From b08aeddd3d3953f871b0cf6938620183ae73d3b7 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Wed, 18 Nov 2020 12:08:44 +0000 Subject: [PATCH] Updates to fix omissions and errors in the security actions of the audit log (#16416) --- .../reviewing-your-security-log.md | 249 ++++++------ ...ing-the-audit-log-for-your-organization.md | 354 +++++++++++------- 2 files changed, 348 insertions(+), 255 deletions(-) diff --git a/content/github/authenticating-to-github/reviewing-your-security-log.md b/content/github/authenticating-to-github/reviewing-your-security-log.md index 264a3a22b0a1..2e5c272ef278 100644 --- a/content/github/authenticating-to-github/reviewing-your-security-log.md +++ b/content/github/authenticating-to-github/reviewing-your-security-log.md @@ -1,6 +1,7 @@ --- title: Reviewing your security log intro: You can review the security log for your user account to better understand actions you've performed and actions others have performed that involve you. +miniTocMaxHeadingLevel: 4 redirect_from: - /articles/reviewing-your-security-log versions: @@ -33,218 +34,222 @@ The security log lists all actions performed within the last 90 days{% if curren #### Search based on the action performed {% else %} ### Understanding events in your security log - -Actions listed in your security log are grouped within the following categories: {% endif %} -| Category Name | Description +The events listed in your security log are triggered by your actions. Actions are grouped into the following categories: + +| Category name | Description |------------------|-------------------{% if currentVersion == "free-pro-team@latest" %} -| `account_recovery_token` | Contains all activities related to [adding a recovery token](/articles/configuring-two-factor-authentication-recovery-methods). -| `billing` | Contains all activities related to your billing information. -| `marketplace_agreement_signature` | Contains all activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement. -| `marketplace_listing` | Contains all activities related to listing apps in {% data variables.product.prodname_marketplace %}.{% endif %} -| `oauth_access` | Contains all activities related to [{% data variables.product.prodname_oauth_app %}s](/articles/authorizing-oauth-apps) you've connected with.{% if currentVersion == "free-pro-team@latest" %} -| `payment_method` | Contains all activities related to paying for your {% data variables.product.prodname_dotcom %} subscription.{% endif %} -| `profile_picture` | Contains all activities related to your profile picture. -| `project` | Contains all activities related to project boards. -| `public_key` | Contains all activities related to [your public SSH keys](/articles/adding-a-new-ssh-key-to-your-github-account). -| `repo` | Contains all activities related to the repositories you own.{% if currentVersion == "free-pro-team@latest" %} -| `sponsors` | Contains all events related to {% data variables.product.prodname_sponsors %} and sponsor buttons (see "[About {% data variables.product.prodname_sponsors %}](/articles/about-github-sponsors)" and "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)"){% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} -| `team` | Contains all activities related to teams you are a part of.{% endif %}{% if currentVersion != "github-ae@latest" %} -| `two_factor_authentication` | Contains all activities related to [two-factor authentication](/articles/securing-your-account-with-two-factor-authentication-2fa).{% endif %} -| `user` | Contains all activities related to your account. - -A description of the events within these categories is listed below. +| [`account_recovery_token`](#account_recovery_token-category-actions) | Contains all activities related to [adding a recovery token](/articles/configuring-two-factor-authentication-recovery-methods). +| [`billing`](#billing-category-actions) | Contains all activities related to your billing information. +| [`marketplace_agreement_signature`](#marketplace_agreement_signature-category-actions) | Contains all activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement. +| [`marketplace_listing`](#marketplace_listing-category-actions) | Contains all activities related to listing apps in {% data variables.product.prodname_marketplace %}.{% endif %} +| [`oauth_access`](#oauth_access-category-actions) | Contains all activities related to [{% data variables.product.prodname_oauth_app %}s](/articles/authorizing-oauth-apps) you've connected with.{% if currentVersion == "free-pro-team@latest" %} +| [`payment_method`](#payment_method-category-actions) | Contains all activities related to paying for your {% data variables.product.prodname_dotcom %} subscription.{% endif %} +| [`profile_picture`](#profile_picture-category-actions) | Contains all activities related to your profile picture. +| [`project`](#project-category-actions) | Contains all activities related to project boards. +| [`public_key`](#public_key-category-actions) | Contains all activities related to [your public SSH keys](/articles/adding-a-new-ssh-key-to-your-github-account). +| [`repo`](#repo-category-actions) | Contains all activities related to the repositories you own.{% if currentVersion == "free-pro-team@latest" %} +| [`sponsors`](#sponsors-category-actions) | Contains all events related to {% data variables.product.prodname_sponsors %} and sponsor buttons (see "[About {% data variables.product.prodname_sponsors %}](/articles/about-github-sponsors)" and "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)"){% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} +| [`team`](#team-category-actions) | Contains all activities related to teams you are a part of.{% endif %}{% if currentVersion != "github-ae@latest" %} +| [`two_factor_authentication`](#two_factor_authentication-category-actions) | Contains all activities related to [two-factor authentication](/articles/securing-your-account-with-two-factor-authentication-2fa).{% endif %} +| [`user`](#user-category-actions) | Contains all activities related to your account. + +{% if currentVersion == "free-pro-team@latest" %} + +### Exporting your security log + +{% data reusables.audit_log.export-log %} +{% data reusables.audit_log.exported-log-keys-and-values %} + +{% endif %} + +### Security log actions + +An overview of some of the most common actions that are recorded as events in the security log. {% if currentVersion == "free-pro-team@latest" %} -#### The `account_recovery_token` category +#### `account_recovery_token` category actions | Action | Description |------------------|------------------- -| confirm | Triggered when you successfully [store a new token with a recovery provider](/articles/configuring-two-factor-authentication-recovery-methods). -| recover | Triggered when you successfully [redeem an account recovery token](/articles/recovering-your-account-if-you-lose-your-2fa-credentials). -| recover_error | Triggered when a token is used but {% data variables.product.prodname_dotcom %} is not able to validate it. +| `confirm` | Triggered when you successfully [store a new token with a recovery provider](/articles/configuring-two-factor-authentication-recovery-methods). +| `recover` | Triggered when you successfully [redeem an account recovery token](/articles/recovering-your-account-if-you-lose-your-2fa-credentials). +| `recover_error` | Triggered when a token is used but {% data variables.product.prodname_dotcom %} is not able to validate it. -#### The `billing` category +#### `billing` category actions | Action | Description |------------------|------------------- -| change_billing_type | Triggered when you [change how you pay](/articles/adding-or-editing-a-payment-method) for {% data variables.product.prodname_dotcom %}. -| change_email | Triggered when you [change your email address](/articles/changing-your-primary-email-address). +| `change_billing_type` | Triggered when you [change how you pay](/articles/adding-or-editing-a-payment-method) for {% data variables.product.prodname_dotcom %}. +| `change_email` | Triggered when you [change your email address](/articles/changing-your-primary-email-address). -#### The `marketplace_agreement_signature` category +#### `marketplace_agreement_signature` category actions | Action | Description |------------------|------------------- -| create | Triggered when you sign the {% data variables.product.prodname_marketplace %} Developer Agreement. +| `create` | Triggered when you sign the {% data variables.product.prodname_marketplace %} Developer Agreement. -#### The `marketplace_listing` category +#### `marketplace_listing` category actions | Action | Description |------------------|------------------- -| approve | Triggered when your listing is approved for inclusion in {% data variables.product.prodname_marketplace %}. -| create | Triggered when you create a listing for your app in {% data variables.product.prodname_marketplace %}. -| delist | Triggered when your listing is removed from {% data variables.product.prodname_marketplace %}. -| redraft | Triggered when your listing is sent back to draft state. -| reject | Triggered when your listing is not accepted for inclusion in {% data variables.product.prodname_marketplace %}. +| `approve` | Triggered when your listing is approved for inclusion in {% data variables.product.prodname_marketplace %}. +| `create` | Triggered when you create a listing for your app in {% data variables.product.prodname_marketplace %}. +| `delist` | Triggered when your listing is removed from {% data variables.product.prodname_marketplace %}. +| `redraft` | Triggered when your listing is sent back to draft state. +| `reject` | Triggered when your listing is not accepted for inclusion in {% data variables.product.prodname_marketplace %}. {% endif %} -#### The `oauth_access` category +#### `oauth_access` category actions | Action | Description |------------------|------------------- -| create | Triggered when you [grant access to an {% data variables.product.prodname_oauth_app %}](/articles/authorizing-oauth-apps). -| destroy | Triggered when you [revoke an {% data variables.product.prodname_oauth_app %}'s access to your account](/articles/reviewing-your-authorized-integrations). +| `create` | Triggered when you [grant access to an {% data variables.product.prodname_oauth_app %}](/articles/authorizing-oauth-apps). +| `destroy` | Triggered when you [revoke an {% data variables.product.prodname_oauth_app %}'s access to your account](/articles/reviewing-your-authorized-integrations). {% if currentVersion == "free-pro-team@latest" %} -#### The `payment_method` category +#### `payment_method` category actions | Action | Description |------------------|------------------- -| clear | Triggered when [a payment method](/articles/removing-a-payment-method) on file is removed. -| create | Triggered when a new payment method is added, such as a new credit card or PayPal account. -| update | Triggered when an existing payment method is updated. +| `clear` | Triggered when [a payment method](/articles/removing-a-payment-method) on file is removed. +| `create` | Triggered when a new payment method is added, such as a new credit card or PayPal account. +| `update` | Triggered when an existing payment method is updated. {% endif %} -#### The `profile_picture` category +#### `profile_picture` category actions | Action | Description |------------------|------------------- -| update | Triggered when you [set or update your profile picture](/articles/setting-your-profile-picture/). +| `update` | Triggered when you [set or update your profile picture](/articles/setting-your-profile-picture/). -#### The `project` category +#### `project` category actions | Action | Description |--------------------|--------------------- +| `access` | Triggered when a project board's visibility is changed. | `create` | Triggered when a project board is created. | `rename` | Triggered when a project board is renamed. | `update` | Triggered when a project board is updated. | `delete` | Triggered when a project board is deleted. | `link` | Triggered when a repository is linked to a project board. | `unlink` | Triggered when a repository is unlinked from a project board. -| `project.access` | Triggered when a project board's visibility is changed. | `update_user_permission` | Triggered when an outside collaborator is added to or removed from a project board or has their permission level changed. -#### The `public_key` category +#### `public_key` category actions | Action | Description |------------------|------------------- -| create | Triggered when you [add a new public SSH key to your {% data variables.product.product_name %} account](/articles/adding-a-new-ssh-key-to-your-github-account). -| delete | Triggered when you [remove a public SSH key to your {% data variables.product.product_name %} account](/articles/reviewing-your-ssh-keys). +| `create` | Triggered when you [add a new public SSH key to your {% data variables.product.product_name %} account](/articles/adding-a-new-ssh-key-to-your-github-account). +| `delete` | Triggered when you [remove a public SSH key to your {% data variables.product.product_name %} account](/articles/reviewing-your-ssh-keys). -#### The `repo` category +#### `repo` category actions | Action | Description |------------------|------------------- -| access | Triggered when you a repository you own is [switched from "private" to "public"](/articles/making-a-private-repository-public) (or vice versa). -| add_member | Triggered when a {% data variables.product.product_name %} user is {% if currentVersion == "free-pro-team@latest" %}[invited to have collaboration access](/articles/inviting-collaborators-to-a-personal-repository){% else %}[given collaboration access](/articles/inviting-collaborators-to-a-personal-repository){% endif %} to a repository. -| add_topic | Triggered when a repository owner [adds a topic](/articles/classifying-your-repository-with-topics) to a repository. -| archived | Triggered when a repository owner [archives a repository](/articles/about-archiving-repositories).{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} -| config.disable_anonymous_git_access | Triggered when [anonymous Git read access is disabled](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository. -| config.enable_anonymous_git_access | Triggered when [anonymous Git read access is enabled](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository. -| config.lock_anonymous_git_access | Triggered when a repository's [anonymous Git read access setting is locked](/enterprise/{{ currentVersion }}/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access). -| config.unlock_anonymous_git_access | Triggered when a repository's [anonymous Git read access setting is unlocked](/enterprise/{{ currentVersion }}/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access).{% endif %} -| create | Triggered when [a new repository is created](/articles/creating-a-new-repository). -| destroy | Triggered when [a repository is deleted](/articles/deleting-a-repository).{% if currentVersion == "free-pro-team@latest" %} -| disable | Triggered when a repository is disabled (e.g., for [insufficient funds](/articles/unlocking-a-locked-account)).{% endif %}{% if currentVersion == "free-pro-team@latest" %} -| enable | Triggered when a repository is re-enabled.{% endif %} -| remove_member | Triggered when a {% data variables.product.product_name %} user is [removed from a repository as a collaborator](/articles/removing-a-collaborator-from-a-personal-repository). -| remove_topic | Triggered when a repository owner removes a topic from a repository. -| rename | Triggered when [a repository is renamed](/articles/renaming-a-repository). -| transfer | Triggered when [a repository is transferred](/articles/how-to-transfer-a-repository). -| transfer_start | Triggered when a repository transfer is about to occur. -| unarchived | Triggered when a repository owner unarchives a repository. +| `access` | Triggered when you a repository you own is [switched from "private" to "public"](/articles/making-a-private-repository-public) (or vice versa). +| `add_member` | Triggered when a {% data variables.product.product_name %} user is {% if currentVersion == "free-pro-team@latest" %}[invited to have collaboration access](/articles/inviting-collaborators-to-a-personal-repository){% else %}[given collaboration access](/articles/inviting-collaborators-to-a-personal-repository){% endif %} to a repository. +| `add_topic` | Triggered when a repository owner [adds a topic](/articles/classifying-your-repository-with-topics) to a repository. +| `archived` | Triggered when a repository owner [archives a repository](/articles/about-archiving-repositories).{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} +| `config.disable_anonymous_git_access` | Triggered when [anonymous Git read access is disabled](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository. +| `config.enable_anonymous_git_access` | Triggered when [anonymous Git read access is enabled](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository. +| `config.lock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is locked](/enterprise/{{ currentVersion }}/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access). +| `config.unlock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is unlocked](/enterprise/{{ currentVersion }}/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access).{% endif %} +| `create` | Triggered when [a new repository is created](/articles/creating-a-new-repository). +| `destroy` | Triggered when [a repository is deleted](/articles/deleting-a-repository).{% if currentVersion == "free-pro-team@latest" %} +| `disable` | Triggered when a repository is disabled (e.g., for [insufficient funds](/articles/unlocking-a-locked-account)).{% endif %}{% if currentVersion == "free-pro-team@latest" %} +| `enable` | Triggered when a repository is re-enabled.{% endif %} +| `remove_member` | Triggered when a {% data variables.product.product_name %} user is [removed from a repository as a collaborator](/articles/removing-a-collaborator-from-a-personal-repository). +| `remove_topic` | Triggered when a repository owner removes a topic from a repository. +| `rename` | Triggered when [a repository is renamed](/articles/renaming-a-repository). +| `transfer` | Triggered when [a repository is transferred](/articles/how-to-transfer-a-repository). +| `transfer_start` | Triggered when a repository transfer is about to occur. +| `unarchived` | Triggered when a repository owner unarchives a repository. {% if currentVersion == "free-pro-team@latest" %} -#### The `sponsors` category +#### `sponsors` category actions | Action | Description |------------------|------------------- -| repo_funding_link_button_toggle | Triggered when you enable or disable a sponsor button in your repository (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)") -| repo_funding_links_file_action | Triggered when you change the FUNDING file in your repository (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)") -| sponsor_sponsorship_cancel | Triggered when you cancel a sponsorship (see "[Downgrading a sponsorship](/articles/downgrading-a-sponsorship)") -| sponsor_sponsorship_create | Triggered when you sponsor a developer (see "[Sponsoring an open source contributor](/github/supporting-the-open-source-community-with-github-sponsors/sponsoring-an-open-source-contributor#sponsoring-a-developer)") -| sponsor_sponsorship_preference_change | Triggered when you change whether you receive email updates from a sponsored developer (see "[Managing your sponsorship](/articles/managing-your-sponsorship)") -| sponsor_sponsorship_tier_change | Triggered when you upgrade or downgrade your sponsorship (see "[Upgrading a sponsorship](/articles/upgrading-a-sponsorship)" and "[Downgrading a sponsorship](/articles/downgrading-a-sponsorship)") -| sponsored_developer_approve | Triggered when your {% data variables.product.prodname_sponsors %} account is approved (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)") -| sponsored_developer_create | Triggered when your {% data variables.product.prodname_sponsors %} account is created (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)") -| sponsored_developer_profile_update | Triggered when you edit your sponsored developer profile (see "[Editing your profile details for {% data variables.product.prodname_sponsors %}](/github/supporting-the-open-source-community-with-github-sponsors/editing-your-profile-details-for-github-sponsors)") -| sponsored_developer_request_approval | Triggered when you submit your application for {% data variables.product.prodname_sponsors %} for approval (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)") -| sponsored_developer_tier_description_update | Triggered when you change the description for a sponsorship tier (see "[Changing your sponsorship tiers](/articles/changing-your-sponsorship-tiers)") -| sponsored_developer_update_newsletter_send | Triggered when you send an email update to your sponsors (see "[Contacting your sponsors](/articles/contacting-your-sponsors)") -| waitlist_invite_sponsored_developer | Triggered when you are invited to join {% data variables.product.prodname_sponsors %} from the waitlist (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)") -| waitlist_join | Triggered when you join the waitlist to become a sponsored developer (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)") +| `repo_funding_link_button_toggle` | Triggered when you enable or disable a sponsor button in your repository (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)") +| `repo_funding_links_file_action` | Triggered when you change the FUNDING file in your repository (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)") +| `sponsor_sponsorship_cancel` | Triggered when you cancel a sponsorship (see "[Downgrading a sponsorship](/articles/downgrading-a-sponsorship)") +| `sponsor_sponsorship_create` | Triggered when you sponsor a developer (see "[Sponsoring an open source contributor](/github/supporting-the-open-source-community-with-github-sponsors/sponsoring-an-open-source-contributor#sponsoring-a-developer)") +| `sponsor_sponsorship_preference_change` | Triggered when you change whether you receive email updates from a sponsored developer (see "[Managing your sponsorship](/articles/managing-your-sponsorship)") +| `sponsor_sponsorship_tier_change` | Triggered when you upgrade or downgrade your sponsorship (see "[Upgrading a sponsorship](/articles/upgrading-a-sponsorship)" and "[Downgrading a sponsorship](/articles/downgrading-a-sponsorship)") +| `sponsored_developer_approve` | Triggered when your {% data variables.product.prodname_sponsors %} account is approved (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)") +| `sponsored_developer_create` | Triggered when your {% data variables.product.prodname_sponsors %} account is created (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)") +| `sponsored_developer_profile_update` | Triggered when you edit your sponsored developer profile (see "[Editing your profile details for {% data variables.product.prodname_sponsors %}](/github/supporting-the-open-source-community-with-github-sponsors/editing-your-profile-details-for-github-sponsors)") +| `sponsored_developer_request_approval` | Triggered when you submit your application for {% data variables.product.prodname_sponsors %} for approval (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)") +| `sponsored_developer_tier_description_update` | Triggered when you change the description for a sponsorship tier (see "[Changing your sponsorship tiers](/articles/changing-your-sponsorship-tiers)") +| `sponsored_developer_update_newsletter_send` | Triggered when you send an email update to your sponsors (see "[Contacting your sponsors](/articles/contacting-your-sponsors)") +| `waitlist_invite_sponsored_developer` | Triggered when you are invited to join {% data variables.product.prodname_sponsors %} from the waitlist (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)") +| `waitlist_join` | Triggered when you join the waitlist to become a sponsored developer (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)") {% endif %} {% if currentVersion == "free-pro-team@latest" %} -#### The `successor_invitation` category +#### `successor_invitation` category actions | Action | Description |------------------|------------------- -| accept | Triggered when you accept a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)") -| cancel | Triggered when you cancel a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)") -| create | Triggered when you create a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)") -| decline | Triggered when you decline a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)") -| revoke | Triggered when you revoke a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)") +| `accept` | Triggered when you accept a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)") +| `cancel` | Triggered when you cancel a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)") +| `create` | Triggered when you create a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)") +| `decline` | Triggered when you decline a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)") +| `revoke` | Triggered when you revoke a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)") {% endif %} {% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} -#### The `team` category +#### `team` category actions | Action | Description |------------------|------------------- -| add_member | Triggered when a member of an organization you belong to [adds you to a team](/articles/adding-organization-members-to-a-team). -| add_repository | Triggered when a team you are a member of is given control of a repository. -| create | Triggered when a new team in an organization you belong to is created. -| destroy | Triggered when a team you are a member of is deleted from the organization. -| remove_member | Triggered when a member of an organization is [removed from a team](/articles/removing-organization-members-from-a-team) you are a member of. -| remove_repository | Triggered when a repository is no longer under a team's control. +| `add_member` | Triggered when a member of an organization you belong to [adds you to a team](/articles/adding-organization-members-to-a-team). +| `add_repository` | Triggered when a team you are a member of is given control of a repository. +| `create` | Triggered when a new team in an organization you belong to is created. +| `destroy` | Triggered when a team you are a member of is deleted from the organization. +| `remove_member` | Triggered when a member of an organization is [removed from a team](/articles/removing-organization-members-from-a-team) you are a member of. +| `remove_repository` | Triggered when a repository is no longer under a team's control. {% endif %} {% if currentVersion != "github-ae@latest" %} -#### The `two_factor_authentication` category +#### `two_factor_authentication` category actions | Action | Description |------------------|------------------- -| enabled | Triggered when [two-factor authentication](/articles/securing-your-account-with-two-factor-authentication-2fa) is enabled. -| disabled | Triggered when two-factor authentication is disabled. +| `enabled` | Triggered when [two-factor authentication](/articles/securing-your-account-with-two-factor-authentication-2fa) is enabled. +| `disabled` | Triggered when two-factor authentication is disabled. {% endif %} -#### The `user` category +#### `user` category actions | Action | Description |--------------------|--------------------- -| add_email | Triggered when you {% if currentVersion != "github-ae@latest" %}[add a new email address](/articles/changing-your-primary-email-address){% else %}add a new email address{% endif %}. -| create | Triggered when you create a new user account. -| remove_email | Triggered when you remove an email address. -| rename | Triggered when you rename your account.{% if currentVersion != "github-ae@latest" %} -| change_password | Triggered when you change your password. -| forgot_password | Triggered when you ask for [a password reset](/articles/how-can-i-reset-my-password).{% endif %} -| login | Triggered when you log in to {% data variables.product.product_location %}. -| failed_login | Triggered when you failed to log in successfully.{% if currentVersion != "github-ae@latest" %} -| two_factor_requested | Triggered when {% data variables.product.product_name %} asks you for [your two-factor authentication code](/articles/accessing-github-using-two-factor-authentication).{% endif %} -| show_private_contributions_count | Triggered when you [publicize private contributions on your profile](/articles/publicizing-or-hiding-your-private-contributions-on-your-profile). -| hide_private_contributions_count | Triggered when you [hide private contributions on your profile](/articles/publicizing-or-hiding-your-private-contributions-on-your-profile).{% if currentVersion == "free-pro-team@latest" %} -| report_content | Triggered when you [report an issue or pull request, or a comment on an issue, pull request, or commit](/articles/reporting-abuse-or-spam).{% endif %} - -#### The `user_status` category +| `add_email` | Triggered when you {% if currentVersion != "github-ae@latest" %}[add a new email address](/articles/changing-your-primary-email-address){% else %}add a new email address{% endif %}. +| `create` | Triggered when you create a new user account.{% if currentVersion != "github-ae@latest" %} +| `change_password` | Triggered when you change your password. +| `forgot_password` | Triggered when you ask for [a password reset](/articles/how-can-i-reset-my-password).{% endif %} +| `hide_private_contributions_count` | Triggered when you [hide private contributions on your profile](/articles/publicizing-or-hiding-your-private-contributions-on-your-profile). +| `login` | Triggered when you log in to {% data variables.product.product_location %}. +| `failed_login` | Triggered when you failed to log in successfully. +| `remove_email` | Triggered when you remove an email address. +| `rename` | Triggered when you rename your account.{% if currentVersion == "free-pro-team@latest" %} +| `report_content` | Triggered when you [report an issue or pull request, or a comment on an issue, pull request, or commit](/articles/reporting-abuse-or-spam).{% endif %} +| `show_private_contributions_count` | Triggered when you [publicize private contributions on your profile](/articles/publicizing-or-hiding-your-private-contributions-on-your-profile).{% if currentVersion != "github-ae@latest" %} +| `two_factor_requested` | Triggered when {% data variables.product.product_name %} asks you for [your two-factor authentication code](/articles/accessing-github-using-two-factor-authentication).{% endif %} + +#### `user_status` category actions | Action | Description |--------------------|--------------------- -| update | Triggered when you set or change the status on your profile. For more information, see "[Setting a status](/articles/personalizing-your-profile/#setting-a-status)." -| destroy | Triggered when you clear the status on your profile. - -{% if currentVersion == "free-pro-team@latest" %} +| `update` | Triggered when you set or change the status on your profile. For more information, see "[Setting a status](/articles/personalizing-your-profile/#setting-a-status)." +| `destroy` | Triggered when you clear the status on your profile. -### Exporting your security log -{% data reusables.audit_log.export-log %} -{% data reusables.audit_log.exported-log-keys-and-values %} - -{% endif %} diff --git a/content/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization.md b/content/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization.md index 61497be9a9dd..12d028716278 100644 --- a/content/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization.md +++ b/content/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization.md @@ -1,6 +1,7 @@ --- title: Reviewing the audit log for your organization intro: 'The audit log allows organization admins to quickly review the actions performed by members of your organization. It includes details such as who performed the action, what the action was, and when it was performed.' +miniTocMaxHeadingLevel: 4 redirect_from: - /articles/reviewing-the-audit-log-for-your-organization versions: @@ -11,7 +12,7 @@ versions: ### Accessing the audit log -The audit log lists actions performed within the last 90 days. Only owners can access an organization's audit log. +The audit log lists events triggered by activities that affect your organization within the last 90 days. Only owners can access an organization's audit log. {% data reusables.profile.access_profile %} {% data reusables.profile.access_org %} @@ -26,73 +27,110 @@ The audit log lists actions performed within the last 90 days. Only owners can a To search for specific events, use the `action` qualifier in your query. Actions listed in the audit log are grouped within the following categories: -| Category Name | Description +| Category name | Description |------------------|-------------------{% if currentVersion == "free-pro-team@latest" %} -| `account` | Contains all activities related to your organization account.{% endif %}{% if currentVersion == "free-pro-team@latest" %} -| `billing` | Contains all activities related to your organization's billing.{% endif %} -| `discussion_post` | Contains all activities related to discussions posted to a team page. -| `discussion_post_reply` | Contains all activities related to replies to discussions posted to a team page. -| `hook` | Contains all activities related to webhooks. -| `integration_installation_request` | Contains all activities related to organization member requests for owners to approve integrations for use in the organization. |{% if currentVersion == "free-pro-team@latest" %} -| `marketplace_agreement_signature` | Contains all activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement. -| `marketplace_listing` | Contains all activities related to listing apps in {% data variables.product.prodname_marketplace %}.{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %} -| `members_can_create_pages` | Contains all activities related to disabling the publication of {% data variables.product.prodname_pages %} sites for repositories in the organization. For more information, see "[Restricting publication of {% data variables.product.prodname_pages %} sites for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-publication-of-github-pages-sites-for-your-organization)." | {% endif %} -| `org` | Contains all activities related to organization membership{% if currentVersion == "free-pro-team@latest" %} -| `org_credential_authorization` | Contains all activities related to authorizing credentials for use with SAML single sign-on.{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.19" or currentVersion == "github-ae@latest" %} -| `organization_label` | Contains all activities related to default labels for repositories in your organization.