🚀Launch Week 08, April 14th - 18th, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/tailpipe-mod-github-audit-log-detections
Overview
3Dashboards
17Benchmarks
24Queries
1Variables
GitHub

Query: personal_access_token_granted

Usage

powerpipe query github_audit_log_detections.query.personal_access_token_granted

Tailpipe Tables

github_audit_log
GitHub plugin

Tags

category = Detections
folder = Personal Access Token
plugin = github
service = GitHub/PersonalAccessToken

SQL

select
  tp_timestamp as timestamp,
  action as operation,
  additional_fields ->> 'user_programmatic_access_name' as resource,
  actor,
  tp_source_ip as source_ip,
  tp_index as organization,
  split_part(repo, '/', 2) as repository,
  tp_id as source_id,
  * exclude (actor, timestamp)
from
  github_audit_log
where
  action in ('personal_access_token.access_granted')
order by
  tp_timestamp desc;

Detections

The query is being used by the following detections: