Конечные точки REST API для журналов аудита предприятия

Get the audit log for an enterprise

Gets the audit log for an enterprise.

This endpoint has a rate limit of 1,750 queries per hour per user and IP address. If your integration receives a rate limit error (typically a 403 or 429 response), it should wait before making another request to the GitHub API. For more information, see "Rate limits for the REST API" and "Best practices for integrators."

The authenticated user must be an enterprise admin to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the read:audit_log scope to use this endpoint.

Подробные маркеры доступа для "Get the audit log for an enterprise

Эта конечная точка работает со следующими точными типами маркеров:

Маркер с точной детализацией должен иметь следующий набор разрешений.:

"Enterprise administration" business permissions (read)

Параметры для "Get the audit log for an enterprise"

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`enterprise` string Обязательное поле The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Параметры запроса
Имя., Тип, Description
`phrase` string A search phrase. For more information, see Searching the audit log.
`include` string The event types to include: `web` - returns web (non-Git) events. `git` - returns Git events. `all` - returns both web and Git events. The default is `web`. Возможные значения: `web`, `git`, `all`
`after` string A cursor, as given in the Link header. If specified, the query only searches for events after this cursor.
`before` string A cursor, as given in the Link header. If specified, the query only searches for events before this cursor.
`order` string The order of audit log events. To list newest events first, specify `desc`. To list oldest events first, specify `asc`. The default is `desc`. Возможные значения: `desc`, `asc`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." По умолчанию.: `1`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." По умолчанию.: `30`

Коды состояния http-ответа для "Get the audit log for an enterprise"

Код состояния	Описание
`200`	OK

Примеры кода для "Get the audit log for an enterprise"

Если вы обращаетесь к GitHub в GHE.com, замените api.github.com выделенный поддомен api.SUBDOMAIN.ghe.comпредприятия.

Пример запроса

get/enterprises/{enterprise}/audit-log

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log

Response

Status: 200

[
  {
    "@timestamp": 1606929874512,
    "action": "team.add_member",
    "actor": "octocat",
    "created_at": 1606929874512,
    "_document_id": "xJJFlFOhQ6b-5vaAFy9Rjw",
    "org": "octo-corp",
    "team": "octo-corp/example-team",
    "user": "monalisa"
  },
  {
    "@timestamp": 1606507117008,
    "action": "org.create",
    "actor": "octocat",
    "created_at": 1606507117008,
    "_document_id": "Vqvg6kZ4MYqwWRKFDzlMoQ",
    "org": "octocat-test-org"
  },
  {
    "@timestamp": 1605719148837,
    "action": "repo.destroy",
    "actor": "monalisa",
    "created_at": 1605719148837,
    "_document_id": "LwW2vpJZCDS-WUmo9Z-ifw",
    "org": "mona-org",
    "repo": "mona-org/mona-test-repo",
    "visibility": "private"
  }
]

Get the audit log stream key for encrypting secrets

Retrieves the audit log streaming public key for encrypting secrets.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Подробные маркеры доступа для "Get the audit log stream key for encrypting secrets

Эта конечная точка не работает с маркерами доступа пользователей приложения GitHub, маркерами доступа к установке приложения GitHub или точными личными маркерами доступа.

Параметры для "Get the audit log stream key for encrypting secrets"

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`enterprise` string Обязательное поле The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Коды состояния http-ответа для "Get the audit log stream key for encrypting secrets"

Код состояния	Описание
`200`	The stream key for the audit log streaming configuration was retrieved successfully.

Примеры кода для "Get the audit log stream key for encrypting secrets"

Если вы обращаетесь к GitHub в GHE.com, замените api.github.com выделенный поддомен api.SUBDOMAIN.ghe.comпредприятия.

Пример запроса

get/enterprises/{enterprise}/audit-log/stream-key

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/stream-key

The stream key for the audit log streaming configuration was retrieved successfully.

Status: 200

{
  "key_id": "123",
  "key": "actual-public-key-value"
}

List audit log stream configurations for an enterprise

Lists the configured audit log streaming configurations for an enterprise. This only lists configured streams for supported providers.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Подробные маркеры доступа для "List audit log stream configurations for an enterprise

Эта конечная точка не работает с маркерами доступа пользователей приложения GitHub, маркерами доступа к установке приложения GitHub или точными личными маркерами доступа.

Параметры для "List audit log stream configurations for an enterprise"

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`enterprise` string Обязательное поле The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Коды состояния http-ответа для "List audit log stream configurations for an enterprise"

Код состояния	Описание
`200`	OK

Примеры кода для "List audit log stream configurations for an enterprise"

Если вы обращаетесь к GitHub в GHE.com, замените api.github.com выделенный поддомен api.SUBDOMAIN.ghe.comпредприятия.

