From 35cc37cc4cc5df4d10037267fb9c7972129ef843 Mon Sep 17 00:00:00 2001
From: Tomoko Tanaka <28242405+tallzeebaa@users.noreply.github.com>
Date: Wed, 22 Oct 2025 09:41:18 +1100
Subject: [PATCH] Clarified the conditions under which IP addresses are
 displayed in the audit log for `api.request` events. (#58083)

---
 ...aying-ip-addresses-in-the-audit-log-for-your-enterprise.md | 2 +-
 ...ing-ip-addresses-in-the-audit-log-for-your-organization.md | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise.md
index 91b11e5896..c652ad0983 100644
--- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise.md
+++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise.md
@@ -36,7 +36,7 @@ If members of your enterprise access {% data variables.location.product_location
 * Interactions with a resource owned by the personal account, including a repository, gist, or project
 * Interactions with a public repository owned by an organization in your enterprise
 
-{% data variables.product.github %} does not display IP address in the audit log for `api.request` events triggered by GraphQL requests.
+{% data variables.product.github %} does not display IP addresses in the audit log for `api.request` events that do not have repository context, such as requests triggered by GraphQL or requests to endpoints that reference only a user or organization.
 
 ## Enabling display of IP addresses in the audit log
 
diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization.md
index 1d00e33871..0446379c16 100644
--- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization.md
+++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization.md
@@ -36,9 +36,9 @@ After you enable the feature, you can access the audit log to view events that i
 
 {% data variables.product.github %} displays an IP address for each event in the organization audit log that meets these criteria.
 
-* The actor is an organization member or owner
+* The actor is an organization member or owner.
 * The target is either an organization-owned repository that is private or internal, or an organization resource that is not a repository, such as a project.
-* For `api.request` events, the request was not triggered by GraphQL.
+* For `api.request` events, the request must have repository context; requests triggered by GraphQL or to endpoints that reference only a user or organization do not meet this condition.
 
 ## Enabling display of IP addresses in the audit log