セキュリティログのイベント

個人アカウントに記録されているセキュリティログイベントについて学習します。

この記事の内容

メモ

この記事には、最新バージョンの GitHub Enterprise Server で使用できるイベントが含まれています。以前のバージョンでは、一部のイベントが使用できない場合があります。

この記事には、ユーザーアカウントのセキュリティログに表示される可能性があるイベントが含まれています。 Organization の監査ログまたは Enterprise の監査ログに表示できるイベントについては、「組織の監査ログイベント」と「エンタープライズの監査ログイベント」を参照してください。

セキュリティログイベントについて

各監査ログエントリの名前は、イベントのカテゴリと、それに続く操作タイプで構成されます。たとえば、repo.create エントリは repo カテゴリに対する create 操作を意味します。この記事の参照情報は、カテゴリ別にグループ化されています。

Audit log events

account

account.plan_change: The account's plan changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: How GitHub billing works

actions_cache

actions_cache.delete: A GitHub Actions cache was deleted using the REST API.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, actions_cache_id, actions_cache_key, actions_cache_version, actions_cache_scope, created_at, operation_type

artifact

artifact.destroy: A workflow run artifact was manually deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

billing

billing.change_billing_type: The way the account pays for GitHub was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: Managing your payment and billing information

billing.change_email: The billing email address changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, email
リファレンス: Managing your payment and billing information

business

business.security_center_export_code_scanning_metrics: A CSV export was requested on the "CodeQL pull request alerts" page.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, start_date, end_date, created_at, operation_type, actor_is_bot

business.security_center_export_coverage: A CSV export was requested on the "Coverage" page.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, created_at, operation_type, actor_is_bot

business.security_center_export_overview_dashboard: A CSV export was requested on the "Overview Dashboard" page.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, start_date, end_date, created_at, operation_type, actor_is_bot

business.security_center_export_risk: A CSV export was requested on the "Risk" page.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, created_at, operation_type, actor_is_bot

business.set_actions_fork_pr_approvals_policy: The policy for requiring approvals for workflows from public forks was changed for an enterprise.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, policy, created_at, operation_type
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.set_actions_private_fork_pr_approvals_policy: The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, policy, created_at, operation_type
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.set_actions_retention_limit: The retention period for GitHub Actions artifacts and logs was changed for an enterprise.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, limit, operation_type, created_at
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.set_default_workflow_permissions: The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, created_at, operation_type
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.set_fork_pr_workflows_policy: The policy for fork pull request workflows was changed for an enterprise.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, policy, operation_type, created_at
リファレンス: Enforcing policies for GitHub Actions in your enterprise

business.set_workflow_permission_can_approve_pr: The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, created_at, operation_type
リファレンス: Enforcing policies for GitHub Actions in your enterprise

checks

checks.auto_trigger_disabled: Automatic creation of check suites was disabled on a repository in the organization or enterprise.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, created_at, operation_type
リファレンス: /rest/checks#update-repository-preferences-for-check-suites

checks.auto_trigger_enabled: Automatic creation of check suites was enabled on a repository in the organization or enterprise.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at, public_repo
リファレンス: /rest/checks#update-repository-preferences-for-check-suites

checks.delete_logs: Logs in a check suite were deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

codespaces

codespaces.allow_permissions: A codespace using custom permissions from its devcontainer.json file was launched.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, origin_repository, created_at, operation_type

codespaces.connect: Credentials for a codespace were refreshed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, owner, name, operation_type, created_at, public_repo, actor_is_bot, machine_type, devcontainer_path

codespaces.create: A codespace was created
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, owner, name, operation_type, created_at, actor_is_bot, machine_type, devcontainer_path
リファレンス: Creating a codespace for a repository

codespaces.destroy: A user deleted a codespace.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, owner, name, operation_type, created_at
リファレンス: Deleting a codespace

codespaces.export_environment: A codespace was exported to a branch on GitHub.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, owner, created_at, operation_type, public_repo

codespaces.restore: A codespace was restored.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, public_repo, created_at, operation_type

codespaces.start_environment: A codespace was started.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, owner, pull_request_id, machine_type, devcontainer_path, public_repo, created_at, operation_type

codespaces.suspend_environment: A codespace was stopped.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, operation_type, created_at, public_repo

codespaces.trusted_repositories_access_update: A personal account's access and security setting for Codespaces were updated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: Managing access to other repositories within your codespace

copilot

copilot.cfb_seat_added: A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_assignment_created: A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: What is GitHub Copilot?

copilot.cfb_seat_assignment_refreshed: A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_assignment_reused: A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_assignment_unassigned: A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_cancelled: A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, seat_assignment

copilot.cfb_seat_cancelled_by_staff: A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.swe_agent_repo_disabled: Specific repositories were disabled from using Copilot coding agent.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner_type, owner, public_repo, created_at, operation_type

copilot.swe_agent_repo_enabled: Specific repositories were enabled to use Copilot coding agent.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner_type, owner, public_repo, created_at, operation_type

copilot.swe_agent_repo_enablement_updated: Copilot coding agent access was updated for the organization's or user's repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, new_access, old_access, owner_type, owner, created_at, operation_type

dependabot_alerts

dependabot_alerts.disable: Dependabot alerts were disabled for all existing repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories

dependabot_alerts.enable: Dependabot alerts were enabled for all existing repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories

dependabot_alerts_new_repos

dependabot_alerts_new_repos.disable: Dependabot alerts were disabled for all new repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added

dependabot_alerts_new_repos.enable: Dependabot alerts were enabled for all new repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added

dependabot_repository_access

dependabot_repository_access.repositories_updated: The repositories that Dependabot can access were updated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

dependabot_security_updates

dependabot_security_updates.disable: Dependabot security updates were disabled for all existing repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependabot_security_updates.enable: Dependabot security updates were enabled for all existing repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

dependabot_security_updates_new_repos

dependabot_security_updates_new_repos.disable: Dependabot security updates were disabled for all new repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependabot_security_updates_new_repos.enable: Dependabot security updates were enabled for all new repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

dependency_graph

dependency_graph.disable: The dependency graph was disabled for all existing repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependency_graph.enable: The dependency graph was enabled for all existing repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

dependency_graph_new_repos

dependency_graph_new_repos.disable: The dependency graph was disabled for all new repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependency_graph_new_repos.enable: The dependency graph was enabled for all new repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

environment

environment.add_protection_rule: A GitHub Actions deployment protection rule was created via the API.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at
リファレンス: Managing environments for deployment

environment.create_actions_secret: A secret was created for a GitHub Actions environment.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, key, visibility, operation_type, created_at, public_repo
リファレンス: Managing environments for deployment

environment.create_actions_variable: A variable was created for a GitHub Actions environment.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, environment_name, public_repo, created_at, operation_type, actor_is_bot
リファレンス: Store information in variables

environment.delete: An environment was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at, public_repo, actor_is_bot
リファレンス: Managing environments for deployment

environment.remove_actions_secret: A secret was deleted for a GitHub Actions environment.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, key, operation_type, created_at, public_repo
リファレンス: Managing environments for deployment

environment.remove_actions_variable: A variable was deleted for a GitHub Actions environment.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, environment_name, public_repo, created_at, operation_type
リファレンス: Store information in variables

environment.remove_protection_rule: A GitHub Actions deployment protection rule was deleted via the API.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at, public_repo
リファレンス: Managing environments for deployment

environment.update_actions_secret: A secret was updated for a GitHub Actions environment.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, key, visibility, operation_type, created_at, public_repo
リファレンス: Managing environments for deployment

environment.update_actions_variable: A variable was updated for a GitHub Actions environment.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, environment_name, public_repo, created_at, operation_type
リファレンス: Store information in variables

environment.update_protection_rule: A GitHub Actions deployment protection rule was updated via the API.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, new_value, approvers_was, approvers, can_admins_bypass, prevent_self_review
リファレンス: Managing environments for deployment

gist

gist.create: A gist was created.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, gist_id, created_at, operation_type, visibility

gist.destroy: A gist was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, gist_id, visibility, created_at, operation_type

gist.visibility_change: The visibility of a gist was updated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, gist_id, visibility, created_at

git_signing_ssh_public_key

git_signing_ssh_public_key.create: An SSH key was added to a user account as a Git commit signing key.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, key, fingerprint, created_at, operation_type
リファレンス: /authentication/managing-commit-signature-verification/telling-git-about-your-signing-key

git_signing_ssh_public_key.delete: An SSH key was removed from a user account as a Git commit signing key.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, key, fingerprint, explanation, created_at, operation_type
リファレンス: /authentication/managing-commit-signature-verification/telling-git-about-your-signing-key

hook

hook.active_changed: A hook's active status was updated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, name, events, active, active_was, hook_id, operation_type

hook.config_changed: A hook's configuration was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, name, hook_id, created_at, oauth_application_id, events

hook.create: A new hook was added.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, oauth_application_id, hook_id, events, operation_type, name, created_at
リファレンス: About webhooks

hook.destroy: A hook was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, events, created_at, name, operation_type, oauth_application_id, hook_id

hook.events_changed: A hook's configured events were changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, events, operation_type, name, events_were, created_at, hook_id, oauth_application_id

integration

integration.create: A GitHub App was created.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, name, integration, created_at, application_client_id