Пример запроса

get/enterprises/{enterprise}/audit-log/streams

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams

OK

Status: 200

[
  {
    "id": 1,
    "stream_type": "Splunk",
    "stream_details": "US",
    "enabled": true,
    "created_at": "2024-06-06T08:00:00Z",
    "updated_at": "2024-06-06T08:00:00Z",
    "paused_at": null
  }
]

Create an audit log streaming configuration for an enterprise

Creates an audit log streaming configuration for any of the supported streaming endpoints: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, Google Cloud Storage, Datadog.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Подробные маркеры доступа для "Create an audit log streaming configuration for an enterprise

Эта конечная точка не работает с маркерами доступа пользователей приложения GitHub, маркерами доступа к установке приложения GitHub или точными личными маркерами доступа.

Параметры для "Create an audit log streaming configuration for an enterprise"

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`enterprise` string Обязательное поле The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Имя., Тип, Description

enabled boolean Обязательное поле

This setting pauses or resumes a stream.

stream_type string Обязательное поле

The audit log streaming provider. The name is case sensitive.

Возможные значения: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object Обязательное поле

Can be one of these objects:

Имя., Тип, Description

AzureBlobConfig object Обязательное поле

Azure Blob Config for audit log streaming configuration.

Properties of AzureBlobConfig

Имя., Тип, Description
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_sas_url` string Обязательное поле

AzureHubConfig object Обязательное поле

Azure Event Hubs Config for audit log streaming configuration.

Properties of AzureHubConfig

Имя., Тип, Description
`name` string Обязательное поле Instance name of Azure Event Hubs
`encrypted_connstring` string Обязательное поле Encrypted Connection String for Azure Event Hubs
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object Обязательное поле

Amazon S3 OIDC Config for audit log streaming configuration.

Properties of AmazonS3OIDCConfig

Имя., Тип, Description
`bucket` string Обязательное поле Amazon S3 Bucket Name.
`region` string Обязательное поле AWS S3 Bucket Region.
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Обязательное поле Authentication Type for Amazon S3. значение: `oidc`
`arn_role` string Обязательное поле

AmazonS3AccessKeysConfig object Обязательное поле

Amazon S3 Access Keys Config for audit log streaming configuration.

Properties of AmazonS3AccessKeysConfig

Имя., Тип, Description
`bucket` string Обязательное поле Amazon S3 Bucket Name.
`region` string Обязательное поле Amazon S3 Bucket Name.
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Обязательное поле Authentication Type for Amazon S3. значение: `access_keys`
`encrypted_secret_key` string Обязательное поле Encrypted AWS Secret Key.
`encrypted_access_key_id` string Обязательное поле Encrypted AWS Access Key ID.

SplunkConfig object Обязательное поле

Splunk Config for Audit Log Stream Configuration

Properties of SplunkConfig

Имя., Тип, Description
`domain` string Обязательное поле Domain of Splunk instance.
`port` integer Обязательное поле The port number for connecting to Splunk.
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_token` string Обязательное поле Encrypted Token.
`ssl_verify` boolean Обязательное поле SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object Обязательное поле

Google Cloud Config for audit log streaming configuration.

Properties of GoogleCloudConfig

Имя., Тип, Description
`bucket` string Обязательное поле Google Cloud Bucket Name
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_json_credentials` string Обязательное поле

DatadogConfig object Обязательное поле

Datadog Config for audit log streaming configuration.

Properties of DatadogConfig

Имя., Тип, Description
`encrypted_token` string Обязательное поле Encrypted Splunk token.
`site` string Обязательное поле Datadog Site to use. Возможные значения: `US`, `US3`, `US5`, `EU1`, `US1-FED`, `AP1`
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

Коды состояния http-ответа для "Create an audit log streaming configuration for an enterprise"

Код состояния	Описание
`200`	The audit log stream configuration was created successfully.

Примеры кода для "Create an audit log streaming configuration for an enterprise"

Если вы обращаетесь к GitHub в GHE.com, замените api.github.com выделенный поддомен api.SUBDOMAIN.ghe.comпредприятия.

Пример запроса

post/enterprises/{enterprise}/audit-log/streams

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams \
  -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

The audit log stream configuration was created successfully.

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

List one audit log streaming configuration via a stream ID

Lists one audit log stream configuration via a stream ID.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Подробные маркеры доступа для "List one audit log streaming configuration via a stream ID

Эта конечная точка не работает с маркерами доступа пользователей приложения GitHub, маркерами доступа к установке приложения GitHub или точными личными маркерами доступа.

Параметры для "List one audit log streaming configuration via a stream ID"

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`enterprise` string Обязательное поле The slug version of the enterprise name. You can also substitute this value with the enterprise id.
`stream_id` integer Обязательное поле The ID of the audit log stream configuration.

Коды состояния http-ответа для "List one audit log streaming configuration via a stream ID"

Код состояния	Описание
`200`	Lists one audit log stream configuration via stream ID.

