account_password_changedactivity_dashboard_events_by_actionactivity_dashboard_failed_login_trendsactivity_dashboard_failed_loginsactivity_dashboard_integration_summaryactivity_dashboard_mfa_activityactivity_dashboard_total_eventsgpg_key_createdgpg_key_deletedlogin_failed_attemptslogin_from_unrecognized_devicelogin_with_recovery_codemfa_disabledmfa_method_removedmfa_recovery_code_regeneratedoauth_app_authorization_createdoauth_app_authorization_destroyedpersonal_access_token_grantedssh_key_createdssh_key_deleted
Query: oauth_app_authorization_destroyed
Usage
powerpipe query github_security_log_detections.query.oauth_app_authorization_destroyedTailpipe Tables
SQL
select tp_timestamp as timestamp,action as operation,concat('https://github.com/', user) as resource,actor,tp_source_ip as source_ip,tp_id as source_id,*exclude (actor, timestamp)
from github_security_logwhere action = 'oauth_authorization.destroy'order by tp_timestamp desc;
Detections
The query is being used by the following detections: