diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise.md index bb726e5ead..acb6f1274f 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise.md +++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise.md @@ -9,6 +9,7 @@ redirect_from: - /articles/viewing-the-audit-logs-for-organizations-in-your-enterprise-account - /github/setting-up-and-managing-your-enterprise-account/viewing-the-audit-logs-for-organizations-in-your-enterprise-account - /github/setting-up-and-managing-your-enterprise/viewing-the-audit-logs-for-organizations-in-your-enterprise-account + - /admin/user-management/managing-organizations-in-your-enterprise/viewing-the-audit-logs-for-organizations-in-your-enterprise versions: ghec: '*' ghes: '*' diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md index 88f20935fe..e93d241ff3 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md +++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md @@ -192,6 +192,16 @@ Action | Description | `commit_comment.update` | A commit comment was updated. {%- endif %} +{%- ifversion ghes %} +### `config_entry` category actions + +| Action | Description +|--------|------------- +| `config_entry.create` | A configuration setting was created. These events are only visible in the site admin audit log. The type of events recorded relate to:
- Enterprise settings and policies
- Organization and repository permissions and settings
- Git, Git LFS, {% data variables.product.prodname_github_connect %}, {% data variables.product.prodname_registry %}, project, and code security settings. +| `config_entry.destroy` | A configuration setting was deleted. These events are only visible in the site admin audit log. The type of events recorded relate to:
- Enterprise settings and policies
- Organization and repository permissions and settings
- Git, Git LFS, {% data variables.product.prodname_github_connect %}, {% data variables.product.prodname_registry %}, project, and code security settings. +| `config_entry.update` | A configuration setting was edited. These events are only visible in the site admin audit log. The type of events recorded relate to:
- Enterprise settings and policies
- Organization and repository permissions and settings
- Git, Git LFS, {% data variables.product.prodname_github_connect %}, {% data variables.product.prodname_registry %}, project, and code security settings. +{%- endif %} + {%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-4864 %} ### `dependabot_alerts` category actions @@ -367,6 +377,14 @@ Action | Description | `external_identity.update` | An Okta user's settings were updated. For more information, see "[Mapping Okta groups to teams](/admin/identity-and-access-management/configuring-authentication-and-provisioning-with-your-identity-provider/mapping-okta-groups-to-teams)." {%- endif %} +### `gist` category actions + +| Action | Description +|--------|------------- +| `gist.create` | A gist is created. +| `gist.destroy` | A gist is deleted. +| `gist.visibility_change` | The visibility of a gist is changed. + ### `git` category actions | Action | Description @@ -1075,6 +1093,14 @@ Action | Description | `repository_image.create` | An image to represent a repository was uploaded. | `repository_image.destroy` | An image to represent a repository was deleted. +### `repository_invitation` category actions + +| Action | Description +|--------|------------- +| `repository_invitation.accept` | An invitation to join a repository was accepted. +| `repository_invitation.create` | An invitation to join a repository was sent. +| `repository_invitation.reject` | An invitation to join a repository was canceled. + ### `repository_projects_change` category actions | Action | Description @@ -1242,10 +1268,18 @@ Action | Description {%- endif %} | `staff.repo_lock` | An organization{% ifversion ghes %}, repository or site{% else %} or repository{% endif %} administrator locked (temporarily gained full access to) a user's private repository. | `staff.repo_unlock` | An organization{% ifversion ghes %}, repository or site{% else %} or repository{% endif %} administrator unlocked (ended their temporary access to) a user's private repository. -| `staff.unlock` | An enterprise owner{% ifversion ghes %} or site administrator{% endif %} unlocked (temporarily gained full access to) all of a user's private repositories. +{%- ifversion ghes %} +| `staff.search_audit_log` | A site administrator performed a search of the site admin audit log. +{%- endif %} | `staff.set_domain_token_expiration` | {% ifversion ghes %}A site administrator or {% endif %}GitHub staff set the verification code expiry time for an organization or enterprise domain. {% ifversion ghec or ghes > 3.1 %}For more information, see "[Verifying or approving a domain for your organization](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)" and "[Verifying or approving a domain for your enterprise](/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise)."{% endif %} +{%- ifversion ghes %} +| `staff.unlock` | A site administrator unlocked (temporarily gained full access to) all of a user's private repositories. +{%- endif %} | `staff.unverify_domain` | {% ifversion ghes %}A site administrator or {% endif %}GitHub staff unverified an organization or enterprise domain. {% ifversion ghec or ghes > 3.1 %}For more information, see "[Verifying or approving a domain for your organization](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)" and "[Verifying or approving a domain for your enterprise](/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise)."{% endif %} | `staff.verify_domain` | {% ifversion ghes %}A site administrator or {% endif %}GitHub staff verified an organization or enterprise domain. {% ifversion ghec or ghes > 3.1 %}For more information, see "[Verifying or approving a domain for your organization](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)" and "[Verifying or approving a domain for your enterprise](/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise)."{% endif %} +{%- ifversion ghes %} +| `staff.view_audit_log` | A site administrator viewed the site admin audit log. +{%- endif %} ### `team` category actions diff --git a/data/reusables/audit_log/audit-log-action-categories.md b/data/reusables/audit_log/audit-log-action-categories.md index 8c6bd8099a..a9e39f774f 100644 --- a/data/reusables/audit_log/audit-log-action-categories.md +++ b/data/reusables/audit_log/audit-log-action-categories.md @@ -25,6 +25,9 @@ | `codespaces` | Contains activities related to an organization's codespaces. {%- endif %} | `commit_comment` | Contains activities related to updating or deleting commit comments. +{%- ifversion ghes %} +| `config_entry` | Contains activities related to configuration settings. These events are only visible in the site admin audit log. +{%- endif %} {%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-4864 %} | | `dependabot_alerts` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." | `dependabot_alerts_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in new repositories created in the organization. @@ -59,6 +62,7 @@ | `external_group` | Contains activities related to Okta groups. | `external_identity` | Contains activities related to a user in an Okta group. {%- endif %} +| `gist` | Contains activities related to Gists. | `git` | Contains activities related to Git events. | `hook` | Contains activities related to webhooks. | `integration` | Contains activities related to integrations in an account. @@ -138,7 +142,8 @@ | `repository_content_analysis` | Contains activities related to [enabling or disabling data use for a private repository](/articles/about-github-s-use-of-your-data). | `repository_dependency_graph` | Contains repository-level activities related to enabling or disabling the dependency graph for a {% ifversion fpt or ghec %}private {% endif %}repository. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)." {%- endif %} -| `repository_image` | Contains activities related images for a repository. +| `repository_image` | Contains activities related to images for a repository. +| `repository_invitation` | Contains activities related to invitations to join a repository. | `repository_projects_change` | Contains activities related to enabling projects for a repository or for all repositories in an organization. {%- ifversion ghec or ghes or ghae %} | `repository_secret_scanning` | Contains repository-level activities related to secret scanning. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)."