Примеры кода для "List one audit log streaming configuration via a stream ID"

Если вы обращаетесь к GitHub в GHE.com, замените api.github.com выделенный поддомен api.SUBDOMAIN.ghe.comпредприятия.

Пример запроса

get/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

Lists one audit log stream configuration via stream ID.

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

Update an existing audit log stream configuration

Updates an existing audit log stream configuration for an enterprise.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Подробные маркеры доступа для "Update an existing audit log stream configuration

Эта конечная точка не работает с маркерами доступа пользователей приложения GitHub, маркерами доступа к установке приложения GitHub или точными личными маркерами доступа.

Параметры для "Update an existing audit log stream configuration"

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`enterprise` string Обязательное поле The slug version of the enterprise name. You can also substitute this value with the enterprise id.
`stream_id` integer Обязательное поле The ID of the audit log stream configuration.

Имя., Тип, Description

enabled boolean Обязательное поле

This setting pauses or resumes a stream.

stream_type string Обязательное поле

The audit log streaming provider. The name is case sensitive.

Возможные значения: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object Обязательное поле

Can be one of these objects:

Имя., Тип, Description

AzureBlobConfig object Обязательное поле

Azure Blob Config for audit log streaming configuration.

Properties of AzureBlobConfig

Имя., Тип, Description
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_sas_url` string Обязательное поле

AzureHubConfig object Обязательное поле

Azure Event Hubs Config for audit log streaming configuration.

Properties of AzureHubConfig

Имя., Тип, Description
`name` string Обязательное поле Instance name of Azure Event Hubs
`encrypted_connstring` string Обязательное поле Encrypted Connection String for Azure Event Hubs
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object Обязательное поле

Amazon S3 OIDC Config for audit log streaming configuration.

Properties of AmazonS3OIDCConfig

Имя., Тип, Description
`bucket` string Обязательное поле Amazon S3 Bucket Name.
`region` string Обязательное поле AWS S3 Bucket Region.
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Обязательное поле Authentication Type for Amazon S3. значение: `oidc`
`arn_role` string Обязательное поле

AmazonS3AccessKeysConfig object Обязательное поле

Amazon S3 Access Keys Config for audit log streaming configuration.

Properties of AmazonS3AccessKeysConfig

Имя., Тип, Description
`bucket` string Обязательное поле Amazon S3 Bucket Name.
`region` string Обязательное поле Amazon S3 Bucket Name.
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Обязательное поле Authentication Type for Amazon S3. значение: `access_keys`
`encrypted_secret_key` string Обязательное поле Encrypted AWS Secret Key.
`encrypted_access_key_id` string Обязательное поле Encrypted AWS Access Key ID.

SplunkConfig object Обязательное поле

Splunk Config for Audit Log Stream Configuration

Properties of SplunkConfig

Имя., Тип, Description
`domain` string Обязательное поле Domain of Splunk instance.
`port` integer Обязательное поле The port number for connecting to Splunk.
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_token` string Обязательное поле Encrypted Token.
`ssl_verify` boolean Обязательное поле SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object Обязательное поле

Google Cloud Config for audit log streaming configuration.

Properties of GoogleCloudConfig

Имя., Тип, Description
`bucket` string Обязательное поле Google Cloud Bucket Name
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_json_credentials` string Обязательное поле

DatadogConfig object Обязательное поле

Datadog Config for audit log streaming configuration.

Properties of DatadogConfig

Имя., Тип, Description
`encrypted_token` string Обязательное поле Encrypted Splunk token.
`site` string Обязательное поле Datadog Site to use. Возможные значения: `US`, `US3`, `US5`, `EU1`, `US1-FED`, `AP1`
`key_id` string Обязательное поле Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

Коды состояния http-ответа для "Update an existing audit log stream configuration"

Код состояния	Описание
`200`	Successful update
`422`	Validation error

Примеры кода для "Update an existing audit log stream configuration"

Если вы обращаетесь к GitHub в GHE.com, замените api.github.com выделенный поддомен api.SUBDOMAIN.ghe.comпредприятия.

Пример запроса

put/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID \
  -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

Successful update

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`enterprise` string Обязательное поле The slug version of the enterprise name. You can also substitute this value with the enterprise id.
`stream_id` integer Обязательное поле The ID of the audit log stream configuration.

Коды состояния http-ответа для "Delete an audit log streaming configuration for an enterprise"

Код состояния	Описание
`204`	The audit log stream configuration was deleted successfully.

Примеры кода для "Delete an audit log streaming configuration for an enterprise"

Если вы обращаетесь к GitHub в GHE.com, замените api.github.com выделенный поддомен api.SUBDOMAIN.ghe.comпредприятия.

Пример запроса

delete/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

The audit log stream configuration was deleted successfully.

Status: 204