安全日志事件

审计日志事件

account

account.plan_change: 账户的计划已更改。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: GitHub 计费的工作原理

actions_cache

actions_cache.delete: 使用 REST API 删除了 GitHub Actions 缓存。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, actions_cache_id, actions_cache_key, actions_cache_version, actions_cache_scope, created_at, operation_type

artifact

artifact.destroy: 工作流运行的制品被手动删除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

billing

billing.budget_create: 为企业或组织创建了计费预算。包括预算上限、警报偏好和接收者的详细信息。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, customer_id, target_amount, target_type, target_id, alert_enabled, status, created_at, operation_type, actor_is_bot, pricing_target_type, pricing_target_id, budget_limit_type, alert_recipient_user_ids, exclude_cost_center_usage

billing.budget_delete: 为企业或组织删除了计费预算。包括已删除预算及其警报设置的详细信息。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, customer_id, uuid, status, created_at, operation_type, actor_is_bot

billing.budget_update: 为企业或组织更新了计费预算。包括已更新的上限及警报设置的详细信息。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, customer_id, target_amount, target_type, target_id, alert_enabled, status, created_at, operation_type, actor_is_bot, old_target_amount, old_budget_limit_type, old_alert_enabled, old_target_id, old_pricing_target_type, old_pricing_target_id

billing.change_billing_type: 账户的 GitHub 付费方式已更改。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: 管理支付和账单信息

billing.change_email: 计费电子邮件地址已更改。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, email
参考: 管理支付和账单信息

billing.overage_policy_updated: 您 GitHub 账户的高级请求付费使用政策已更改。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot
参考: /copilot/how-tos/manage-and-track-spending/manage-request-allowances#setting-a-policy-for-paid-usage

billing_customer

billing_customer.azure_subscription_linked: 此账户已关联 Azure 订阅。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

billing_customer.azure_subscription_unlinked: 此账户已解除关联 Azure 订阅。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

business

business.add_admin: 已向企业添加了企业所有者。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, created_at, operation_type
参考: 邀请人员管理您的企业

business.add_billing_manager: 已向企业添加计费管理员。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at

business.add_support_entitlee: 已向企业成员添加支持授权。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at
参考: 管理企业的支持授权

business.remove_admin: 已从企业中移除企业所有者。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, name
参考: 邀请人员管理您的企业

business.remove_billing_manager: 已从企业中移除计费管理员。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, name, created_at

business.remove_member: 已从企业中移除成员。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

business.remove_support_entitlee: 已从企业成员中移除支持授权。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at
参考: 管理企业的支持授权

business.security_center_export_code_scanning_metrics: 在“CodeQL 拉取请求警报”页面请求了 CSV 导出。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, start_date, end_date, created_at, operation_type, actor_is_bot

business.security_center_export_coverage: 在“覆盖率”页面请求了 CSV 导出。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, created_at, operation_type, actor_is_bot

business.security_center_export_overview_dashboard: 在“概览仪表板”页面请求了 CSV 导出。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, start_date, end_date, created_at, operation_type, actor_is_bot

business.security_center_export_risk: 在“风险”页面请求了 CSV 导出。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, created_at, operation_type, actor_is_bot

business.set_actions_cache_retention_policy: 已为企业设置 GitHub Actions 的缓存保留策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, created_at, operation_type, actor_is_bot
参考: 在企业中强制执行 GitHub Actions 策略

business.set_actions_cache_storage_policy: 已为企业设置 GitHub Actions 的缓存存储策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, created_at, operation_type, actor_is_bot
参考: 在企业中强制执行 GitHub Actions 策略

business.set_actions_fork_pr_approvals_policy: 已为企业更改了来自公共派生仓库工作流的批准要求策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, policy, created_at, operation_type
参考: 在企业中强制执行 GitHub Actions 策略

business.set_actions_private_fork_pr_approvals_policy: 已为企业更改了对没有私有仓库写入权限的协作者的派生拉取请求工作流的批准要求策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, policy, created_at, operation_type
参考: 在企业中强制执行 GitHub Actions 策略

business.set_actions_retention_limit: 已为企业更改了 GitHub Actions 制品和日志的保留期限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, limit, operation_type, created_at
参考: 在企业中强制执行 GitHub Actions 策略

business.set_default_workflow_permissions: 已为企业更改了在工作流运行时授予 GITHUB_TOKEN 的默认权限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, created_at, operation_type
参考: 在企业中强制执行 GitHub Actions 策略

business.set_fork_pr_workflows_policy: 已为企业更改了派生拉取请求工作流的策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, policy, operation_type, created_at
参考: 在企业中强制执行 GitHub Actions 策略

business.set_workflow_permission_can_approve_pr: 已为企业更改了允许 GitHub Actions 创建和批准拉取请求的策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, created_at, operation_type
参考: 在企业中强制执行 GitHub Actions 策略

checks

checks.auto_trigger_disabled: 已在组织或企业的仓库中禁用检查套件的自动创建。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, created_at, operation_type
参考: /rest/checks#update-repository-preferences-for-check-suites

checks.auto_trigger_enabled: 已在组织或企业的仓库中启用检查套件的自动创建。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at, public_repo
参考: /rest/checks#update-repository-preferences-for-check-suites

checks.delete_logs: 检查套件中的日志已被删除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

codespaces

codespaces.allow_permissions: 已启动使用 devcontainer.json 文件中自定义权限的代码空间。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, origin_repository, created_at, operation_type

codespaces.connect: 代码空间的凭据已刷新。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, owner, name, operation_type, created_at, public_repo, actor_is_bot, machine_type, devcontainer_path

codespaces.create: 已创建代码空间
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, owner, name, operation_type, created_at, actor_is_bot, machine_type, devcontainer_path
参考: 为存储库创建 codespace