{% endif %}{% if currentVersion == "free-pro-team@latest" %} -| `payment_method` | Contains all activities related to how your organization pays for GitHub.{% endif %} -| `profile_picture` | Contains all activities related to your organization's profile picture. -| `project` | Contains all activities related to project boards. -| `protected_branch` | Contains all activities related to protected branches. -| `repo` | Contains all activities related to the repositories owned by your organization.{% if currentVersion == "free-pro-team@latest" %} -| `repository_content_analysis` | Contains all activities related to [enabling or disabling data use for a private repository](/articles/about-github-s-use-of-your-data). -| `repository_dependency_graph` | Contains all activities related to [enabling or disabling the dependency graph for a private repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-and-dependents-of-a-repository).{% endif %}{% if currentVersion != "github-ae@latest" %} -| `repository_vulnerability_alert` | Contains all activities related to [{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %}{% else %}security{% endif %} alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies).{% endif %}{% if currentVersion == "free-pro-team@latest" %} -| `sponsors` | Contains all events related to sponsor buttons (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)"){% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} -| `team` | Contains all activities related to teams in your organization.{% endif %} -| `team_discussions` | Contains activities related to managing team discussions for an organization. +| [`account`](#account-category-actions) | Contains all activities related to your organization account. +| [`advisory_credit`](#advisory_credit-category-actions) | Contains all activities related to crediting a contributor for a security advisory in the {% data variables.product.prodname_advisory_database %}. For more information, see "[About {% data variables.product.prodname_dotcom %} Security Advisories](/github/managing-security-vulnerabilities/about-github-security-advisories)." +| [`billing`](#billing-category-actions) | Contains all activities related to your organization's billing. +| [`dependabot_alerts`](#dependabot_alerts-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot %} alerts in existing repositories. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." +| [`dependabot_alerts_new_repos`](#dependabot_alerts_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot %} alerts in new repositories created in the organization. +| [`dependabot_security_updates`](#dependabot_security_updates-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} in existing repositories. For more information, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." +| [`dependabot_security_updates_new_repos`](#dependabot_security_updates_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} for new repositories created in the organization. +| [`dependency_graph`](#dependency_graph-category-actions) | Contains organization-level configuration activities for dependency graphs for repositories. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)." +| [`dependency_graph_new_repos`](#dependency_graph_new_repos-category-actions) | Contains organization-level configuration activities for new repositories created in the organization.{% endif %} +| [`discussion_post`](#discussion_post-category-actions) | Contains all activities related to discussions posted to a team page. +| [`discussion_post_reply`](#discussion_post_reply-category-actions) | Contains all activities related to replies to discussions posted to a team page. +| [`hook`](#hook-category-actions) | Contains all activities related to webhooks. +| [`integration_installation_request`](#integration_installation_request-category-actions) | Contains all activities related to organization member requests for owners to approve integrations for use in the organization. | +| [`issue`](#issue-category-actions) | Contains activities related to deleting an issue. {% if currentVersion == "free-pro-team@latest" %} +| [`marketplace_agreement_signature`](#marketplace_agreement_signature-category-actions) | Contains all activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement. +| [`marketplace_listing`](#marketplace_listing-category-actions) | Contains all activities related to listing apps in {% data variables.product.prodname_marketplace %}.{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %} +| [`members_can_create_pages`](#members_can_create_pages-category-actions) | Contains all activities related to disabling the publication of {% data variables.product.prodname_pages %} sites for repositories in the organization. For more information, see "[Restricting publication of {% data variables.product.prodname_pages %} sites for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-publication-of-github-pages-sites-for-your-organization)." | {% endif %} +| [`org`](#org-category-actions) | Contains activities related to organization membership.{% if currentVersion == "free-pro-team@latest" %} +| [`org_credential_authorization`](#org_credential_authorization-category-actions) | Contains all activities related to authorizing credentials for use with SAML single sign-on.{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.19" or currentVersion == "github-ae@latest" %} +| [`organization_label`](#organization_label-category-actions) | Contains all activities related to default labels for repositories in your organization.{% endif %} +| [`oauth_application`](#oauth_application-category-actions) | Contains all activities related to OAuth Apps. {% if currentVersion == "free-pro-team@latest" %} +| [`payment_method`](#payment_method-category-actions) | Contains all activities related to how your organization pays for GitHub.{% endif %} +| [`profile_picture`](#profile_picture-category-actions) | Contains all activities related to your organization's profile picture. +| [`project`](#project-category-actions) | Contains all activities related to project boards. +| [`protected_branch`](#protected_branch-category-actions) | Contains all activities related to protected branches. +| [`repo`](#repo-category-actions) | Contains activities related to the repositories owned by your organization.{% if currentVersion == "free-pro-team@latest" %} +| [`repository_advisory`](#repository_advisory-category-actions) | Contains repository-level activities related to security advisories in the {% data variables.product.prodname_advisory_database %}. For more information, see "[About {% data variables.product.prodname_dotcom %} Security Advisories](/github/managing-security-vulnerabilities/about-github-security-advisories)." +| [`repository_content_analysis`](#repository_content_analysis-category-actions) | Contains all activities related to [enabling or disabling data use for a private repository](/articles/about-github-s-use-of-your-data).{% endif %}{% if currentVersion != "github-ae@latest" %} +| [`repository_dependency_graph`](#repository_dependency_graph-category-actions) | Contains repository-level activities related to enabling or disabling the dependency graph for a {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repository. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} +| [`repository_secret_scanning`](#repository_secret_scanning-category-actions) | Contains repository-level activities related to secret scanning. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)." {% endif %}{% if currentVersion != "github-ae@latest" %} +| [`repository_vulnerability_alert`](#repository_vulnerability_alert-category-actions) | Contains all activities related to [{% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies).{% endif %}{% if currentVersion == "free-pro-team@latest" %} +| [`repository_vulnerability_alerts`](#repository_vulnerability_alerts-category-actions) | Contains repository-level configuration activities for {% data variables.product.prodname_dependabot %} alerts. {% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} +| [`secret_scanning`](#secret_scanning-category-actions) | Contains organization-level configuration activities for secret scanning in existing repositories. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)." +| [`secret_scanning_new_repos`](#secret_scanning_new_repos-category-actions) | Contains organization-level configuration activities for secret scanning for new repositories created in the organization. {% endif %}{% if currentVersion == "free-pro-team@latest" %} +| [`sponsors`](#sponsors-category-actions) | Contains all events related to sponsor buttons (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)"){% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} +| [`team`](#team-category-actions) | Contains all activities related to teams in your organization.