heroui logo

GitHub Team Modified

Panther Rules

View Source
Summary
The 'GitHub Team Modified' rule is designed to monitor changes within GitHub teams, specifically targeting actions that involve creating, deleting, or modifying team structures. It tracks three main types of events: the creation of a new team (action 'team.create'), the deletion of an existing team (action 'team.destroy'), and modifications to repository access for that team (action 'team.add_repository'). This rule provides an essential check against unauthorized changes that may be indicative of a supply chain compromise or a broader security risk within the organization’s GitHub account. It analyzes logs under the 'GitHub.Audit' type and is tagged as informational due to the nature of the monitored actions. The rule references relevant documentation for further context and may aid security teams in maintaining oversight over their GitHub organizational structure, ensuring that team modifications align with established security protocols and organizational policies.
Categories
  • Cloud
  • Web
  • Identity Management
Data Sources
  • Cloud Service
  • Application Log
  • User Account
ATT&CK Techniques
  • T1195
Created: 2022-09-02