codespaces.destroy: 用户删除了代码空间。
字段: @timestamp, _document_id, action, actor, actor_id, business, business, hashed_token, org, org_id, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, owner, name, operation_type, created_at
参考: 删除 codespace

codespaces.export_environment: 代码空间已导出到 GitHub 上的分支。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, owner, created_at, operation_type, public_repo

codespaces.restore: 已恢复一个代码空间。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, public_repo, created_at, operation_type

codespaces.start_environment: 已启动一个代码空间。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, owner, pull_request_id, machine_type, devcontainer_path, public_repo, created_at, operation_type

codespaces.suspend_environment: 已停止一个代码空间。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, operation_type, created_at, public_repo

codespaces.trusted_repositories_access_update: 个人账户的 Codespaces 访问和安全设置已更新。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: 管理 codespace 内对其他存储库的访问权限

copilot

copilot.cfb_seat_added: 为用户添加了 Copilot Business 或 Copilot Enterprise 许可证，并已授予其 GitHub Copilot 访问权限。这可能是直接为用户分配许可证、为团队分配许可证，或设置组织允许所有成员访问的结果。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_assignment_created: 为用户或团队新创建了 Copilot Business 或 Copilot Enterprise 许可证分配，并正在创建许可证。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: 什么是 GitHub Copilot？

copilot.cfb_seat_assignment_refreshed: 先前待取消的许可证分配已重新指派，用户将保留对 Copilot 的访问权限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_assignment_reused: 为已有许可证且未待取消的用户重新创建了 Copilot Business 或 Copilot Enterprise 许可证分配，用户将保留对 Copilot 的访问权限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_assignment_unassigned: 用户或团队的 Copilot Business 或 Copilot Enterprise 许可证分配已被取消，相关用户将在当前计费周期结束时失去对 Copilot 的访问权限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_cancelled: 用户的 Copilot Business 或 Copilot Enterprise 许可证已被取消，用户不再拥有 Copilot 访问权限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, seat_assignment

copilot.cfb_seat_cancelled_by_staff: 用户的 Copilot Business 或 Copilot Enterprise 许可证被 GitHub 员工手动取消，用户不再拥有 Copilot 访问权限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.swe_agent_repo_disabled: 特定仓库已被禁用使用 Copilot 编码代理。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner_type, owner, public_repo, created_at, operation_type

copilot.swe_agent_repo_enabled: 特定仓库已启用使用 Copilot 编码代理。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner_type, owner, public_repo, created_at, operation_type

copilot.swe_agent_repo_enablement_updated: 组织或用户的仓库的 Copilot 编码代理访问已更新。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, new_access, old_access, owner_type, owner, created_at, operation_type

dependabot_alerts

dependabot_alerts.disable: 已为所有现有仓库禁用 Dependabot 警报。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories

dependabot_alerts.enable: 已为所有现有仓库启用 Dependabot 警报。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories

dependabot_alerts_new_repos

dependabot_alerts_new_repos.disable: 已为所有新仓库禁用 Dependabot 警报。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added

dependabot_alerts_new_repos.enable: 已为所有新仓库启用 Dependabot 警报。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added

dependabot_closure_request

dependabot_closure_request.approve: 已批准对 Dependabot 警报的驳回。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, alert_number, public_repo, created_at, operation_type, actor_is_bot
参考: 关于 Dependabot 警报

dependabot_closure_request.cancel: 对 Dependabot 警报的驳回请求已取消。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, alert_number, public_repo, created_at, operation_type, actor_is_bot
参考: 关于 Dependabot 警报

dependabot_closure_request.create: 已请求驳回 Dependabot 警报。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, alert_number, public_repo, created_at, operation_type, actor_is_bot
参考: 关于 Dependabot 警报

dependabot_closure_request.deny: 已拒绝驳回 Dependabot 警报。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, alert_number, public_repo, created_at, operation_type, actor_is_bot
参考: 关于 Dependabot 警报

dependabot_repository_access

dependabot_repository_access.repositories_updated: 已更新 Dependabot 可访问的仓库。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

dependabot_security_updates

dependabot_security_updates.disable: 已为所有现有仓库禁用 Dependabot 安全更新。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependabot_security_updates.enable: 已为所有现有仓库启用 Dependabot 安全更新。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

dependabot_security_updates_new_repos

dependabot_security_updates_new_repos.disable: 已为所有新仓库禁用 Dependabot 安全更新。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependabot_security_updates_new_repos.enable: 已为所有新仓库启用 Dependabot 安全更新。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

dependency_graph

dependency_graph.disable: 已为所有现有仓库禁用依赖图。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependency_graph.enable: 已为所有现有仓库启用依赖图。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

dependency_graph_new_repos

dependency_graph_new_repos.disable: 已为所有新仓库禁用依赖图。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependency_graph_new_repos.enable: 已为所有新仓库启用依赖图。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

environment

environment.add_protection_rule: 通过 API 创建了 GitHub Actions 部署保护规则。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at
参考: 管理部署环境

environment.create_actions_secret: 为 GitHub Actions 环境创建了密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, key, visibility, operation_type, created_at, public_repo
参考: 管理部署环境

environment.create_actions_variable: 为 GitHub Actions 环境创建了变量。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, environment_name, public_repo, created_at, operation_type, actor_is_bot
参考: 在变量中存储信息

environment.delete: 环境已被删除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at, public_repo, actor_is_bot
参考: 管理部署环境

environment.remove_actions_secret: 为 GitHub Actions 环境删除了密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, key, operation_type, created_at, public_repo
参考: 管理部署环境

environment.remove_actions_variable: 为 GitHub Actions 环境删除了变量。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, environment_name, public_repo, created_at, operation_type
参考: 在变量中存储信息

environment.remove_protection_rule: 通过 API 删除了 GitHub Actions 部署保护规则。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at, public_repo
参考: 管理部署环境

environment.update_actions_secret: 为 GitHub Actions 环境更新了密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, key, visibility, operation_type, created_at, public_repo
参考: 管理部署环境

environment.update_actions_variable: 为 GitHub Actions 环境更新了变量。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, operation_type, created_at, public_repo
参考: 在变量中存储信息

environment.update_protection_rule: 通过 API 更新了 GitHub Actions 部署保护规则。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, new_value, approvers_was, approvers, can_admins_bypass, prevent_self_review
参考: 管理部署环境

gist

gist.create: 已创建一个 gist。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, gist_id, created_at, operation_type, visibility

gist.destroy: 已删除一个 gist。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, gist_id, visibility, created_at, operation_type

gist.visibility_change: 已更新 gist 的可见性。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, gist_id, visibility, created_at

git_signing_ssh_public_key

git_signing_ssh_public_key.create: 已将 SSH 密钥添加到用户账户，作为 Git 提交签名密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, key, fingerprint, created_at, operation_type
参考: /authentication/managing-commit-signature-verification/telling-git-about-your-signing-key

git_signing_ssh_public_key.delete: 已从用户账户中删除 SSH 密钥，作为 Git 提交签名密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, key, fingerprint, explanation, created_at, operation_type
参考: /authentication/managing-commit-signature-verification/telling-git-about-your-signing-key

hook

hook.active_changed: 已更新 webhook 的激活状态。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, name, events, active, active_was, hook_id, operation_type

hook.config_changed: 已更改 webhook 的配置。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, name, hook_id, created_at, oauth_application_id, events

hook.create: 已添加新的 webhook。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, oauth_application_id, hook_id, events, operation_type, name, created_at
参考: 关于 Webhook

hook.destroy: 已删除 webhook。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, events, created_at, name, operation_type, oauth_application_id, hook_id

hook.events_changed: 已更改 webhook 配置的事件。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, events, operation_type, name, events_were, created_at, hook_id, oauth_application_id

integration

integration.create: 已创建 GitHub 应用。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, name, integration, created_at, application_client_id

integration.destroy: 已删除 GitHub 应用。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, operation_type, created_at

integration.manager_added: 已将企业或组织的成员添加为 GitHub 应用管理员。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, name, manager, operation_type, integration
参考: /organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization

integration.manager_removed: 已将企业或组织的成员移除 GitHub 应用管理员身份。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, integration, name, created_at, manager
参考: /organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization

integration.remove_client_secret: 已删除 GitHub 应用的客户端密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, operation_type, created_at

integration.revoke_all_tokens: 已请求撤销该 GitHub 应用的所有用户令牌。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, operation_type, created_at, application_client_id

integration.revoke_tokens: 已撤销 GitHub 应用的令牌。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, operation_type, created_at, application_client_id

integration.suspend: 已暂停 GitHub 应用。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, created_at, operation_type, application_client_id
参考: /apps/maintaining-github-apps/suspending-a-github-app-installation

integration.transfer: GitHub 应用的所有权已转移给其他用户或组织。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, transfer_to_id, requester, requester_id, created_at, transfer_to, operation_type, integration, transfer_from, transfer_from_id, transfer_from_type, transfer_to_type
参考: /apps/maintaining-github-apps/transferring-ownership-of-a-github-app

integration.unsuspend: GitHub 应用已被解除暂停。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, created_at, operation_type, application_client_id
参考: /apps/maintaining-github-apps/suspending-a-github-app-installation

integration_installation

integration_installation.create: GitHub 应用已安装。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, name, repository_selection, created_at, integration, application_client_id
参考: /apps/using-github-apps/authorizing-github-apps

integration_installation.destroy: GitHub 应用已卸载。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, repository_selection, integration, operation_type, name, application_client_id
参考: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access

integration_installation.repositories_added: 已向 GitHub 应用添加了仓库。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, repository_selection, name, integration, operation_type, repositories_added, created_at, repositories_added_names, actor_is_bot, application_client_id
参考: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access

integration_installation.repositories_removed: 已从 GitHub 应用中移除仓库。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, repository_selection, repositories_removed, integration, created_at, name, repositories_removed_names, actor_is_bot, application_client_id
参考: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access

integration_installation.suspend: 已暂停 GitHub 应用。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, repository_selection, integration, operation_type, created_at, application_client_id
参考: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access

integration_installation.unsuspend: GitHub 应用已被解除暂停。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, repository_selection, integration, operation_type, created_at
参考: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access

integration_installation.version_updated: GitHub 应用的权限已更新。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, integration, name, operation_type, created_at, repository_selection, application_client_id
参考: /apps/using-github-apps/approving-updated-permissions-for-a-github-app

issue_dependencies

issue_dependencies.blocked_by_add: 一个议题已被标记为受另一个议题阻塞。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

issue_dependencies.blocked_by_remove: 已删除问题之间的“被阻止”关系。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type

issue_dependencies.blocking_add: 一个问题被标记为阻塞另一个问题。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

issue_dependencies.blocking_remove: 已删除问题之间的阻塞关系。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

marketplace_agreement_signature

marketplace_agreement_signature.create: GitHub Marketplace 开发者协议已签署。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

marketplace_listing

marketplace_listing.approve: 已批准将该列表列入 GitHub Marketplace。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, secondary_category, primary_category, operation_type, created_at, marketplace_listing, integration

marketplace_listing.change_category: GitHub Marketplace 中应用列表的分类已更改。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, primary_category, marketplace_listing, integration, secondary_category, operation_type, created_at

marketplace_listing.create: 已在 GitHub Marketplace 为应用创建列表。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, primary_category, created_at, oauth_application, marketplace_listing, secondary_category, oauth_application_id, operation_type

