "action": "org.create",
    "actor": "octocat",
    "created_at": 1606507117008,
    "_document_id": "Vqvg6kZ4MYqwWRKFDzlMoQ",
    "org": "octocat-test-org"
  },
  {
    "@timestamp": 1605719148837,
    "action": "repo.destroy",
    "actor": "monalisa",
    "created_at": 1605719148837,
    "_document_id": "LwW2vpJZCDS-WUmo9Z-ifw",
    "org": "mona-org",
    "repo": "mona-org/mona-test-repo",
    "visibility": "private"
  }
]

Get the audit log stream key for encrypting secrets

Retrieves the audit log streaming public key for encrypting secrets.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

"Get the audit log stream key for encrypting secrets" のきめ細かいアクセストークン

このエンドポイントは、GitHub アプリのユーザーアクセストークン、GitHub アプリのインストールアクセストークン、またはきめ細かい個人用アクセストークンでは機能しません。

"Get the audit log stream key for encrypting secrets" のパラメーター

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`enterprise` string 必須 The slug version of the enterprise name. You can also substitute this value with the enterprise id.

"Get the audit log stream key for encrypting secrets" の HTTP 応答状態コード

状態コード	説明
`200`	The stream key for the audit log streaming configuration was retrieved successfully.

"Get the audit log stream key for encrypting secrets" のコードサンプル

GHE.com で GitHub にアクセスする場合は、api.github.com を api.SUBDOMAIN.ghe.com にあるエンタープライズの専用サブドメインに置き換えます。

要求の例

get/enterprises/{enterprise}/audit-log/stream-key

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/stream-key

The stream key for the audit log streaming configuration was retrieved successfully.

Status: 200

{
  "key_id": "123",
  "key": "actual-public-key-value"
}

List audit log stream configurations for an enterprise

Lists the configured audit log streaming configurations for an enterprise. This only lists configured streams for supported providers.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

"List audit log stream configurations for an enterprise" のきめ細かいアクセストークン

"List audit log stream configurations for an enterprise" のパラメーター

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`enterprise` string 必須 The slug version of the enterprise name. You can also substitute this value with the enterprise id.

"List audit log stream configurations for an enterprise" の HTTP 応答状態コード

状態コード	説明
`200`	OK

"List audit log stream configurations for an enterprise" のコードサンプル

GHE.com で GitHub にアクセスする場合は、api.github.com を api.SUBDOMAIN.ghe.com にあるエンタープライズの専用サブドメインに置き換えます。

要求の例

get/enterprises/{enterprise}/audit-log/streams

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams

OK

Status: 200

[
  {
    "id": 1,
    "stream_type": "Splunk",
    "stream_details": "US",
    "enabled": true,
    "created_at": "2024-06-06T08:00:00Z",
    "updated_at": "2024-06-06T08:00:00Z",
    "paused_at": null
  }
]

Create an audit log streaming configuration for an enterprise

Creates an audit log streaming configuration for any of the supported streaming endpoints: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, Google Cloud Storage, Datadog.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

"Create an audit log streaming configuration for an enterprise" のきめ細かいアクセストークン

"Create an audit log streaming configuration for an enterprise" のパラメーター

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`enterprise` string 必須 The slug version of the enterprise name. You can also substitute this value with the enterprise id.

名前, Type, 説明

enabled boolean 必須

This setting pauses or resumes a stream.

stream_type string 必須

The audit log streaming provider. The name is case sensitive.

次のいずれかにできます: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object 必須

Can be one of these objects:

名前, Type, 説明

AzureBlobConfig object 必須

Azure Blob Config for audit log streaming configuration.

Properties of AzureBlobConfig

名前, Type, 説明
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_sas_url` string 必須

AzureHubConfig object 必須

Azure Event Hubs Config for audit log streaming configuration.

Properties of AzureHubConfig

名前, Type, 説明
`name` string 必須 Instance name of Azure Event Hubs
`encrypted_connstring` string 必須 Encrypted Connection String for Azure Event Hubs
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object 必須

Amazon S3 OIDC Config for audit log streaming configuration.

Properties of AmazonS3OIDCConfig

名前, Type, 説明
`bucket` string 必須 Amazon S3 Bucket Name.
`region` string 必須 AWS S3 Bucket Region.
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string 必須 Authentication Type for Amazon S3. Value: `oidc`
`arn_role` string 必須

AmazonS3AccessKeysConfig object 必須

Amazon S3 Access Keys Config for audit log streaming configuration.

Properties of AmazonS3AccessKeysConfig

名前, Type, 説明
`bucket` string 必須 Amazon S3 Bucket Name.
`region` string 必須 Amazon S3 Bucket Name.
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string 必須 Authentication Type for Amazon S3. Value: `access_keys`
`encrypted_secret_key` string 必須 Encrypted AWS Secret Key.
`encrypted_access_key_id` string 必須 Encrypted AWS Access Key ID.

SplunkConfig object 必須

Splunk Config for Audit Log Stream Configuration

Properties of SplunkConfig

名前, Type, 説明
`domain` string 必須 Domain of Splunk instance.
`port` integer 必須 The port number for connecting to Splunk.
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_token` string 必須 Encrypted Token.
`ssl_verify` boolean 必須 SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object 必須

Google Cloud Config for audit log streaming configuration.

Properties of GoogleCloudConfig

名前, Type, 説明
`bucket` string 必須 Google Cloud Bucket Name
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_json_credentials` string 必須

DatadogConfig object 必須

Datadog Config for audit log streaming configuration.

