https://community.splunk.com/t5/Getting-Data-In/Minimum-permissions-to-facilitate-log-ingestion/m-p/700272#M115976 <P>Can the permissions be limited to specific capabilities aside from admin:org for audit events? Or is that a fundamental requirement to pull in audit logs?</P> Thu, 26 Sep 2024 21:11:31 GMT MohammedKhanIUK 2024-09-26T21:11:31Z https://community.splunk.com/t5/Getting-Data-In/Minimum-permissions-to-facilitate-log-ingestion/m-p/700205#M115962 <P>Hi all,</P><P>I was wanting to get an understanding on what the minimum permissions available to enable the log flow between GitHub and Splunk cloud, as going by the documentation for the app, the account used to pull in the logs requires :<BR /><SPAN>admin:enterprise </SPAN>Full control of enterprises<BR />manage_billing:enterprise Read and write enterprise billing data<BR />read:enterprise Read enterprise profile data</P><P>Can we reduce the amount of high privileged permissions required for the integration ?</P> Thu, 26 Sep 2024 12:25:50 GMT https://community.splunk.com/t5/Getting-Data-In/Minimum-permissions-to-facilitate-log-ingestion/m-p/700205#M115962 MohammedKhanIUK 2024-09-26T12:25:50Z https://community.splunk.com/t5/Getting-Data-In/Minimum-permissions-to-facilitate-log-ingestion/m-p/700250#M115971 <P>I know&nbsp;<SPAN>for configuring all the audit events related to Github Enterprise and Github Organization from GitHub Cloud via modinputwith Account Type = Organization.<BR />the Personal Access Token also needs the granted access - "admin:org".</SPAN></P> Thu, 26 Sep 2024 16:42:51 GMT https://community.splunk.com/t5/Getting-Data-In/Minimum-permissions-to-facilitate-log-ingestion/m-p/700250#M115971 sainag_splunk 2024-09-26T16:42:51Z https://community.splunk.com/t5/Getting-Data-In/Minimum-permissions-to-facilitate-log-ingestion/m-p/700272#M115976 <P>Can the permissions be limited to specific capabilities aside from admin:org for audit events? Or is that a fundamental requirement to pull in audit logs?</P> Thu, 26 Sep 2024 21:11:31 GMT https://community.splunk.com/t5/Getting-Data-In/Minimum-permissions-to-facilitate-log-ingestion/m-p/700272#M115976 MohammedKhanIUK 2024-09-26T21:11:31Z https://community.splunk.com/t5/Getting-Data-In/Minimum-permissions-to-facilitate-log-ingestion/m-p/700275#M115977 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/272592">@MohammedKhanIUK</a>&nbsp;I believe that's the requirement.&nbsp;<BR /><BR /></P><LI-CODE lang="markup">NOTE: To collect the audit-logs, the user should have admin access of the organization/enterprise and read:audit_log scope for the Personal Access Token.</LI-CODE><P>&nbsp;</P><P><SPAN><A href="https://docs.splunk.com/Documentation/AddOns/released/Github/Configureinputs" target="_blank">https://docs.splunk.com/Documentation/AddOns/released/Github/Configureinputs</A><BR /><BR /><BR /></SPAN></P><DIV class=""><DIV class=""><DIV class="">If this reply helps you an upvote and "Accept as Solution" is appreciated.</DIV></DIV></DIV><DIV class=""><DIV class=""><DIV class="">&nbsp;</DIV></DIV></DIV><P><SPAN>&nbsp;</SPAN></P> Thu, 26 Sep 2024 22:31:13 GMT https://community.splunk.com/t5/Getting-Data-In/Minimum-permissions-to-facilitate-log-ingestion/m-p/700275#M115977 sainag_splunk 2024-09-26T22:31:13Z