marketplace_listing.delist: 已从 GitHub Marketplace 移除列表。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, secondary_category, operation_type, marketplace_listing, primary_category, integration

marketplace_listing.redraft: 列表已返回草稿状态。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, secondary_category, oauth_application_id, operation_type, oauth_application, created_at, marketplace_listing, primary_category

marketplace_listing.reject: 该列表未被接受列入 GitHub Marketplace。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, primary_category, secondary_category, marketplace_listing, oauth_application, oauth_application_id, operation_type, created_at

merge_queue

merge_queue.pull_request_dequeued: 一个拉取请求已从合并队列中移除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type

merge_queue.pull_request_queue_jump: 一个拉取请求在合并队列中被提前。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, public_repo, created_at, operation_type

merge_queue.queue_cleared: 合并队列已被清除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type

merge_queue.update_settings: 合并队列的设置已更新。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, max_entries_to_build, min_entries_to_merge, public_repo, created_at, operation_type

migration

migration.create: 已创建迁移文件，用于将数据从源位置（如 GitHub.com 组织或 GitHub Enterprise Server 实例）传输到目标 GitHub Enterprise Server 实例。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot

oauth_access

oauth_access.create: 已生成 OAuth 访问令牌。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, oauth_application_name
参考: /apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, 管理个人访问令牌

oauth_access.destroy: OAuth 访问令牌已删除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, explanation, oauth_application_name
参考: /apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps

oauth_access.regenerate: OAuth 访问令牌已重新生成。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, oauth_application_name

oauth_access.revoke: OAuth 访问令牌已撤销。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

oauth_access.update: OAuth 访问令牌已更新。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

oauth_application

oauth_application.create: OAuth 应用已创建。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type, oauth_application
参考: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.destroy: OAuth 应用已删除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type, oauth_application
参考: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.generate_client_secret: 已生成 OAuth 应用的密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, oauth_application_id, operation_type, created_at
参考: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.remove_client_secret: OAuth 应用的密钥已删除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, oauth_application_id, operation_type, created_at
参考: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.reset_secret: OAuth 应用的密钥已重置。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, operation_type, created_at, oauth_application_id
参考: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.revoke_all_tokens: 已请求撤销 OAuth 应用的所有用户令牌。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, oauth_application_id, operation_type, created_at
参考: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.revoke_tokens: OAuth 应用的令牌已被撤销。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, oauth_application, created_at, operation_type
参考: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.transfer: OAuth 应用已从一个帐户转移到另一个帐户。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, oauth_application, oauth_application_id
参考: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_authorization

oauth_authorization.create: 已创建 OAuth 应用的授权。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, actor_is_bot, oauth_application_name
参考: /apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps

oauth_authorization.destroy: OAuth 应用的授权已删除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, explanation, actor_is_bot, oauth_application_name
参考: 审查并撤销对 GitHub 应用的授权

oauth_authorization.update: OAuth 应用的授权已更新。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, actor_is_bot, oauth_application_name
参考: /apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps

org

org.add_member: 用户加入了组织。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, permission, operation_type, created_at, actor_is_bot

org.add_outside_collaborator: 已向仓库添加外部协作者。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, inviter, public_repo, permission, invitee, created_at, operation_type

org.advanced_security_disabled_for_new_repos: 已在组织中为新仓库禁用 GitHub 高级安全。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.advanced_security_disabled_on_all_repos: 已在组织中为所有仓库禁用 GitHub 高级安全。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.advanced_security_enabled_for_new_repos: 已在组织中为新仓库启用 GitHub 高级安全。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.advanced_security_enabled_on_all_repos: 已在组织中为所有仓库启用 GitHub 高级安全。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.remove_member: 成员被从组织中移除，可能是手动操作或因双因素认证要求。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

org.security_center_export_code_scanning_metrics: 在 CodeQL 拉取请求警报页面请求了 CSV 导出。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, start_date, end_date, created_at, operation_type, actor_is_bot

org.security_center_export_coverage: 在覆盖率页面请求了 CSV 导出。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, created_at, operation_type, actor_is_bot

org.security_center_export_overview_dashboard: 在概览仪表板页面请求了 CSV 导出。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, start_date, end_date, created_at, operation_type, actor_is_bot

org.security_center_export_risk: 在风险页面请求了 CSV 导出。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, created_at, operation_type, actor_is_bot

org.set_actions_cache_retention_policy: 已为组织设置 GitHub Actions 的缓存保留策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot
参考: /organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization

org.set_actions_cache_storage_policy: 已为组织设置 GitHub Actions 的缓存存储策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot
参考: /organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization

org.set_actions_fork_pr_approvals_policy: 已更改组织中对公共分叉工作流需要批准的设置。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, policy, created_at, operation_type
参考: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks

org.set_actions_private_fork_pr_approvals_policy: 已更改组织中对没有私有仓库写权限的协作者的分叉 PR 工作流需要批准的策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, policy, created_at, operation_type
参考: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks

org.set_actions_retention_limit: 已更改组织中 GitHub Actions 工件和日志的保留期限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, limit, operation_type, created_at
参考: /organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization

org.set_default_workflow_permissions: 已更改组织中在运行工作流时授予 GITHUB_TOKEN 的默认权限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization

org.set_fork_pr_workflows_policy: 已更改私有仓库分叉的工作流策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, policy, operation_type, created_at
参考: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks

org.set_workflow_permission_can_approve_pr: 已更改组织中允许 GitHub Actions 创建和批准拉取请求的策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests

org.update_member: 某人的角色已从所有者更改为成员，或从成员更改为所有者。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, old_permission, permission, operation_type

org.update_member_repository_creation_permission: 已更改组织成员的创建仓库权限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, permission, created_at, visibility, operation_type

