Tag

Audit-Log

3 briefs RSS

GitHub Enterprise Audit Log Streaming Paused

Detection of a user pausing audit log event streaming in GitHub Enterprise, potentially indicating an attempt to evade detection by disabling the audit trail.

GitHub Enterprise +3 github audit-log defense-evasion

2r 2t Jan 4, 2024

low advisory

GitHub Self-Hosted Runner Configuration Changes Detected

3 rules 8 TTPs

Detection of changes to self-hosted runner configurations in GitHub environments can indicate potential impact, discovery, collection, persistence, privilege escalation, initial access, or stealth activities.

GitHub Actions github self-hosted-runner audit-log devops supply-chain

3r 8t Jan 3, 2024

high advisory

GitHub Enterprise Audit Log Event Stream Modification

2 rules 1 TTP

An attacker modifies or disables audit log event streaming in GitHub Enterprise to evade detection by preventing security monitoring platforms from receiving audit events.

Splunk Enterprise +3 github audit-log defense-evasion supply-chain

2r 1t Jan 3, 2024