Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Minimum permissions to facilitate log ingestion

MohammedKhanIUK
New Member
‎09-26-2024 05:25 AM

Hi all,

I was wanting to get an understanding on what the minimum permissions available to enable the log flow between GitHub and Splunk cloud, as going by the documentation for the app, the account used to pull in the logs requires :
admin:enterprise Full control of enterprises
manage_billing:enterprise Read and write enterprise billing data
read:enterprise Read enterprise profile data

Can we reduce the amount of high privileged permissions required for the integration ?

Labels (1)
Labels
0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎09-26-2024 09:42 AM

I know for configuring all the audit events related to Github Enterprise and Github Organization from GitHub Cloud via modinputwith Account Type = Organization.
the Personal Access Token also needs the granted access - "admin:org".

If this helps, Upvote!!!!
Together we make the Splunk Community stronger 
0 Karma
Reply

MohammedKhanIUK
New Member
‎09-26-2024 02:11 PM

Can the permissions be limited to specific capabilities aside from admin:org for audit events? Or is that a fundamental requirement to pull in audit logs?

0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎09-26-2024 03:31 PM

@MohammedKhanIUK I believe that's the requirement. 

NOTE: To collect the audit-logs, the user should have admin access of the organization/enterprise and read:audit_log scope for the Personal Access Token.

 

https://docs.splunk.com/Documentation/AddOns/released/Github/Configureinputs


If this reply helps you an upvote and "Accept as Solution" is appreciated.
 

 

If this helps, Upvote!!!!
Together we make the Splunk Community stronger 
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...