Getting Data In

Minimum permissions to facilitate log ingestion

MohammedKhanIUK
New Member

Hi all,

I was wanting to get an understanding on what the minimum permissions available to enable the log flow between GitHub and Splunk cloud, as going by the documentation for the app, the account used to pull in the logs requires :
admin:enterprise Full control of enterprises
manage_billing:enterprise Read and write enterprise billing data
read:enterprise Read enterprise profile data

Can we reduce the amount of high privileged permissions required for the integration ?

Labels (1)
0 Karma

sainag_splunk
Splunk Employee
Splunk Employee

I know for configuring all the audit events related to Github Enterprise and Github Organization from GitHub Cloud via modinputwith Account Type = Organization.
the Personal Access Token also needs the granted access - "admin:org".

0 Karma

MohammedKhanIUK
New Member

Can the permissions be limited to specific capabilities aside from admin:org for audit events? Or is that a fundamental requirement to pull in audit logs?

0 Karma

sainag_splunk
Splunk Employee
Splunk Employee

@MohammedKhanIUK I believe that's the requirement. 

NOTE: To collect the audit-logs, the user should have admin access of the organization/enterprise and read:audit_log scope for the Personal Access Token.

 

https://docs.splunk.com/Documentation/AddOns/released/Github/Configureinputs


If this reply helps you an upvote and "Accept as Solution" is appreciated.
 

 

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...