Mengumpulkan log audit GitHub
Didukung di:
Google SecOps
SIEM
Dokumen ini menjelaskan cara menyerap log audit GitHub ke Google Security Operations. Anda dapat mengonfigurasi penyerapan menggunakan salah satu metode berikut:
- Google Cloud Storage V2 (direkomendasikan): Streaming log audit dari GitHub Enterprise Cloud langsung ke bucket GCS, lalu masukkan ke Google SecOps.
- Webhook: Konfigurasi GitHub untuk mengirimkan payload peristiwa secara langsung ke endpoint webhook Google SecOps secara real time.
GitHub adalah platform berbasis cloud untuk kontrol versi dan kolaborasi yang memungkinkan developer menyimpan dan mengelola kode, melacak perubahan, dan berkolaborasi dalam project software. GitHub Enterprise Cloud menyediakan fitur keamanan tingkat perusahaan, termasuk streaming log audit untuk pemantauan kepatuhan dan keamanan.
Sebelum memulai
Pastikan Anda memiliki prasyarat berikut:
Instance Google SecOps
Akun GitHub Enterprise Cloud dengan izin pemilik perusahaan (untuk streaming GCS) atau izin pemilik organisasi (untuk webhook)
Untuk metode GCS, Anda juga memerlukan:
- Project Google Cloud dengan Cloud Storage API diaktifkan
- Izin untuk membuat dan mengelola bucket GCS
- Izin untuk membuat akun layanan dan mengelola kebijakan IAM
Untuk metode Webhook, Anda juga memerlukan:
- Akses ke Konsol Google Cloud (untuk pembuatan kunci API)
- Izin admin repositori atau pemilik organisasi di GitHub
Opsi 1: Mengonfigurasi penyerapan menggunakan Google Cloud Storage V2 (Direkomendasikan)
Membuat bucket Google Cloud Storage
- Buka Konsol Google Cloud.
- Pilih project Anda atau buat project baru.
- Di menu navigasi, buka Cloud Storage > Buckets.
- Klik Create bucket.
Berikan detail konfigurasi berikut:
Setelan Nilai Beri nama bucket Anda Masukkan nama yang unik secara global (misalnya, github-audit-logs)Location type Pilih berdasarkan kebutuhan Anda (Region, Dual-region, Multi-region) Location Pilih lokasi (misalnya, us-central1)Kelas penyimpanan Standar (direkomendasikan untuk log yang sering diakses) Access control Seragam (direkomendasikan) Alat perlindungan Opsional: Aktifkan pembuatan versi objek atau kebijakan retensi Klik Create.
Membuat akun layanan untuk streaming log audit GitHub
GitHub memerlukan akun layanan Google Cloud dengan kunci JSON untuk mengautentikasi dan menulis log audit ke bucket GCS Anda.
- Di Konsol Google Cloud, buka IAM & Admin > Service Accounts.
- Klik Create Service Account.
- Berikan detail konfigurasi berikut:
- Nama akun layanan: Masukkan nama deskriptif (misalnya,
github-audit-streaming) - Deskripsi akun layanan: Masukkan
Service account for GitHub Enterprise Cloud audit log streaming to GCS
- Nama akun layanan: Masukkan nama deskriptif (misalnya,
- Klik Create and Continue.
Klik Done.
Beri akun layanan akses tulis ke bucket GCS
- Buka Cloud Storage > Buckets.
- Klik nama bucket Anda (misalnya,
github-audit-logs). - Buka tab Izin.
- Klik Grant access.
- Berikan detail konfigurasi berikut:
- Tambahkan prinsipal: Masukkan email akun layanan (misalnya,
github-audit-streaming@PROJECT_ID.iam.gserviceaccount.com) - Tetapkan peran: Pilih Storage Object Creator
- Tambahkan prinsipal: Masukkan email akun layanan (misalnya,
- Klik Simpan.
Membuat kunci JSON untuk akun layanan
- Di Konsol Google Cloud, buka IAM & Admin > Service Accounts.
- Klik akun layanan (misalnya,
github-audit-streaming). - Buka tab Kunci.
- Klik Tambahkan Kunci > Buat kunci baru.
- Pilih JSON sebagai jenis kunci.
- Klik Create.
File kunci JSON akan didownload ke komputer Anda. Simpan file ini dengan aman.
Mengonfigurasi streaming log audit GitHub Enterprise Cloud ke GCS
- Login ke GitHub Enterprise Cloud sebagai pemilik perusahaan.
- Di pojok kanan atas, klik foto profil Anda, lalu klik Setelan perusahaan (atau klik Perusahaan, lalu klik perusahaan yang ingin Anda lihat).
- Di bagian atas halaman, klik Setelan.
- Di bagian Setelan, klik Log audit.
- Di bagian Log audit, klik Streaming log.
- Pilih menu drop-down Konfigurasi streaming, lalu klik Google Cloud Storage.