integration.destroy: A GitHub App was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, operation_type, created_at

integration.manager_added: A member of an enterprise or organization was added as a GitHub App manager.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, name, manager, operation_type, integration
リファレンス: /organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization

integration.manager_removed: A member of an enterprise or organization was removed from being a GitHub App manager.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, integration, name, created_at, manager
リファレンス: /organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization

integration.remove_client_secret: A client secret for a GitHub App was removed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, operation_type, created_at

integration.revoke_all_tokens: All user tokens for a GitHub App were requested to be revoked.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, operation_type, created_at, application_client_id

integration.revoke_tokens: Token(s) for a GitHub App were revoked.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, operation_type, created_at, application_client_id

integration.suspend: A GitHub App was suspended.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, created_at, operation_type, application_client_id
リファレンス: /apps/maintaining-github-apps/suspending-a-github-app-installation

integration.transfer: Ownership of a GitHub App was transferred to another user or organization.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, transfer_to_id, requester, requester_id, created_at, transfer_to, operation_type, integration, transfer_from, transfer_from_id, transfer_from_type, transfer_to_type
リファレンス: /apps/maintaining-github-apps/transferring-ownership-of-a-github-app

integration.unsuspend: A GitHub App was unsuspended.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, created_at, operation_type, application_client_id
リファレンス: /apps/maintaining-github-apps/suspending-a-github-app-installation

integration_installation

integration_installation.create: A GitHub App was installed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, name, repository_selection, created_at, integration, application_client_id
リファレンス: /apps/using-github-apps/authorizing-github-apps

integration_installation.destroy: A GitHub App was uninstalled.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, repository_selection, integration, operation_type, name, application_client_id
リファレンス: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access

integration_installation.repositories_added: Repositories were added to a GitHub App.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, repository_selection, name, integration, operation_type, repositories_added, created_at, repositories_added_names, actor_is_bot, application_client_id
リファレンス: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access

integration_installation.repositories_removed: Repositories were removed from a GitHub App.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, repository_selection, repositories_removed, integration, created_at, name, repositories_removed_names, actor_is_bot, application_client_id
リファレンス: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access

integration_installation.suspend: A GitHub App was suspended.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, repository_selection, integration, operation_type, created_at, application_client_id
リファレンス: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access

integration_installation.unsuspend: A GitHub App was unsuspended.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, repository_selection, integration, operation_type, created_at
リファレンス: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access

integration_installation.version_updated: Permissions for a GitHub App were updated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, integration, name, operation_type, created_at, repository_selection, application_client_id
リファレンス: /apps/using-github-apps/approving-updated-permissions-for-a-github-app

marketplace_agreement_signature

marketplace_agreement_signature.create: The GitHub Marketplace Developer Agreement was signed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

marketplace_listing

marketplace_listing.approve: A listing was approved for inclusion in GitHub Marketplace.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, secondary_category, primary_category, operation_type, created_at, marketplace_listing, integration

marketplace_listing.change_category: A category for a listing for an app in GitHub Marketplace was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, primary_category, marketplace_listing, integration, secondary_category, operation_type, created_at

marketplace_listing.create: A listing for an app in GitHub Marketplace was created.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, primary_category, created_at, oauth_application, marketplace_listing, secondary_category, oauth_application_id, operation_type

marketplace_listing.delist: A listing was removed from GitHub Marketplace.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, secondary_category, operation_type, marketplace_listing, primary_category, integration

marketplace_listing.redraft: A listing was sent back to draft state.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, secondary_category, oauth_application_id, operation_type, oauth_application, created_at, marketplace_listing, primary_category

marketplace_listing.reject: A listing was not accepted for inclusion in GitHub Marketplace.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, primary_category, secondary_category, marketplace_listing, oauth_application, oauth_application_id, operation_type, created_at

merge_queue

merge_queue.pull_request_dequeued: A pull request was removed from a merge queue.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type

merge_queue.pull_request_queue_jump: A pull request was moved ahead in a merge queue.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, public_repo, created_at, operation_type

merge_queue.queue_cleared: A merge queue was cleared.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type

merge_queue.update_settings: The settings for a merge queue were updated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, max_entries_to_build, min_entries_to_merge, public_repo, created_at, operation_type

migration

migration.create: A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot

oauth_access

oauth_access.create: An OAuth access token was generated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, oauth_application_name
リファレンス: /apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens

oauth_access.destroy: An OAuth access token was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, explanation, oauth_application_name
リファレンス: /apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps

oauth_access.regenerate: An OAuth access token was regenerated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, oauth_application_name

oauth_access.revoke: An OAuth access token was revoked.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

oauth_access.update: An OAuth access token was updated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