org.update_member_repository_invitation_permission: 组织所有者更改了组织成员邀请外部协作者到仓库的策略设置。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, permission, created_at, operation_type
参考: 设置为添加外部协作者的权限

pages_protected_domain

pages_protected_domain.create: 已为组织或企业创建了 GitHub Pages 验证域名。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, owner_type, domain, state, created_at, operation_type
参考: /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

pages_protected_domain.delete: 已从组织或企业中删除 GitHub Pages 验证域名。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, owner_type, domain, state, created_at, operation_type
参考: /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

pages_protected_domain.verify: 已为组织或企业验证 GitHub Pages 域名。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, owner_type, domain, state, created_at, operation_type
参考: /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

passkey

passkey.register: 添加了新的通行密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, nickname, created_at, operation_type

passkey.remove: 已删除新的通行密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, nickname, created_at, operation_type

payment_method

payment_method.create: 添加了新的支付方式，例如新的信用卡或 PayPal 账户。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

payment_method.remove: 已删除支付方式。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

payment_method.update: 已更新现有的支付方式。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

personal_access_token

personal_access_token.access_granted: 已授予细粒度个人访问令牌对资源的访问权限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_id, user_programmatic_access_name, repository_selection, created_at, operation_type
参考: /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization

personal_access_token.access_revoked: 细粒度个人访问令牌已被撤销。该令牌仍可读取公开的组织资源。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_id, user_programmatic_access_name, repository_selection, created_at, operation_type
参考: /organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization

personal_access_token.create: 在创建细粒度个人访问令牌时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, repository_selection, created_at, operation_type

personal_access_token.credential_regenerated: 在重新生成细粒度个人访问令牌时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, created_at, operation_type

personal_access_token.credential_revoked: 细粒度个人访问令牌已被 GitHub 高级安全撤销。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, created_at, operation_type
参考: /code-security/getting-started/github-security-features#secret-scanning-alerts-for-users

personal_access_token.destroy: 在删除细粒度个人访问令牌时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, explanation, created_at, operation_type

personal_access_token.request_cancelled: 对细粒度个人访问令牌访问组织资源的待处理请求已被取消。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, repository_selection, created_at, operation_type, user_programmatic_access_request_id

personal_access_token.request_created: 当创建用于访问组织资源的细粒度个人访问令牌且组织需要批准时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_id, user_programmatic_access_name, repository_selection, created_at, operation_type, user_programmatic_access_request_id
参考: /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization

personal_access_token.request_denied: 对细粒度个人访问令牌访问组织资源的请求被拒绝。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, repository_selection, created_at, operation_type, user_programmatic_access_request_id
参考: /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization

personal_access_token.update: 细粒度个人访问令牌已更新。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, repository_selection, created_at, operation_type
参考: /authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens

profile_picture

profile_picture.update: 已更新个人头像。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, owner, operation_type
参考: Personalize your profile

project

project.access: 项目看板的可见性已更改。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.close: 项目看板已关闭。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, project_id, project_kind
参考: 关闭项目（经典）

project.create: 已创建项目看板。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.delete: 已删除项目看板。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.link: 已将仓库链接到项目看板。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.open: 项目看板已重新打开。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, project_id, operation_type, created_at, project_kind, project_name
参考: 重新打开已关闭的项目（经典）

project.rename: 已重命名项目看板。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, old_name, operation_type

project.unlink: 已从项目看板中取消关联仓库。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.update_org_permission: 已更改或移除所有组织成员的项目基础级别权限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.update_team_permission: 已更改团队的项目看板权限级别，或已将团队添加到/移除出项目看板。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, team

project.update_user_permission: 已将用户添加至或从项目看板中移除，或更改了其权限级别。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.visibility_private: 项目的可见性已从公开更改为私有。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, project_id, created_at, operation_type, project_kind, project_name

project.visibility_public: 项目的可见性已从私有更改为公开。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, project_id, created_at, operation_type, project_kind, project_name

project_collaborator

project_collaborator.add: 已向项目添加协作者。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, collaborator_type, collaborator, created_at, operation_type, actor_is_bot, public_project, project_name, project_role, old_project_role

project_collaborator.remove: 已从项目中移除协作者。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, collaborator_type, collaborator, created_at, operation_type

project_collaborator.update: 已更改项目协作者的权限级别。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_project, project_name, collaborator_type, project_role, old_project_role, project_id, collaborator, created_at, operation_type

project_field

project_field.create: 已在项目看板中创建字段。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /issues/planning-and-tracking-with-projects/understanding-fields

project_field.delete: 已在项目看板中删除字段。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields

project_view

project_view.create: 已在项目看板中创建视图。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views

project_view.delete: 已在项目看板中删除视图。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views

protected_branch

protected_branch.update_merge_queue_enforcement_level: 已修改分支的合并队列强制级别。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, merge_queue_enforcement_level, public_repo, created_at, operation_type
参考: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue

public_key

public_key.create: 已向用户帐户添加 SSH 密钥，或已向仓库添加部署密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, read_only, operation_type, created_at, key, fingerprint, title
参考: /authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account

public_key.delete: 已从用户帐户中删除 SSH 密钥，或已从仓库中删除部署密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, fingerprint, read_only, explanation, key, operation_type, title, created_at
参考: /authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys

public_key.unverification_failure: 用户帐户的 SSH 密钥或仓库的部署密钥无法完成解除验证。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, key, fingerprint, read_only, created_at, operation_type
参考: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.unverify: 已解除对用户帐户的 SSH 密钥或仓库的部署密钥的验证。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, title, key, read_only, explanation, fingerprint
参考: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.update: 已更新用户帐户的 SSH 密钥或仓库的部署密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, fingerprint, read_only, operation_type, created_at, title
参考: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.verification_failure: 用户帐户的 SSH 密钥或仓库的部署密钥无法完成验证。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, fingerprint, oauth_application_id, title, created_at, read_only, operation_type
参考: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.verify: 已验证用户帐户的 SSH 密钥或仓库的部署密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, key, fingerprint, title, read_only
参考: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

