
Summary
This detection rule identifies changes to permissions concerning outside collaborators in a GitHub organization. It specifically monitors for actions such as the addition or removal of members to a project board, changes to permission levels, removal of outside collaborators by owners, and compliance with two-factor authentication (2FA) policies. The rule is crucial for maintaining security, especially when an organization utilizes outside collaborators who could introduce risks if their access is not properly monitored. It requires enabling the audit log streaming feature to capture relevant logs. False positives can occur, necessitating validation of actor permissions and authentication status to ensure accurate detections.
Categories
- Cloud
Data Sources
- Logon Session
- Application Log
Created: 2023-01-20