GitHub Audit Log Detections Mod
Tailpipe is an open-source CLI tool that allows you to collect logs and query them with SQL.
GitHub is a provider of Internet hosting for software development and version control using Git. It offers the distributed version control and source code management (SCM) functionality of Git, plus its own features.
The GitHub Audit Log Detections Mod contains pre-built dashboards and detections, which can be used to monitor and analyze activity across your GitHub accounts.
Documentation
Getting Started
Install Powerpipe from the downloads page:
# MacOSbrew install turbot/tap/powerpipe
# Linux or Windows (WSL)sudo /bin/sh -c "$(curl -fsSL https://powerpipe.io/install/powerpipe.sh)"
This mod also requires GitHub audit logs to be collected using Tailpipe with the GitHub plugin:
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod install github.com/turbot/tailpipe-mod-github-audit-log-detections
Browsing Dashboards
Start the dashboard server:
powerpipe server
Browse and view your dashboards at http://localhost:9033.
Running Benchmarks in Your Terminal
Instead of running benchmarks in a dashboard, you can also run them within your
terminal with the powerpipe benchmark
command:
List available benchmarks:
powerpipe benchmark list
Run a benchmark:
powerpipe benchmark run github_audit_log_detections.benchmark.mitre_attack_v161
Different output formats are also available, for more information please see Output Formats.