repo

repo.access: 仓库的可见性已更改。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, visibility, previous_visibility
参考: /repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility

repo.actions_enabled: 已为仓库启用 GitHub Actions。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api

repo.add_member: 已向仓库添加协作者。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, created_at, operation_type, oauth_application_id
参考: 邀请协作者加入个人仓库

repo.add_topic: 已向仓库添加主题。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, topic, created_at, operation_type
参考: /repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics

repo.advanced_security_disabled: 已为仓库禁用 GitHub Advanced Security。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, actor_is_bot
参考: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository

repo.advanced_security_enabled: 已为仓库启用 GitHub Advanced Security。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, public_repo, actor_is_bot
参考: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository

repo.archived: 存储库已存档。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, visibility
参考: /repositories/archiving-a-github-repository

repo.change_merge_setting: 已更改仓库的拉取请求合并选项。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, created_at, operation_type, public_repo, actor_is_bot

repo.code_scanning_analysis_deleted: 已删除仓库的代码扫描分析。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, operation_type, created_at, public_repo, tool, category
参考: /rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository

repo.code_scanning_configuration_for_branch_deleted: 已删除仓库分支的代码扫描配置。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, tool, branch, category, public_repo, created_at, operation_type
参考: 解决代码扫描警报

repo.config.disable_collaborators_only: 仅协作者的交互限制已被禁用。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.disable_contributors_only: 仅限先前贡献者的交互限制已在仓库中被禁用。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.disable_sockpuppet_disallowed: 仅限现有用户的交互限制已在仓库中被禁用。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.enable_collaborators_only: 仅协作者的交互限制已在仓库中启用。非协作者或组织成员的用户在设定的时间内无法与仓库交互。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, created_at, operation_type
参考: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.enable_contributors_only: 仅限先前贡献者的交互限制已在仓库中启用。非先前贡献者、协作者或组织成员的用户在设定的时间内无法与仓库交互。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.enable_sockpuppet_disallowed: 现有用户的交互限制已在仓库中启用。新用户在设定的时间内无法与仓库交互，仓库的已有用户、贡献者、协作者或组织成员可以与仓库交互。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.configure_self_hosted_jit_runner: 已配置一个新的即时（Just-in-Time）GitHub Actions 自托管运行器。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, public_repo, created_at, operation_type
参考: /rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository

repo.create: 已创建仓库。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, request_category, created_at, oauth_application_id, request_method, public_repo, actor_is_bot
参考: /repositories/creating-and-managing-repositories/creating-a-new-repository

repo.create_actions_secret: 已为仓库创建 GitHub Actions 密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, operation_type, created_at
参考: 在 GitHub Actions 中使用密钥

repo.create_actions_variable: 已为仓库创建 GitHub Actions 变量。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, public_repo, created_at, operation_type
参考: 在变量中存储信息

repo.create_integration_secret: 已为仓库创建 Codespaces 或 Dependabot 密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, integration, operation_type, created_at, public_repo

repo.destroy: 仓库已被删除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, request_category, visibility, created_at, request_method, oauth_application_id, actor_is_bot
参考: /repositories/creating-and-managing-repositories/deleting-a-repository

repo.pages_cname: 仓库中的 GitHub Pages 自定义域名已被修改。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, cname, created_at, operation_type, old_cname

repo.pages_create: 已创建 GitHub Pages 站点。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at

repo.pages_destroy: GitHub Pages 站点已被删除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, visibility, operation_type

repo.pages_https_redirect_disabled: 已为 GitHub Pages 站点禁用 HTTPS 重定向。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at

repo.pages_https_redirect_enabled: 已为 GitHub Pages 站点启用 HTTPS 重定向。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, visibility, operation_type

repo.pages_private: GitHub Pages 站点的可见性已更改为私有。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at

repo.pages_public: GitHub Pages 站点的可见性已更改为公开。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at

repo.pages_soft_delete: 由于所有者的计划更改，GitHub Pages 站点被软删除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type

repo.pages_soft_delete_restore: 先前被软删除的 GitHub Pages 站点已恢复。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type

repo.pages_source: GitHub Pages 源已被修改。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, visibility, created_at

repo.register_self_hosted_runner: 已注册新的自托管运行器。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: 添加自托管运行器

repo.remove_actions_secret: 已为仓库删除 GitHub Actions 密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, operation_type, created_at
参考: 在 GitHub Actions 中使用密钥

repo.remove_actions_variable: 已为仓库删除 GitHub Actions 变量。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, public_repo, created_at, operation_type
参考: 在变量中存储信息

repo.remove_integration_secret: 已为仓库删除 Codespaces 或 Dependabot 密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, integration, operation_type, created_at, public_repo

repo.remove_member: 已从仓库中移除协作者。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, visibility
参考: 从个人仓库中移除协作者

repo.remove_self_hosted_runner: 自托管运行器已被移除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: 移除自托管运行器

repo.remove_topic: 已从仓库中删除主题。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, topic, operation_type, created_at

repo.rename: 仓库已被重命名。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, old_name, created_at, operation_type, visibility
参考: /repositories/creating-and-managing-repositories/renaming-a-repository

repo.set_actions_cache_retention_policy: 已为仓库设置 GitHub Actions 的缓存保留策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type, actor_is_bot
参考: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository

repo.set_actions_cache_storage_policy: 已为仓库设置 GitHub Actions 的缓存存储策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type, actor_is_bot
参考: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository

repo.set_actions_fork_pr_approvals_policy: 已更改仓库对来自公共 fork 的工作流需审批的设置。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, policy, created_at, operation_type, public_repo
参考: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks

repo.set_actions_private_fork_pr_approvals_policy: 已更改仓库对来自对私有仓库没有写权限的协作者的 fork 拉取请求工作流的审批策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, policy, public_repo, created_at, operation_type
参考: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories

repo.set_actions_retention_limit: 已更改仓库中 GitHub Actions 制品和日志的保留期限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, limit, operation_type, created_at
参考: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository

repo.set_default_workflow_permissions: 已为仓库更改运行工作流时授予 GITHUB_TOKEN 的默认权限。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type
参考: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository

repo.set_fork_pr_workflows_policy: 当私有仓库 fork 的工作流策略更改时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, policy, operation_type, created_at
参考: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks

repo.set_workflow_permission_can_approve_pr: 已为仓库更改允许 GitHub Actions 创建和批准拉取请求的策略。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type
参考: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests

repo.staff_unlock: 企业所有者或 GitHub 员工（经仓库管理员授权）暂时解锁了该仓库。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

repo.temporary_access_granted: 已为仓库启用临时访问。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type
参考: 在企业中访问用户拥有的仓库

repo.transfer: 用户接受了接收已转让仓库的请求。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, old_user, operation_type, created_at, visibility, repo_was
参考: /repositories/creating-and-managing-repositories/transferring-a-repository

repo.transfer_outgoing: 仓库已转移到另一个仓库网络。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, new_nwo, visibility, created_at, operation_type, public_repo

repo.transfer_start: 用户发送了将仓库转让给另一位用户或组织的请求。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, visibility

repo.unarchived: 仓库已取消存档。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, visibility
参考: /repositories/archiving-a-github-repository

repo.update_actions_access_settings: 已更改控制仓库在其他仓库的 GitHub Actions 工作流中使用方式的设置。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, policy, old_policy, created_at, operation_type

repo.update_actions_secret: 已为仓库更新 GitHub Actions 密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, key, operation_type, created_at
参考: 在 GitHub Actions 中使用密钥

repo.update_actions_settings: 仓库管理员更改了仓库的 GitHub Actions 策略设置。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at, new_policy, old_policy, updated_access_policy, actor_is_bot

repo.update_actions_variable: 已为仓库更新 GitHub Actions 变量。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, public_repo, created_at, operation_type
参考: 在变量中存储信息

repo.update_default_branch: 仓库的默认分支已被更改。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at, actor_is_bot

repo.update_integration_secret: 已为仓库更新 Codespaces 或 Dependabot 密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, integration, operation_type, created_at, public_repo

repo.update_member: 用户对仓库的权限已更改。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type, visibility, old_permission, old_base_role, old_repo_permission, old_repo_base_role, new_repo_base_role, new_repo_permission, actor_is_bot

repository_image

repository_image.create: 已上传用于表示仓库的图片。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, content_type

repository_image.destroy: 用于表示仓库的图片已被删除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, content_type, created_at, operation_type

repository_invitation

repository_invitation.accept: 已接受加入仓库的邀请。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, invitee, operation_type, inviter

repository_invitation.cancel: 加入仓库的邀请已被取消。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, inviter, operation_type, invitee, created_at

repository_invitation.create: 已发送加入仓库的邀请。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, invitee, inviter, created_at, operation_type

repository_invitation.reject: 已拒绝加入仓库的邀请。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, invitee, operation_type, created_at, inviter

repository_ruleset

repository_ruleset.create: 存储库规则集已创建。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, public_repo, created_at, operation_type, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules, ruleset_conditions, ruleset_bypass_actors
参考: /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository

repository_ruleset.destroy: 仓库规则集已被删除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, public_repo, created_at, operation_type, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules, ruleset_bypass_actors
参考: /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset

repository_ruleset.update: 仓库规则集已被编辑。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, old_name, public_repo, created_at, operation_type, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules_updated, ruleset_conditions_added, ruleset_conditions_deleted, ruleset_old_enforcement, ruleset_rules_added, ruleset_rules_deleted, ruleset_old_name, ruleset_conditions_updated, ruleset_bypass_actors_added, ruleset_bypass_actors_deleted, ruleset_bypass_actors_updated, actor_is_bot
参考: /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset

security_key

security_key.register: 已为账户注册安全密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

security_key.remove: 已从账户中移除安全密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

social_identity

social_identity.linked: 用户将社交身份关联到其账户。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

social_identity.unlinked: 用户已取消将社交身份与其账户的关联。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

social_identity.unlinked_all: 用户已取消所有社交身份与其账户的关联。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

sub_issues

sub_issues.parent_issue_add: 父议题已添加到议题。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

sub_issues.parent_issue_remove: 已从议题中移除父议题。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

sub_issues.sub_issue_add: 已向议题添加子议题。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

sub_issues.sub_issue_remove: 已从议题中移除子议题。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

继任邀请

successor_invitation.accept: 当您接受继任邀请时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: 保持个人账户仓库所有权的连续性

successor_invitation.cancel: 当您取消继任邀请时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: 保持个人账户仓库所有权的连续性

successor_invitation.create: 当您创建继任邀请时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: 保持个人账户仓库所有权的连续性

successor_invitation.decline: 当您拒绝继任邀请时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: 保持个人账户仓库所有权的连续性

successor_invitation.revoke: 当您撤销继任邀请时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: 保持个人账户仓库所有权的连续性

受信任设备

trusted_device.register: 已添加新受信任设备。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

trusted_device.remove: 受信任设备已移除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

