GitHub Enterprise Audit Logs

SamurAI [Local] Collector	SamurAI [Cloud] Collector

This integration ingests audit logs from GitHub Enterprise Cloud using GitHub’s audit log streaming capability, delivered to the SamurAI platform via Splunk HTTP Event Collection (HEC).

Prerequisites

Ensure that a Samurai Cloud Collector of type Splunk HTTP Event Collector (HEC) has been deployed via the SamurAI Portal.

Guide available here

If you are planning to reuse an already deployed Samurai HEC Cloud Collector you will need (displayed only upon creation):

API URL
Token

Configure audit log streaming

For additional information you can refer to the GitHub documentation on streaming the audit log.

GitHub Enterprise owner permissions are required to configure audit log streaming.

To configure audit log streaming to the SamurAI Splunk HEC Cloud Collector, follow the steps below:

Navigate to your enterprise
Click Settings at the top of the enterprise page
In the left sidebar, under Audit log, click Log streaming
Click the Configure stream dropdown and select Splunk
Perform the following steps using the values recorded during creation of a SamurAI Splunk HEC Collector:
5.1 In the Domain field, enter the API URL of the SamurAI collector
5.2 In the Port field, enter 443
5.3 In the Token field, enter the SamurAI Splunk HEC Collector Token value
5.4 Ensure Enable SSL verification is checked
Click Check endpoint to verify GitHub can reach the SamurAI HEC endpoint
Once verification succeeds, click Save

If endpoint verification fails, confirm the API URL and Token were copied correctly and retry.

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the SamurAI MDR Portal and we shall get it updated.