oauth_application

oauth_application.create: An OAuth application was created.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type, oauth_application
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.destroy: An OAuth application was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type, oauth_application
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.generate_client_secret: An OAuth application's secret key was generated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, oauth_application_id, operation_type, created_at
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.remove_client_secret: An OAuth application's secret key was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, oauth_application_id, operation_type, created_at
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.reset_secret: The secret key for an OAuth application was reset.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, operation_type, created_at, oauth_application_id
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.revoke_all_tokens: All user tokens for an OAuth application were requested to be revoked.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, oauth_application_id, operation_type, created_at
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.revoke_tokens: Token(s) for an OAuth application were revoked.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, oauth_application, created_at, operation_type
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.transfer: An OAuth application was transferred from one account to another.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, oauth_application, oauth_application_id
リファレンス: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_authorization

oauth_authorization.create: An authorization for an OAuth application was created.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, actor_is_bot, oauth_application_name
リファレンス: /apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps

oauth_authorization.destroy: An authorization for an OAuth application was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, explanation, actor_is_bot, oauth_application_name
リファレンス: Reviewing and revoking authorization of GitHub Apps

oauth_authorization.update: An authorization for an OAuth application was updated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, actor_is_bot, oauth_application_name
リファレンス: /apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps

org

org.add_member: A user joined an organization.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, permission, operation_type, created_at, actor_is_bot

org.add_outside_collaborator: An outside collaborator was added to a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, inviter, public_repo, permission, invitee, created_at, operation_type

org.advanced_security_disabled_for_new_repos: GitHub Advanced Security was disabled for new repositories in an organization.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.advanced_security_disabled_on_all_repos: GitHub Advanced Security was disabled for all repositories in an organization.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.advanced_security_enabled_for_new_repos: GitHub Advanced Security was enabled for new repositories in an organization.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.advanced_security_enabled_on_all_repos: GitHub Advanced Security was enabled for all repositories in an organization.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.remove_member: A member was removed from an organization, either manually or due to a two-factor authentication requirement.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

org.security_center_export_code_scanning_metrics: A CSV export was requested on the CodeQL pull request alerts page.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, start_date, end_date, created_at, operation_type, actor_is_bot

org.security_center_export_coverage: A CSV export was requested on the Coverage page.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, created_at, operation_type, actor_is_bot

org.security_center_export_overview_dashboard: A CSV export was requested on the Overview Dashboard page.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, start_date, end_date, created_at, operation_type, actor_is_bot

org.security_center_export_risk: A CSV export was requested on the Risk page.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, created_at, operation_type, actor_is_bot

org.set_actions_fork_pr_approvals_policy: The setting for requiring approvals for workflows from public forks was changed for an organization.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, policy, created_at, operation_type
リファレンス: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks

org.set_actions_private_fork_pr_approvals_policy: The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, policy, created_at, operation_type
リファレンス: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks

org.set_actions_retention_limit: The retention period for GitHub Actions artifacts and logs in an organization was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, limit, operation_type, created_at
リファレンス: /organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization

org.set_default_workflow_permissions: The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization

org.set_fork_pr_workflows_policy: The policy for workflows on private repository forks was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, policy, operation_type, created_at
リファレンス: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks

org.set_workflow_permission_can_approve_pr: The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests

org.update_member: A person's role was changed from owner to member or member to owner.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, old_permission, permission, operation_type

org.update_member_repository_creation_permission: The create repository permission for organization members was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, permission, created_at, visibility, operation_type

org.update_member_repository_invitation_permission: An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, permission, created_at, operation_type
リファレンス: Setting permissions for adding outside collaborators

pages_protected_domain

pages_protected_domain.create: A GitHub Pages verified domain was created for an organization or enterprise.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, owner_type, domain, state, created_at, operation_type
リファレンス: /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

pages_protected_domain.delete: A GitHub Pages verified domain was deleted from an organization or enterprise.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, owner_type, domain, state, created_at, operation_type
リファレンス: /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

pages_protected_domain.verify: A GitHub Pages domain was verified for an organization or enterprise.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, owner_type, domain, state, created_at, operation_type
リファレンス: /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

passkey

passkey.register: A new passkey was added.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, nickname, created_at, operation_type

passkey.remove: A new passkey was removed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, nickname, created_at, operation_type

payment_method

payment_method.create: A new payment method was added, such as a new credit card or PayPal account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

payment_method.remove: A payment method was removed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

payment_method.update: An existing payment method was updated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

personal_access_token

personal_access_token.access_granted: A fine-grained personal access token was granted access to resources.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_id, user_programmatic_access_name, repository_selection, created_at, operation_type
リファレンス: /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization

personal_access_token.access_revoked: A fine-grained personal access token was revoked. The token can still read public organization resources.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_id, user_programmatic_access_name, repository_selection, created_at, operation_type
リファレンス: /organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization

personal_access_token.create: Triggered when you create a fine-grained personal access token.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, repository_selection, created_at, operation_type

personal_access_token.credential_regenerated: Triggered when you regenerate a fine-grained personal access token.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, created_at, operation_type

personal_access_token.credential_revoked: A fine-grained personal access token was revoked by GitHub Advanced Security.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, created_at, operation_type
リファレンス: /code-security/getting-started/github-security-features#secret-scanning-alerts-for-users

personal_access_token.destroy: Triggered when you delete a fine-grained personal access token.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, explanation, created_at, operation_type

personal_access_token.request_cancelled: A pending request for a fine-grained personal access token to access organization resources was canceled.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, repository_selection, created_at, operation_type, user_programmatic_access_request_id

personal_access_token.request_created: Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_id, user_programmatic_access_name, repository_selection, created_at, operation_type, user_programmatic_access_request_id
リファレンス: /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization

personal_access_token.request_denied: A request for a fine-grained personal access token to access organization resources was denied.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, repository_selection, created_at, operation_type, user_programmatic_access_request_id
リファレンス: /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization

personal_access_token.update: A fine-grained personal access token was updated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, repository_selection, created_at, operation_type
リファレンス: /authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens

profile_picture

profile_picture.update: A profile picture was updated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, owner, operation_type
リファレンス: Personalize your profile

project

project.access: A project board visibility was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.close: A project board was closed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, project_id, project_kind
リファレンス: Closing a project (classic)

project.create: A project board was created.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.delete: A project board was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.link: A repository was linked to a project board.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.open: A project board was reopened.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, project_id, operation_type, created_at, project_kind, project_name
リファレンス: Reopening a closed project (classic)

project.rename: A project board was renamed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, old_name, operation_type

project.unlink: A repository was unlinked from a project board.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.update_org_permission: The project's base-level permission for all organization members was changed or removed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.update_team_permission: A team's project board permission level was changed or when a team was added or removed from a project board.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, team

project.update_user_permission: A user was added to or removed from a project board or had their permission level changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.visibility_private: A project's visibility was changed from public to private.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, project_id, created_at, operation_type, project_kind, project_name

project.visibility_public: A project's visibility was changed from private to public.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, project_id, created_at, operation_type, project_kind, project_name

project_collaborator

project_collaborator.add: A collaborator was added to a project.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, collaborator_type, collaborator, created_at, operation_type, actor_is_bot, public_project, project_name, project_role, old_project_role

project_collaborator.remove: A collaborator was removed from a project.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, collaborator_type, collaborator, created_at, operation_type

project_collaborator.update: A project collaborator's permission level was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_project, project_name, collaborator_type, project_role, old_project_role, project_id, collaborator, created_at, operation_type

project_field

project_field.create: A field was created in a project board.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /issues/planning-and-tracking-with-projects/understanding-fields

project_field.delete: A field was deleted in a project board.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields

project_view

project_view.create: A view was created in a project board.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views

project_view.delete: A view was deleted in a project board.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views

protected_branch

protected_branch.update_merge_queue_enforcement_level: Enforcement of the merge queue was modified for a branch.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, merge_queue_enforcement_level, public_repo, created_at, operation_type
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue

public_key

public_key.create: An SSH key was added to a user account or a deploy key was added to a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, read_only, operation_type, created_at, key, fingerprint, title
リファレンス: /authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account

public_key.delete: An SSH key was removed from a user account or a deploy key was removed from a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, fingerprint, read_only, explanation, key, operation_type, title, created_at
リファレンス: /authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys

public_key.unverification_failure: A user account's SSH key or a repository's deploy key was unable to be unverified.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, key, fingerprint, read_only, created_at, operation_type
リファレンス: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.unverify: A user account's SSH key or a repository's deploy key was unverified.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, title, key, read_only, explanation, fingerprint
リファレンス: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.update: A user account's SSH key or a repository's deploy key was updated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, fingerprint, read_only, operation_type, created_at, title
リファレンス: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.verification_failure: A user account's SSH key or a repository's deploy key was unable to be verified.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, fingerprint, oauth_application_id, title, created_at, read_only, operation_type
リファレンス: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.verify: A user account's SSH key or a repository's deploy key was verified.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, key, fingerprint, title, read_only
リファレンス: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

repo

repo.access: The visibility of a repository changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, visibility, previous_visibility
リファレンス: /repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility

repo.actions_enabled: GitHub Actions was enabled for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api

repo.add_member: A collaborator was added to a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, created_at, operation_type, oauth_application_id
リファレンス: Inviting collaborators to a personal repository