双因素身份验证

two_factor_authentication.add_factor: 已向用户账户添加次要身份验证因素。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication

two_factor_authentication.disabled: 用户账户的双因素身份验证已被禁用。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: 为个人账户禁用双因素身份验证

two_factor_authentication.enabled: 用户账户的双因素身份验证已被启用。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: 配置双因素身份验证

two_factor_authentication.password_reset_fallback_sms: 一次性密码已发送至用户账户的备用电话号码。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

two_factor_authentication.recovery_codes_regenerated: 已为用户账户重新生成双因素恢复代码。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

two_factor_authentication.remove_factor: 已从用户账户移除次要身份验证因素。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication

two_factor_authentication.sign_in_fallback_sms: 一次性密码已发送至用户账户的备用电话号码。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

two_factor_authentication.update_fallback: 已更改用户账户的双因素身份验证备用方式。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

用户

user.add_email: 已向用户账户添加电子邮件地址。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, active, created_at, operation_type, email
参考: 将电子邮件地址添加到您的 GitHub 帐户

user.async_delete: 已启动异步任务销毁用户账户，最终触发 user.delete 事件。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.audit_log_export: 已导出审计日志条目。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.block_user: 一个用户被另一用户阻止。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, blocked_user, operation_type, created_at

user.change_password: 用户更改了密码。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.codespaces_trusted_repo_access_granted: 当您允许为仓库创建的 codespaces 访问您个人账户拥有的其他仓库时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: 管理 codespace 内对其他存储库的访问权限

user.codespaces_trusted_repo_access_revoked: 当您禁止为仓库创建的 codespaces 访问您个人账户拥有的其他仓库时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: 管理 codespace 内对其他存储库的访问权限

user.create: 已创建新用户账户。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, email, operation_type, created_at

user.create_integration_secret: 已为 Codespaces 创建用户密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, integration, created_at, operation_type

user.creation_rate_limit_exceeded: 创建用户账户、应用、议题、拉取请求或其他资源的速率超过了配置的速率限制，或关注用户的速度过快。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, oauth_application_id

user.delete: 用户账户被异步任务销毁。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.demote: 站点管理员被降级为普通用户账户。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, created_at, operation_type

user.destroy: 用户删除了其账户，触发 user.async_delete。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.failed_login: 用户尝试使用错误的用户名、密码或双因素验证码登录。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.forgot_password: 用户请求重置密码。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, active, created_at, operation_type, email
参考: /authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials

user.hide_private_contributions_count: 用户更改了私有贡献的可见性，个人资料中对私有仓库的贡献数量现在已隐藏。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: 管理私有贡献的可见性设置

user.login: 用户已登录。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, passkey_nickname

user.logout: 用户已登出。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.new_device_used: 用户使用新设备登录。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.promote: 普通用户账户被提升为站点管理员。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, oauth_application_id, operation_type

user.recreate: 用户账户已恢复。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.remove_email: 已从用户账户移除电子邮件地址。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, email

user.remove_integration_secret: 已删除用于 Codespaces 的用户密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, integration, created_at, operation_type

user.rename: 用户名已更改。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, old_login, created_at, operation_type

user.reset_password: 用户重置了账户密码。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.show_private_contributions_count: 用户更改了私有贡献的可见性，个人资料中对私有仓库的贡献数量现在已显示。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
参考: 管理私有贡献的可见性设置

user.sign_in_from_unrecognized_device: 用户从未识别的设备登录。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.sign_in_from_unrecognized_device_and_location: 用户从未识别的设备和位置登录。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.suspend: 用户账户已被暂停。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, operation_type, created_at

user.two_factor_challenge_failure: 针对用户账户的 2FA 挑战失败。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.two_factor_challenge_success: 针对用户账户的 2FA 挑战成功。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.two_factor_recover: 用户使用了其 2FA 恢复代码。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.two_factor_recovery_codes_downloaded: 用户下载了其账户的 2FA 恢复代码。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.two_factor_recovery_codes_printed: 用户打印了其账户的 2FA 恢复代码。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

user.two_factor_recovery_codes_viewed: 用户查看了其账户的 2FA 恢复代码。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

user.two_factor_requested: 系统提示用户输入双因素验证码。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
参考: /authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication

user.unblock_user: 一个用户被另一用户解除阻止。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, blocked_user, operation_type, created_at

user.unsuspend: 用户账户已被解除暂停。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, operation_type, created_at

user.update_integration_secret: 已更新用于 Codespaces 的用户密钥。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, integration, created_at, operation_type

用户电子邮件

user_email.confirm_claim: 企业管理的用户认领了电子邮件地址。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot

用户状态

user_status.destroy: 当您清除个人资料上的状态时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, message, created_at, limited_availability, emoji, operation_type

user_status.update: 当您在个人资料上设置或更改状态时触发。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, limited_availability, message, created_at, emoji, operation_type
参考: Personalize your profile

工作流

workflows.approve_workflow_job: 工作流作业已批准。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, workflow_run_id, run_number, operation_type, created_at, public_repo
参考: 审查部署

workflows.delete_workflow_run: 工作流运行已删除。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, workflow_run_id, started_at, head_branch, head_sha, trigger_id
参考: 删除工作流运行

workflows.disable_workflow: 工作流已禁用。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, workflow_id, operation_type, created_at, public_repo, actor_is_bot

workflows.enable_workflow: 工作流已启用，此前被 disable_workflow 禁用。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, workflow_id, operation_type, created_at, public_repo

workflows.pin_workflow: 工作流已置顶。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, workflow_id, created_at, operation_type, actor_is_bot

workflows.reject_workflow_job: 工作流作业已拒绝。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, workflow_run_id, run_number, operation_type, created_at, public_repo
参考: 审查部署

workflows.unpin_workflow: 工作流已取消置顶，此前已置顶。
字段: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, workflow_id, created_at, operation_type, actor_is_bot

本文内容