GitHub Audit Log Detections Mod

Tailpipe is an open-source CLI tool that allows you to collect logs and query them with SQL.

GitHub is a provider of Internet hosting for software development and version control using Git. It offers the distributed version control and source code management (SCM) functionality of Git, plus its own features.

The GitHub Audit Log Detections Mod contains pre-built dashboards and detections, which can be used to monitor and analyze activity across your GitHub accounts.

Documentation

• Dashboards →
• Benchmarks and detections →

Getting Started

Install Powerpipe from the downloads page:

# MacOS
brew install turbot/tap/powerpipe

# Linux or Windows (WSL)
sudo /bin/sh -c "$(curl -fsSL https://powerpipe.io/install/powerpipe.sh)"

This mod also requires GitHub audit logs to be collected using Tailpipe with the GitHub plugin:

• Get started with the GitHub plugin for Tailpipe →

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod install github.com/turbot/tailpipe-mod-github-audit-log-detections

Browsing Dashboards

Start the dashboard server:

powerpipe server

Browse and view your dashboards at http://localhost:9033.

Running Benchmarks in Your Terminal

Instead of running benchmarks in a dashboard, you can also run them within your terminal with the powerpipe benchmark command:

List available benchmarks:

powerpipe benchmark list

Run a benchmark:

powerpipe benchmark run github_audit_log_detections.benchmark.mitre_attack_v161

Different output formats are also available, for more information please see Output Formats.