{% endif %} +| [`team_discussions`](#team_discussions-category-actions) | Contains activities related to managing team discussions for an organization. You can search for specific sets of actions using these terms. For example: * `action:team` finds all events grouped within the team category. * `-action:hook` excludes all events in the webhook category. -Each category has a set of associated events that you can filter on. For example: +Each category has a set of associated actions that you can filter on. For example: * `action:team.create` finds all events where a team was created. * `-action:hook.events_changed` excludes all events where the events on a webhook have been altered. -This list describes the available categories and associated events: - -{% if currentVersion == "free-pro-team@latest" %}- [The `account` category](#the-account-category) -- [The `billing` category](#the-billing-category){% endif %} -- [The `discussion_post` category](#the-discussion_post-category) -- [The `discussion_post_reply` category](#the-discussion_post_reply-category) -- [The `hook` category](#the-hook-category) -- [The `integration_installation_request` category](#the-integration_installation_request-category) -- [The `issue` category](#the-issue-category){% if currentVersion == "free-pro-team@latest" %} -- [The `marketplace_agreement_signature` category](#the-marketplace_agreement_signature-category) -- [The `marketplace_listing` category](#the-marketplace_listing-category){% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %} -- [The `members_can_create_pages` category](#the-members_can_create_pages-category){% endif %} -- [The `org` category](#the-org-category){% if currentVersion == "free-pro-team@latest" %} -- [The `org_credential_authorization` category](#the-org_credential_authorization-category){% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.19" or currentVersion == "github-ae@latest" %} -- [The `organization_label` category](#the-organization_label-category){% endif %} -- [The `oauth_application` category](#the-oauth_application-category){% if currentVersion == "free-pro-team@latest" %} -- [The `payment_method` category](#the-payment_method-category){% endif %} -- [The `profile_picture` category](#the-profile_picture-category) -- [The `project` category](#the-project-category) -- [The `protected_branch` category](#the-protected_branch-category) -- [The `repo` category](#the-repo-category){% if currentVersion == "free-pro-team@latest" %} -- [The `repository_content_analysis` category](#the-repository_content_analysis-category) -- [The `repository_dependency_graph` category](#the-repository_dependency_graph-category){% endif %}{% if currentVersion != "github-ae@latest" %} -- [The `repository_vulnerability_alert` category](#the-repository_vulnerability_alert-category){% endif %}{% if currentVersion == "free-pro-team@latest" %} -- [The `sponsors` category](#the-sponsors-category){% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} -- [The `team` category](#the-team-category){% endif %} -- [The `team_discussions` category](#the-team_discussions-category) +#### Search based on time of action + +Use the `created` qualifier to filter events in the audit log based on when they occurred. {% data reusables.time_date.date_format %} {% data reusables.time_date.time_format %} + +{% data reusables.search.date_gt_lt %} For example: + + * `created:2014-07-08` finds all events that occurred on July 8th, 2014. + * `created:>=2014-07-08` finds all events that occurred on or after July 8th, 2014. + * `created:<=2014-07-08` finds all events that occurred on or before July 8th, 2014. + * `created:2014-07-01..2014-07-31` finds all events that occurred in the month of July 2014. + +The audit log contains data for the past 90 days, but you can use the `created` qualifier to search for events earlier than that. + +#### Search based on location + +Using the qualifier `country`, you can filter events in the audit log based on the originating country. You can use a country's two-letter short code or its full name. Keep in mind that countries with spaces in their name will need to be wrapped in quotation marks. For example: + + * `country:de` finds all events that occurred in Germany. + * `country:Mexico` finds all events that occurred in Mexico. + * `country:"United States"` all finds events that occurred in the United States. {% if currentVersion == "free-pro-team@latest" %} +### Exporting the audit log + +{% data reusables.audit_log.export-log %} +{% data reusables.audit_log.exported-log-keys-and-values %} +{% endif %} + +### Using the Audit log API + +{% note %} -##### The `account` category +**Note**: The Audit log API is available for organizations using {% data variables.product.prodname_enterprise %}. {% data reusables.gated-features.more-info-org-products %} + +{% endnote %} + +To ensure a secure IP and maintain compliance for your organization, you can use the Audit log API to keep copies of your audit log data and monitor: +* Access to your organization or repository settings. +* Changes in permissions. +* Added or removed users in an organization, repository, or team. +* Users being promoted to admin. +* Changes to permissions of a GitHub App. + +The GraphQL response can include data for up to 90 to 120 days. + +For example, you can make a GraphQL request to see all the new organization members added to your organization. For more information, see the "[GraphQL API Audit Log](/graphql/reference/interfaces#auditentry/)." + +### Audit log actions + +An overview of some of the most common actions that are recorded as events in the audit log. + +{% if currentVersion == "free-pro-team@latest" %} + +#### `account` category actions | Action | Description |------------------|------------------- @@ -101,30 +139,81 @@ This list describes the available categories and associated events: | `pending_plan_change` | Triggered when an organization owner or billing manager [cancels or downgrades a paid subscription](/articles/how-does-upgrading-or-downgrading-affect-the-billing-process/). | `pending_subscription_change` | Triggered when a [{% data variables.product.prodname_marketplace %} free trial starts or expires](/articles/about-billing-for-github-marketplace/). -##### The `billing` category +#### `advisory_credit` category actions + +| Action | Description +|------------------|------------------- +| `accept` | Triggered when someone accepts credit for a security advisory. For more information, see "[Editing a security advisory](/github/managing-security-vulnerabilities/editing-a-security-advisory)." +| `create` | Triggered when the administrator of a security advisory adds someone to the credit section. +| `decline` | Triggered when someone declines credit for a security advisory. +| `destroy` | Triggered when the administrator of a security advisory removes someone from the credit section. + +#### `billing` category actions | Action | Description |------------------|------------------- | `change_billing_type` | Triggered when your organization [changes how it pays for {% data variables.product.prodname_dotcom %}](/articles/adding-or-editing-a-payment-method). | `change_email` | Triggered when your organization's [billing email address](/articles/setting-your-billing-email) changes. +#### `dependabot_alerts` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_dependabot_alerts %} for all existing {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)." +| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_dependabot_alerts %} for all existing {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories. + +#### `dependabot_alerts_new_repos` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_dependabot_alerts %} for all new {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)." +| `enable` | Triggered when an organization owner enbles {% data variables.product.prodname_dependabot_alerts %} for all new {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories. + +#### `dependabot_security_updates` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_dependabot_security_updates %} for all existing repositories. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)." +| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_dependabot_security_updates %} for all existing repositories. + +#### `dependabot_security_updates_new_repos` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_dependabot_security_updates %} for all new repositories. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)." +| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_dependabot_security_updates %} for all new repositories. + +#### `dependency_graph` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables the dependency graph for all existing repositories. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)." +| `enable` | Triggered when an organization owner enables the dependency graph for all existing repositories. + +#### `dependency_graph_new_repos` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables the dependency graph for all new repositories. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)." +| `enable` | Triggered when an organization owner enables the dependency graph for all new repositories. + {% endif %} -##### The `discussion_post` category +#### `discussion_post` category actions | Action | Description |------------------|------------------- | `update` | Triggered when [a team discussion post is edited](/articles/managing-disruptive-comments/#editing-a-comment). | `destroy` | Triggered when [a team discussion post is deleted](/articles/managing-disruptive-comments/#deleting-a-comment). -##### The `discussion_post_reply` category +#### `discussion_post_reply` category actions | Action | Description |------------------|------------------- | `update` | Triggered when [a reply to a team discussion post is edited](/articles/managing-disruptive-comments/#editing-a-comment). | `destroy` | Triggered when [a reply to a team discussion post is deleted](/articles/managing-disruptive-comments/#deleting-a-comment). -##### The `hook` category +#### `hook` category actions | Action | Description |------------------|------------------- @@ -133,14 +222,14 @@ This list describes the available categories and associated events: | `destroy` | Triggered when an existing hook was removed from a repository. | `events_changed` | Triggered when the events on a hook have been altered. -##### The `integration_installation_request` category +#### `integration_installation_request` category actions | Action | Description |------------------|------------------- | `create` | Triggered when an organization member requests that an organization owner install an integration for use in the organization. | `close` | Triggered when a request to install an integration for use in an organization is either approved or denied by an organization owner, or canceled by the organization member who opened the request. -##### The `issue` category +#### `issue` category actions | Action | Description |------------------|------------------- @@ -148,13 +237,13 @@ This list describes the available categories and associated events: {% if currentVersion == "free-pro-team@latest" %} -##### The `marketplace_agreement_signature` category +#### `marketplace_agreement_signature` category actions | Action | Description |------------------|------------------- | `create` | Triggered when you sign the {% data variables.product.prodname_marketplace %} Developer Agreement. -##### The `marketplace_listing` category +#### `marketplace_listing` category actions | Action | Description |------------------|------------------- @@ -168,7 +257,7 @@ This list describes the available categories and associated events: {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %} -##### The `members_can_create_pages` category +#### `members_can_create_pages` category actions For more information, see "[Restricting publication of {% data variables.product.prodname_pages %} sites for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-publication-of-github-pages-sites-for-your-organization)." @@ -179,7 +268,7 @@ For more information, see "[Restricting publication of {% data variables.product {% endif %} -##### The `org` category +#### `org` category actions | Action | Description |------------------|-------------------{% if currentVersion == "free-pro-team@latest"%} @@ -222,7 +311,7 @@ For more information, see "[Restricting publication of {% data variables.product | `update_terms_of_service` | Triggered when an organization changes between the Standard Terms of Service and the Corporate Terms of Service. For more information, see "[Upgrading to the Corporate Terms of Service](/articles/upgrading-to-the-corporate-terms-of-service)."{% endif %} {% if currentVersion == "free-pro-team@latest" %} -##### The `org_credential_authorization` category +#### `org_credential_authorization` category actions | Action | Description |------------------|------------------- @@ -233,7 +322,7 @@ For more information, see "[Restricting publication of {% data variables.product {% endif %} {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.19" or currentVersion == "github-ae@latest" %} -##### The `organization_label` category +#### `organization_label` category actions | Action | Description |------------------|------------------- @@ -243,7 +332,7 @@ For more information, see "[Restricting publication of {% data variables.product {% endif %} -##### The `oauth_application` category +#### `oauth_application` category actions | Action | Description |------------------|------------------- @@ -255,7 +344,7 @@ For more information, see "[Restricting publication of {% data variables.product {% if currentVersion == "free-pro-team@latest" %} -##### The `payment_method` category +#### `payment_method` category actions | Action | Description |------------------|------------------- @@ -265,12 +354,12 @@ For more information, see "[Restricting publication of {% data variables.product {% endif %} -##### The `profile_picture` category +#### `profile_picture` category actions | Action | Description |------------------|------------------- | update | Triggered when you set or update your organization's profile picture. -##### The `project` category +#### `project` category actions | Action | Description |--------------------|--------------------- @@ -284,7 +373,7 @@ For more information, see "[Restricting publication of {% data variables.product | `update_team_permission` | Triggered when a team's project board permission level is changed or when a team is added or removed from a project board. | | `update_user_permission` | Triggered when an organization member or outside collaborator is added to or removed from a project board or has their permission level changed.| -##### The `protected_branch` category +#### `protected_branch` category actions | Action | Description |--------------------|--------------------- @@ -304,7 +393,7 @@ For more information, see "[Restricting publication of {% data variables.product | `update_linear_history_requirement_enforcement_level ` | Triggered when required linear commit history is enabled or disabled for a protected branch. {% endif %} -##### The `repo` category +#### `repo` category actions | Action | Description |------------------|------------------- @@ -334,34 +423,80 @@ For more information, see "[Restricting publication of {% data variables.product {% if currentVersion == "free-pro-team@latest" %} -##### The `repository_content_analysis` category +#### `repository_advisory` category actions + +| Action | Description +|------------------|------------------- +| `close` | Triggered when someone closes a security advisory. For more information, see "[About {% data variables.product.prodname_dotcom %} Security Advisories](/github/managing-security-vulnerabilities/about-github-security-advisories)." +| `cve_request` | Triggered when someone requests a CVE (Common Vulnerabilities and Exposures) number from {% data.variables.product.prodname_dotcom %} for a draft security advisory. +| `github_broadcast` | Triggered when {% data.variables.product.prodname_dotcom %} makes a security advisory public in the {% data variables.product.prodname_advisory_database %}. +| `github_withdraw` | Triggered when {% data.variables.product.prodname_dotcom %} withdraws a security advisory that was published in error. +| `open` | Triggered when someone opens a draft security advisory. +| `publish` | Triggered when someone publishes a security advisory. +| `reopen` | Triggered when someone reopens as draft security advisory. +| `update` | Triggered when someone edits a draft or published security advisory. + +#### `repository_content_analysis` category actions | Action | Description |------------------|------------------- | `enable` | Triggered when an organization owner or person with admin access to the repository [enables data use settings for a private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository). | `disable` | Triggered when an organization owner or person with admin access to the repository [disables data use settings for a private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository). -##### The `repository_dependency_graph` category +{% endif %}{% if currentVersion != "github-ae@latest" %} + +#### `repository_dependency_graph` category actions | Action | Description |------------------|------------------- -| `enable` | Triggered when a repository owner or person with admin access to the repository [enables the dependency graph for a private repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-and-dependents-of-a-repository). -| `disable` | Triggered when a repository owner or person with admin access to the repository [disables the dependency graph for a private repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-and-dependents-of-a-repository). +| `disable` | Triggered when a repository owner or person with admin access to the repository disables the dependency graph for a {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repository. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)." +| `enable` | Triggered when a repository owner or person with admin access to the repository enables the dependency graph for a {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repository. -{% endif %} -{% if currentVersion != "github-ae@latest" %} -##### The `repository_vulnerability_alert` category +{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} +#### `repository_secret_scanning` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when a repository owner or person with admin access to the repository disables secret scanning for a {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repository. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)." +| `enable` | Triggered when a repository owner or person with admin access to the repository enables secret scanning for a {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repository. + +{% endif %}{% if currentVersion != "github-ae@latest" %} +#### `repository_vulnerability_alert` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when {% data variables.product.product_name %} creates a {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %}{% else %}security{% endif %} alert for a repository that uses a vulnerable dependency. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." +| `dismiss` | Triggered when an organization owner or person with admin access to the repository dismisses a {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %}{% else %}security{% endif %} alert about a vulnerable dependency. +| `resolve` | Triggered when someone with write access to a repository pushes changes to update and resolve a vulnerability in a project dependency. + +{% endif %}{% if currentVersion == "free-pro-team@latest" %} +#### `repository_vulnerability_alerts` category actions + +| Action | Description +|------------------|------------------- +| `authorized_users_teams` | Triggered when an organization owner or a person with admin permissions to the repository updates the list of people or teams authorized to receive {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies in the repository. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-dependabot-alerts)." +| `disable` | Triggered when a repository owner or person with admin access to the repository disables {% data variables.product.prodname_dependabot_alerts %}. +| `enable` | Triggered when a repository owner or person with admin access to the repository enables {% data variables.product.prodname_dependabot_alerts %}. + +{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} +#### `secret_scanning` category actions | Action | Description |------------------|------------------- -| `create` | Triggered when {% data variables.product.product_name %} creates a [{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %}{% else %}security{% endif %} alert for a vulnerable dependency](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies) in a particular repository. -| `resolve` | Triggered when someone with write access to a repository [pushes changes to update and resolve a vulnerability](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies) in a project dependency. -| `dismiss` | Triggered when an organization owner or person with admin access to the repository dismisses a {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %}{% else %}security{% endif %} alert about a vulnerable dependency.{% if currentVersion == "free-pro-team@latest" %} -| `authorized_users_teams` | Triggered when an organization owner or a member with admin permissions to the repository [updates the list of people or teams authorized to receive {% data variables.product.prodname_dependabot_alerts %}](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-dependabot-alerts) for vulnerable dependencies in the repository.{% endif %} +| `disable` | Triggered when an organization owner disables secret scanning for all existing{% if currentVersion == "free-pro-team@latest" %}, private{% endif %} repositories. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)." +| `enable` | Triggered when an organization owner enables secret scanning for all existing{% if currentVersion == "free-pro-team@latest" %}, private{% endif %} repositories. + +#### `secret_scanning_new_repos` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables secret scanning for all new {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)." +| `enable` | Triggered when an organization owner enables secret scanning for all new {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories. + {% endif %} {% if currentVersion == "free-pro-team@latest" %} -##### The `sponsors` category +#### `sponsors` category actions | Action | Description |------------------|------------------- @@ -370,7 +505,7 @@ For more information, see "[Restricting publication of {% data variables.product {% endif %} {% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} -##### The `team` category +#### `team` category actions | Action | Description |------------------|------------------- @@ -384,60 +519,13 @@ For more information, see "[Restricting publication of {% data variables.product | `remove_repository` | Triggered when a repository is no longer under a team's control. {% endif %} -##### The `team_discussions` category +#### `team_discussions` category actions | Action | Description |---|---| | `disable` | Triggered when an organization owner disables team discussions for an organization. For more information, see "[Disabling team discussions for your organization](/articles/disabling-team-discussions-for-your-organization)." | `enable` | Triggered when an organization owner enables team discussions for an organization. -#### Search based on time of action - -Use the `created` qualifier to filter actions in the audit log based on when they occurred. {% data reusables.time_date.date_format %} {% data reusables.time_date.time_format %} - -{% data reusables.search.date_gt_lt %} For example: - - * `created:2014-07-08` finds all events that occurred on July 8th, 2014. - * `created:>=2014-07-08` finds all events that occurred on or after July 8th, 2014. - * `created:<=2014-07-08` finds all events that occurred on or before July 8th, 2014. - * `created:2014-07-01..2014-07-31` finds all events that occurred in the month of July 2014. - -The audit log contains data for the past 90 days, but you can use the `created` qualifier to search for events earlier than that. - -#### Search based on location - -Using the qualifier `country`, you can filter actions in the audit log based on the originating country. You can use a country's two-letter short code or its full name. Keep in mind that countries with spaces in their name will need to be wrapped in quotation marks. For example: - - * `country:de` finds all events that occurred in Germany. - * `country:Mexico` finds all events that occurred in Mexico. - * `country:"United States"` all finds events that occurred in the United States. - -{% if currentVersion == "free-pro-team@latest" %} -### Exporting the audit log - -{% data reusables.audit_log.export-log %} -{% data reusables.audit_log.exported-log-keys-and-values %} -{% endif %} - -### Using the Audit log API - -{% note %} - -**Note**: The Audit log API is available for organizations using {% data variables.product.prodname_enterprise %}. {% data reusables.gated-features.more-info-org-products %} - -{% endnote %} - -To ensure a secure IP and maintain compliance for your organization, you can use the Audit log API to keep copies of your audit log data and monitor: -* Access to your organization or repository settings. -* Changes in permissions. -* Added or removed users in an organization, repository, or team. -* Users being promoted to admin. -* Changes to permissions of a GitHub App. - -The GraphQL response can include data for up to 90 to 120 days. - -For example, you can make a GraphQL request to see all the new organization members added to your organization. For more information, see the "[GraphQL API Audit Log](/graphql/reference/interfaces#auditentry/)." - ### Further reading - "[Keeping your organization secure](/articles/keeping-your-organization-secure)"