Properties of DatadogConfig

名前, Type, 説明
`encrypted_token` string 必須 Encrypted Splunk token.
`site` string 必須 Datadog Site to use. 次のいずれかにできます: `US`, `US3`, `US5`, `EU1`, `US1-FED`, `AP1`
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

"Create an audit log streaming configuration for an enterprise" の HTTP 応答状態コード

状態コード	説明
`200`	The audit log stream configuration was created successfully.

"Create an audit log streaming configuration for an enterprise" のコードサンプル

GHE.com で GitHub にアクセスする場合は、api.github.com を api.SUBDOMAIN.ghe.com にあるエンタープライズの専用サブドメインに置き換えます。

要求の例

post/enterprises/{enterprise}/audit-log/streams

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams \
  -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

The audit log stream configuration was created successfully.

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

List one audit log streaming configuration via a stream ID

Lists one audit log stream configuration via a stream ID.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

"List one audit log streaming configuration via a stream ID" のきめ細かいアクセストークン

"List one audit log streaming configuration via a stream ID" のパラメーター

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`enterprise` string 必須 The slug version of the enterprise name. You can also substitute this value with the enterprise id.
`stream_id` integer 必須 The ID of the audit log stream configuration.

"List one audit log streaming configuration via a stream ID" の HTTP 応答状態コード

状態コード	説明
`200`	Lists one audit log stream configuration via stream ID.

"List one audit log streaming configuration via a stream ID" のコードサンプル

GHE.com で GitHub にアクセスする場合は、api.github.com を api.SUBDOMAIN.ghe.com にあるエンタープライズの専用サブドメインに置き換えます。

要求の例

get/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

Lists one audit log stream configuration via stream ID.

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

Update an existing audit log stream configuration

Updates an existing audit log stream configuration for an enterprise.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

"Update an existing audit log stream configuration" のきめ細かいアクセストークン

"Update an existing audit log stream configuration" のパラメーター

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`enterprise` string 必須 The slug version of the enterprise name. You can also substitute this value with the enterprise id.
`stream_id` integer 必須 The ID of the audit log stream configuration.

名前, Type, 説明

enabled boolean 必須

This setting pauses or resumes a stream.

stream_type string 必須

The audit log streaming provider. The name is case sensitive.

次のいずれかにできます: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object 必須

Can be one of these objects:

名前, Type, 説明

AzureBlobConfig object 必須

Azure Blob Config for audit log streaming configuration.

Properties of AzureBlobConfig

名前, Type, 説明
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_sas_url` string 必須

AzureHubConfig object 必須

Azure Event Hubs Config for audit log streaming configuration.

Properties of AzureHubConfig

名前, Type, 説明
`name` string 必須 Instance name of Azure Event Hubs
`encrypted_connstring` string 必須 Encrypted Connection String for Azure Event Hubs
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object 必須

Amazon S3 OIDC Config for audit log streaming configuration.

Properties of AmazonS3OIDCConfig

名前, Type, 説明
`bucket` string 必須 Amazon S3 Bucket Name.
`region` string 必須 AWS S3 Bucket Region.
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string 必須 Authentication Type for Amazon S3. Value: `oidc`
`arn_role` string 必須

AmazonS3AccessKeysConfig object 必須

Amazon S3 Access Keys Config for audit log streaming configuration.

Properties of AmazonS3AccessKeysConfig

名前, Type, 説明
`bucket` string 必須 Amazon S3 Bucket Name.
`region` string 必須 Amazon S3 Bucket Name.
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string 必須 Authentication Type for Amazon S3. Value: `access_keys`
`encrypted_secret_key` string 必須 Encrypted AWS Secret Key.
`encrypted_access_key_id` string 必須 Encrypted AWS Access Key ID.

SplunkConfig object 必須

Splunk Config for Audit Log Stream Configuration

Properties of SplunkConfig

名前, Type, 説明
`domain` string 必須 Domain of Splunk instance.
`port` integer 必須 The port number for connecting to Splunk.
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_token` string 必須 Encrypted Token.
`ssl_verify` boolean 必須 SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object 必須

Google Cloud Config for audit log streaming configuration.

Properties of GoogleCloudConfig

名前, Type, 説明
`bucket` string 必須 Google Cloud Bucket Name
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_json_credentials` string 必須

DatadogConfig object 必須

Datadog Config for audit log streaming configuration.

Properties of DatadogConfig

名前, Type, 説明
`encrypted_token` string 必須 Encrypted Splunk token.
`site` string 必須 Datadog Site to use. 次のいずれかにできます: `US`, `US3`, `US5`, `EU1`, `US1-FED`, `AP1`
`key_id` string 必須 Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

"Update an existing audit log stream configuration" の HTTP 応答状態コード

状態コード	説明
`200`	Successful update
`422`	Validation error

"Update an existing audit log stream configuration" のコードサンプル

GHE.com で GitHub にアクセスする場合は、api.github.com を api.SUBDOMAIN.ghe.com にあるエンタープライズの専用サブドメインに置き換えます。

要求の例

put/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID \
  -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

Successful update

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`enterprise` string 必須 The slug version of the enterprise name. You can also substitute this value with the enterprise id.
`stream_id` integer 必須 The ID of the audit log stream configuration.

"Delete an audit log streaming configuration for an enterprise" の HTTP 応答状態コード

状態コード	説明
`204`	The audit log stream configuration was deleted successfully.

"Delete an audit log streaming configuration for an enterprise" のコードサンプル

GHE.com で GitHub にアクセスする場合は、api.github.com を api.SUBDOMAIN.ghe.com にあるエンタープライズの専用サブドメインに置き換えます。

要求の例

delete/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

The audit log stream configuration was deleted successfully.

Status: 204