Query: organization_ip_allow_list_entry_updated

select
  tp_timestamp as timestamp,
action as operation,
concat('https://github.com/', org) as resource,
actor,
tp_source_ip as source_ip,
tp_index as organization,
split_part(repo, '/', 2) as repository,
tp_id as source_id,
*
exclude (actor, timestamp)

from
  github_audit_log
where
  action in (
    'ip_allow_list_entry.create',
    'ip_allow_list_entry.destroy',
    'ip_allow_list_entry.update'
  )
order by
  tp_timestamp desc;