Github audit logs give organization owners visibility into actions performed by members of their organization. It includes details such as who performed the action, what the action was, and when it was performed. Panther can collect, normalize, and monitor Github audit logs to help you identify suspicious activity in real-time. Your normalized data is then retained to power future security investigations in a serverless data lake powered by AWS or the cloud-native data platform, Snowflake.
Use Panther’s built-in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.
Common security use cases for Github Audit Logs with Panther include monitoring:
- Access to your organization or repository settings
- Changes in permissions
- Added or removed users in an organization, repository, or team
- Users being promoted to admin
- Changes to permissions of a GitHub App
How it works
The integration is simple and fast:
- Create a new OAuth app or a Personal Access Token in Github and then provide the app credentials to Panther (Detailed instructions in the docs).
- Panther will parse, normalize, and analyze your log data in real-time
- As rules are triggered, alerts are sent to your configured destinations
- Normalized logs can be searched from Panther’s Data Explorer
- Sit back and monitor your activity!