repo.add_topic: A topic was added to a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, topic, created_at, operation_type
リファレンス: /repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics

repo.advanced_security_disabled: GitHub Advanced Security was disabled for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, actor_is_bot
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository

repo.advanced_security_enabled: GitHub Advanced Security was enabled for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, public_repo, actor_is_bot
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository

repo.archived: A repository was archived.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, visibility
リファレンス: /repositories/archiving-a-github-repository

repo.change_merge_setting: Pull request merge options were changed for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, created_at, operation_type, public_repo, actor_is_bot

repo.code_scanning_analysis_deleted: Code scanning analysis for a repository was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, operation_type, created_at, public_repo, tool, category
リファレンス: /rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository

repo.code_scanning_configuration_for_branch_deleted: A code scanning configuration for a branch of a repository was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, tool, branch, category, public_repo, created_at, operation_type
リファレンス: Resolving code scanning alerts

repo.config.disable_collaborators_only: The interaction limit for collaborators only was disabled.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.disable_contributors_only: The interaction limit for prior contributors only was disabled in a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.disable_sockpuppet_disallowed: The interaction limit for existing users only was disabled in a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.enable_collaborators_only: The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, created_at, operation_type
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.enable_contributors_only: The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.enable_sockpuppet_disallowed: The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.configure_self_hosted_jit_runner: A new just-in-time GitHub Actions self-hosted runner was configured
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, public_repo, created_at, operation_type
リファレンス: /rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository

repo.create: A repository was created.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, request_category, created_at, oauth_application_id, request_method, public_repo, actor_is_bot
リファレンス: /repositories/creating-and-managing-repositories/creating-a-new-repository

repo.create_actions_secret: A GitHub Actions secret was created for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, operation_type, created_at
リファレンス: Using secrets in GitHub Actions

repo.create_actions_variable: A GitHub Actions variable was created for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, public_repo, created_at, operation_type
リファレンス: Store information in variables

repo.create_integration_secret: A Codespaces or Dependabot secret was created for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, integration, operation_type, created_at, public_repo

repo.destroy: A repository was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, request_category, visibility, created_at, request_method, oauth_application_id, actor_is_bot
リファレンス: /repositories/creating-and-managing-repositories/deleting-a-repository

repo.pages_cname: A GitHub Pages custom domain was modified in a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, cname, created_at, operation_type, old_cname

repo.pages_create: A GitHub Pages site was created.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at

repo.pages_destroy: A GitHub Pages site was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, visibility, operation_type

repo.pages_https_redirect_disabled: HTTPS redirects were disabled for a GitHub Pages site.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at

repo.pages_https_redirect_enabled: HTTPS redirects were enabled for a GitHub Pages site.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, visibility, operation_type

repo.pages_private: A GitHub Pages site visibility was changed to private.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at

repo.pages_public: A GitHub Pages site visibility was changed to public.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at

repo.pages_soft_delete: A GitHub Pages site was soft-deleted because its owner's plan changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type

repo.pages_soft_delete_restore: A GitHub Pages site that was previously soft-deleted was restored.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type

repo.pages_source: A GitHub Pages source was modified.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, visibility, created_at

repo.register_self_hosted_runner: A new self-hosted runner was registered.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: Adding self-hosted runners

repo.remove_actions_secret: A GitHub Actions secret was deleted for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, operation_type, created_at
リファレンス: Using secrets in GitHub Actions

repo.remove_actions_variable: A GitHub Actions variable was deleted for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, public_repo, created_at, operation_type
リファレンス: Store information in variables

repo.remove_integration_secret: A Codespaces or Dependabot secret was deleted for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, integration, operation_type, created_at, public_repo

repo.remove_member: A collaborator was removed from a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, visibility
リファレンス: Removing a collaborator from a personal repository

repo.remove_self_hosted_runner: A self-hosted runner was removed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: Removing self-hosted runners

repo.remove_topic: A topic was removed from a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, topic, operation_type, created_at

repo.rename: A repository was renamed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, old_name, created_at, operation_type, visibility
リファレンス: /repositories/creating-and-managing-repositories/renaming-a-repository

repo.set_actions_fork_pr_approvals_policy: The setting for requiring approvals for workflows from public forks was changed for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, policy, created_at, operation_type, public_repo
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks

repo.set_actions_private_fork_pr_approvals_policy: The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, policy, public_repo, created_at, operation_type
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories

repo.set_actions_retention_limit: The retention period for GitHub Actions artifacts and logs in a repository was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, limit, operation_type, created_at
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository

repo.set_default_workflow_permissions: The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository

repo.set_fork_pr_workflows_policy: Triggered when the policy for workflows on private repository forks is changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, policy, operation_type, created_at
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks

repo.set_workflow_permission_can_approve_pr: The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type
リファレンス: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests

repo.staff_unlock: An enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

repo.temporary_access_granted: Temporary access was enabled for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type
リファレンス: Accessing user-owned repositories in your enterprise

repo.transfer: A user accepted a request to receive a transferred repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, old_user, operation_type, created_at, visibility, repo_was
リファレンス: /repositories/creating-and-managing-repositories/transferring-a-repository

repo.transfer_outgoing: A repository was transferred to another repository network.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, new_nwo, visibility, created_at, operation_type, public_repo

repo.transfer_start: A user sent a request to transfer a repository to another user or organization.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, visibility

repo.unarchived: A repository was unarchived.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, visibility
リファレンス: /repositories/archiving-a-github-repository

repo.update_actions_access_settings: The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, policy, old_policy, created_at, operation_type

repo.update_actions_secret: A GitHub Actions secret was updated for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, key, operation_type, created_at
リファレンス: Using secrets in GitHub Actions

repo.update_actions_settings: A repository administrator changed GitHub Actions policy settings for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at, new_policy, old_policy, updated_access_policy, actor_is_bot

repo.update_actions_variable: A GitHub Actions variable was updated for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, public_repo, created_at, operation_type
リファレンス: Store information in variables

repo.update_default_branch: The default branch for a repository was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at, actor_is_bot

repo.update_integration_secret: A Codespaces or Dependabot secret was updated for a repository.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, integration, operation_type, created_at, public_repo

repo.update_member: A user's permission to a repository was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type, visibility, old_permission, old_base_role, old_repo_permission, old_repo_base_role, new_repo_base_role, new_repo_permission, actor_is_bot

repository_image

repository_image.create: An image to represent a repository was uploaded.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, content_type

repository_image.destroy: An image to represent a repository was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, content_type, created_at, operation_type

repository_invitation

repository_invitation.accept: An invitation to join a repository was accepted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, invitee, operation_type, inviter

repository_invitation.cancel: An invitation to join a repository was canceled.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, inviter, operation_type, invitee, created_at

repository_invitation.create: An invitation to join a repository was sent.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, invitee, inviter, created_at, operation_type

repository_invitation.reject: An invitation to join a repository was declined.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, invitee, operation_type, created_at, inviter

repository_ruleset

repository_ruleset.create: A repository ruleset was created.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, public_repo, created_at, operation_type, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules, ruleset_conditions, ruleset_bypass_actors
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository

repository_ruleset.destroy: A repository ruleset was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, public_repo, created_at, operation_type, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules, ruleset_bypass_actors
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset

repository_ruleset.update: A repository ruleset was edited.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, old_name, public_repo, created_at, operation_type, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules_updated, ruleset_conditions_added, ruleset_conditions_deleted, ruleset_old_enforcement, ruleset_rules_added, ruleset_rules_deleted, ruleset_old_name, ruleset_conditions_updated, ruleset_bypass_actors_added, ruleset_bypass_actors_deleted, ruleset_bypass_actors_updated, actor_is_bot
リファレンス: /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset

security_key

security_key.register: A security key was registered for an account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

security_key.remove: A security key was removed from an account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

sub_issues

sub_issues.parent_issue_add: A parent issue was added to an issue.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

sub_issues.parent_issue_remove: A parent issue was removed from an issue.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

sub_issues.sub_issue_add: A sub-issue was added to an issue.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

sub_issues.sub_issue_remove: A sub-issue was removed from an issue.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

successor_invitation

successor_invitation.accept: Triggered when you accept a succession invitation.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: Maintaining ownership continuity of your personal account's repositories

successor_invitation.cancel: Triggered when you cancel a succession invitation.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: Maintaining ownership continuity of your personal account's repositories

successor_invitation.create: Triggered when you create a succession invitation.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: Maintaining ownership continuity of your personal account's repositories

successor_invitation.decline: Triggered when you decline a succession invitation.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: Maintaining ownership continuity of your personal account's repositories

successor_invitation.revoke: Triggered when you revoke a succession invitation.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: Maintaining ownership continuity of your personal account's repositories

trusted_device

trusted_device.register: A new trusted device was added.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

trusted_device.remove: A trusted device was removed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

two_factor_authentication

two_factor_authentication.add_factor: A secondary authentication factor was added to a user account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication

two_factor_authentication.disabled: Two-factor authentication was disabled for a user account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: Disabling two-factor authentication for your personal account

two_factor_authentication.enabled: Two-factor authentication was enabled for a user account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: Configuring two-factor authentication

two_factor_authentication.password_reset_fallback_sms: A one-time password code was sent to a user account fallback phone number.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

