GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → github → ghec-audit-log-cli

github / ghec-audit-log-cli

Licence: MIT license
Query the GitHub Audit Log for your organization to send it over to other services like elastic, splunk or sentinel for visualization and security

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

githubenterpriseaudit-logservices-toolbox

Projects that are alternatives of or similar to ghec-audit-log-cli

Katlas
A distributed graph-based platform to automatically collect, discover, explore and relate multi-cluster Kubernetes resources and metadata.
Stars: ✭ 179 (+231.48%)
Mutual labels:  enterprise
Ant Design Vue
🌈 An enterprise-class UI components based on Ant Design and Vue. 🐜
Stars: ✭ 15,749 (+29064.81%)
Mutual labels:  enterprise
enterprise-policy-generator
The Enterprise Policy Engine allows administrators to configure Firefox via a configuration file. The Enterprise Policy Generator helps to create the configuration file.
Stars: ✭ 57 (+5.56%)
Mutual labels:  enterprise
Unpub
Self-hosted private Dart Pub server for Enterprise
Stars: ✭ 187 (+246.3%)
Mutual labels:  enterprise
Angular Ru Interview Questions
Вопросы на собеседовании по Angular
Stars: ✭ 224 (+314.81%)
Mutual labels:  enterprise
Pallas
Curator is to Zookeeper what Pallas is to Elasticsearch
Stars: ✭ 230 (+325.93%)
Mutual labels:  enterprise
Anylink
AnyLink是一个企业级远程办公 ssl vpn 软件,可以支持多人同时在线使用。基于 openconnect 协议开发,并且借鉴了 ocserv 的开发思路,可以完全兼容 AnyConnect 客户端。
Stars: ✭ 177 (+227.78%)
Mutual labels:  enterprise
auditor
auditor, the missing audit log library
Stars: ✭ 105 (+94.44%)
Mutual labels:  audit-log
Server
☁️ Nextcloud server, a safe home for all your data
Stars: ✭ 17,723 (+32720.37%)
Mutual labels:  enterprise
Jazz
Platform to develop and manage serverless applications at an enterprise scale!
Stars: ✭ 254 (+370.37%)
Mutual labels:  enterprise
Yii2 Cms
An enterprise application based on yii2 basic template
Stars: ✭ 188 (+248.15%)
Mutual labels:  enterprise
Uportal
Enterprise open source portal built by and for the higher education community.
Stars: ✭ 221 (+309.26%)
Mutual labels:  enterprise
Ax Boot Framework
Full Stack Java Web Application Framework with Java & HTML5
Stars: ✭ 244 (+351.85%)
Mutual labels:  enterprise
Slic Starter
A complete, serverless starter project
Stars: ✭ 184 (+240.74%)
Mutual labels:  enterprise
gh-token
Create an installation access token for a GitHub app from your terminal 💻
Stars: ✭ 154 (+185.19%)
Mutual labels:  enterprise
Inlets Pro
Secure TCP and HTTP tunnels that work anywhere
Stars: ✭ 179 (+231.48%)
Mutual labels:  enterprise
Mayan Edms
Free Open Source Document Management System (mirror, no pull request or issues)
Stars: ✭ 226 (+318.52%)
Mutual labels:  enterprise
Einstore
Enterprise appstore for easy app deployment, completely open sourced
Stars: ✭ 125 (+131.48%)
Mutual labels:  enterprise
doc-ses
Official SUSE Enterprise Storage documentation
Stars: ✭ 14 (-74.07%)
Mutual labels:  enterprise
Browser Sec Whitepaper
Cure53 Browser Security White Paper
Stars: ✭ 251 (+364.81%)
Mutual labels:  enterprise
View All Similar Projects ➔

CLI for the Audit Log using GHEC

This CLI made in node helps on querying the audit log. It can query the full audit providing all the data the API can serve, or, given a cursor, it can provide the newest entries from that specific moment.

You can build an sh script on top of this one to store the data or query it.

CLI arguments

This script can take the following arguments:

> node ghec-audit-log-cli.js "--help"

Usage: audit-log-ghec-cli [options]

Options:
  -v, --version             Output the current version
  -t, --token <string>      the token to access the API (mandatory)
  -o, --org <string>        the organization we want to extract the audit log from
  -cfg, --config <string>   location for the config yaml file. Default ".ghec-audit-log" (default: "./.ghec-audit-log")
  -p, --pretty              prints the json data in a readable format (default: false)
  -l, --limit <number>      a maximum limit on the number of items retrieved
  -f, --file <string>       the output file where the result should be printed
  -a, --api <string>        the version of GitHub API to call (default: "v4")
  -at, --api-type <string>  Only if -a is v3. API type to bring, either all, web or git (default: "all")
  -c, --cursor <string>     if provided, this cursor will be used to query the newest entries from the cursor provided. If not present, the result will contain all the audit log from the org
  -s, --source              indicate what source to use for the audit logs. Valid options are enterprise or org. Default: "org"
  -h, --help                display help for command

Optionally, you can create a file called .ghec-audit-log that supports the token and organization, and omit the parameters while running the script.

org: org-name
token: xxxxxxxxxxxxxxxx

About tokens and scopes

To use this CLI you will need to use a personal access token (PAT) with the correct scopes. The scopes will change depending on what source you are going to use to export the audit logs.

Endpoint source Needed scopes
User read:user
Repository public_repo
Organization read:org
Enterprise admin:enterprise

If you are running this utility against a GHEC account, we recommend that you create your PAT with both scopes.

Running the CLI

Execute the command using node or npm

Pre-requisites

Install the node dependencies:

$ git clone https://github.com/github/ghec-audit-log-cli
$ cd ghec-audit-log-cli
$ npm install

npm

$ npm run start -- --pretty

node

$ node ghec-audit-log-cli --pretty

Installing as CLI

Optionally you can install the script as a CLI and run it from the command line. To install it run:

$ git clone https://github.com/github/ghec-audit-log-cli
$ cd ghec-audit-log-cli
$ npm link

Then you can execute the script as a CLI using:

$ ghec-audit-log-cli -v

Forwarding the log using GitHub Actions

One of the most common uses of the CLI is to forward the log using GitHub actions. You can use as an starter workflow the ones provided in this repository for v3 or v4 and integrate it with your favorite service.

This workflow:

  • Runs periodically
  • Grabs any existing cursor as the last item grabbed from the log
  • Grabs the latest changes from the audit log
  • Forwards those changes to a service
  • Commits the latest cursor for the next call

Releases

To create a new release of the ghec-audit-log-cli:

How to use

  • Clone the audit-log-cli repository to your Organization
  • Set the Action to run on Cron
  • Create the GitHub Secrets needed to authenticate
  • Enjoy the logs

Secret Values

You will need to create the following Github Secrets To allow the tool to work:

  • AUDIT_LOG_TOKEN
    • This is a GitHub Personal Access Token used to authenticate to your Organization
    • Note: The token must have the admin:org set to be able to pull information
  • ORG_NAME
    • Name of the GitHub Organization to poll the audit log
  • WEBHOOK_URL
    • URL to a service where the generated json information is piped
  • COMMITTER_EMAIL
    • Email address for one of the primary committers on the repository

Notes

  • Modify the polling workflow to run on a cron, instead of push
  • The Organization must be a part of a GitHub Enterprise or the API calls will fail
  • The Personal Access token must be SSO enabled to query the GitHub Organization if it is enabled

Disclaimer

  1. This CLI provides all the events that the GitHub API offers through the GraphQL API. This is a subset of all the events that you can see through the UI.
  2. This tool will be deprecated when GitHub adds a forwarding behavior on GHEC.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].