two_factor_authentication.recovery_codes_regenerated: Two factor recovery codes were regenerated for a user account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

two_factor_authentication.remove_factor: A secondary authentication factor was removed from a user account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication

two_factor_authentication.sign_in_fallback_sms: A one-time password code was sent to a user account fallback phone number.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

two_factor_authentication.update_fallback: The two-factor authentication fallback for a user account was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user

user.add_email: An email address was added to a user account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, email, created_at
リファレンス: Adding an email address to your GitHub account

user.async_delete: An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.audit_log_export: Audit log entries were exported.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.block_user: A user was blocked by another user.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, blocked_user, operation_type, created_at

user.change_password: A user changed their password.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.codespaces_trusted_repo_access_granted: Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: Managing access to other repositories within your codespace

user.codespaces_trusted_repo_access_revoked: Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: Managing access to other repositories within your codespace

user.create: A new user account was created.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, email, operation_type, created_at

user.create_integration_secret: A user secret for Codespaces was created.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, integration, created_at, operation_type

user.creation_rate_limit_exceeded: The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, oauth_application_id

user.delete: A user account was destroyed by an asynchronous job.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.demote: A site administrator was demoted to an ordinary user account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, created_at, operation_type

user.destroy: A user deleted his or her account, triggering user.async_delete.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.failed_login: A user tried to sign in with an incorrect username, password, or two-factor authentication code.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.forgot_password: A user requested a password reset.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, email, created_at
リファレンス: /authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials

user.hide_private_contributions_count: A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: Manage visibility settings for private contributions

user.login: A user signed in.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, passkey_nickname

user.logout: A user signed out.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.new_device_used: A user signed in from a new device.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.promote: An ordinary user account was promoted to a site administrator.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type

user.recreate: A user's account was restored.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.remove_email: An email address was removed from a user account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, email

user.remove_integration_secret: A user secret for Codespaces was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, integration, created_at, operation_type

user.rename: A username was changed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, old_login, created_at, operation_type

user.reset_password: A user reset their account password.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.show_private_contributions_count: A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now shown.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
リファレンス: Manage visibility settings for private contributions

user.sign_in_from_unrecognized_device: A user signed in from an unrecognized device.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.sign_in_from_unrecognized_device_and_location: A user signed in from an unrecognized device and location.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.suspend: A user account was suspended.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, operation_type, created_at

user.two_factor_challenge_failure: A 2FA challenge issued for a user account failed.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.two_factor_challenge_success: A 2FA challenge issued for a user account succeeded.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.two_factor_recover: A user used their 2FA recovery codes.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.two_factor_recovery_codes_downloaded: A user downloaded 2FA recovery codes for their account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.two_factor_recovery_codes_printed: A user printed 2FA recovery codes for their account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.two_factor_recovery_codes_viewed: A user viewed 2FA recovery codes for their account.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.two_factor_requested: A user was prompted for a two-factor authentication code.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
リファレンス: /authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication

user.unblock_user: A user was unblocked by another user.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, blocked_user, operation_type, created_at

user.unsuspend: A user account was unsuspended.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, operation_type, created_at

user.update_integration_secret: A user secret for Codespaces was updated.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, integration, created_at, operation_type

user_email

user_email.confirm_claim: An enterprise managed user claimed an email address.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot

user_status

user_status.destroy: Triggered when you clear the status on your profile.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, message, created_at, limited_availability, emoji, operation_type

user_status.update: Triggered when you set or change the status on your profile.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, limited_availability, message, created_at, emoji, operation_type
リファレンス: Personalize your profile

workflows

workflows.approve_workflow_job: A workflow job was approved.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, workflow_run_id, run_number, operation_type, created_at, public_repo
リファレンス: Reviewing deployments

workflows.delete_workflow_run: A workflow run was deleted.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, workflow_run_id, started_at, head_branch, head_sha, trigger_id
リファレンス: Deleting a workflow run

workflows.disable_workflow: A workflow was disabled.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, workflow_id, operation_type, created_at, public_repo, actor_is_bot

workflows.enable_workflow: A workflow was enabled, after previously being disabled by disable_workflow.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, workflow_id, operation_type, created_at, public_repo

workflows.pin_workflow: A workflow was pinned.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, workflow_id, created_at, operation_type, actor_is_bot

workflows.reject_workflow_job: A workflow job was rejected.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, workflow_run_id, run_number, operation_type, created_at, public_repo
リファレンス: Reviewing deployments

workflows.unpin_workflow: A workflow was unpinned after previously being pinned.
フィールド: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, workflow_id, created_at, operation_type, actor_is_bot

セキュリティ ログのイベント

この記事の内容

セキュリティログのイベント