- Berikan detail konfigurasi berikut:
- Bucket: Masukkan nama bucket GCS (misalnya,
github-audit-logs) - Kredensial JSON: Tempelkan seluruh konten file kunci JSON akun layanan
- Bucket: Masukkan nama bucket GCS (misalnya,
- Klik Periksa endpoint untuk memverifikasi bahwa GitHub dapat terhubung dan menulis ke bucket Google Cloud Storage.
Setelah Anda berhasil memverifikasi endpoint, klik Simpan.
Mengambil akun layanan Google SecOps
Google SecOps menggunakan akun layanan unik untuk membaca data dari bucket GCS Anda. Anda harus memberi akun layanan ini akses ke bucket Anda.
Dapatkan email akun layanan
- Buka Setelan SIEM > Feed.
- Klik Tambahkan Feed Baru.
- Klik Konfigurasi satu feed.
- Di kolom Nama feed, masukkan nama untuk feed (misalnya,
GitHub audit logs). - Pilih Google Cloud Storage V2 sebagai Source type.
- Pilih GitHub sebagai Jenis log.
- Klik Get Service Account.
Email akun layanan yang unik akan ditampilkan, misalnya:
chronicle-12345678@chronicle-gcp-prod.iam.gserviceaccount.comSalin alamat email ini untuk digunakan di langkah berikutnya.
Klik Berikutnya.
Tentukan nilai untuk parameter input berikut:
URL bucket penyimpanan: Masukkan URI bucket GCS:
gs://github-audit-logs/
Opsi penghapusan sumber: Pilih opsi penghapusan sesuai preferensi Anda:
- Jangan pernah: Tidak pernah menghapus file apa pun setelah transfer (direkomendasikan untuk pengujian).
- Hapus file yang ditransfer: Menghapus file setelah transfer berhasil.
Hapus file yang ditransfer dan direktori kosong: Menghapus file dan direktori kosong setelah transfer berhasil.
Usia File Maksimum: Menyertakan file yang diubah dalam beberapa hari terakhir (defaultnya adalah 180 hari)
Namespace aset: Namespace aset
Label penyerapan: Label yang akan diterapkan ke peristiwa dari feed ini
Klik Berikutnya.
Tinjau konfigurasi feed baru Anda di layar Selesaikan, lalu klik Kirim.
Memberikan izin IAM ke akun layanan Google SecOps
- Akun layanan Google SecOps memerlukan peran Storage Object Viewer di bucket GCS Anda.
- Buka Cloud Storage > Buckets.
- Klik nama bucket (
github-audit-logs). - Buka tab Izin.
- Klik Grant access.
- Berikan detail konfigurasi berikut:
- Add principals: Tempel email akun layanan Google SecOps
- Tetapkan peran: Pilih Storage Object Viewer
Klik Simpan.
Opsi 2: Mengonfigurasi penyerapan menggunakan Webhook
Membuat feed webhook di Google SecOps
Buat feed
- Buka Setelan SIEM > Feed.
- Klik Tambahkan Feed Baru.
- Di halaman berikutnya, klik Konfigurasi satu feed.
- Di kolom Nama feed, masukkan nama untuk feed (misalnya,
GitHub webhook events). - Pilih Webhook sebagai Jenis sumber.
- Pilih GitHub sebagai Jenis log.
- Klik Berikutnya.
- Tentukan nilai untuk parameter input berikut:
- Pemisah pemisahan (opsional): Masukkan
\njika GitHub mengirim beberapa peristiwa per permintaan, atau biarkan kosong untuk payload satu peristiwa - Namespace aset: Namespace aset
- Label penyerapan: Label yang akan diterapkan ke peristiwa dari feed ini
- Pemisah pemisahan (opsional): Masukkan
- Klik Berikutnya.
- Tinjau konfigurasi feed baru Anda di layar Selesaikan, lalu klik Kirim.
Buat dan simpan kunci rahasia
Setelah membuat feed, Anda harus membuat kunci rahasia untuk autentikasi:
- Di halaman detail feed, klik Buat Kunci Rahasia.
- Dialog akan menampilkan kunci rahasia.
- Salin dan simpan kunci rahasia dengan aman.
Mendapatkan URL endpoint feed
- Buka tab Detail untuk feed tersebut.
- Di bagian Endpoint Information, salin Feed endpoint URL.
Format URL-nya adalah:
https://malachiteingestion-pa.googleapis.com/v2/unstructuredlogentries:batchCreateSimpan URL ini untuk langkah berikutnya.
Klik Done.
Membuat kunci Google Cloud API
- Google SecOps memerlukan kunci API untuk autentikasi. Buat kunci API terbatas di Konsol Google Cloud.
Buat kunci API
- Buka halaman Credentials Google Cloud Console.
- Pilih project Anda (project yang terkait dengan instance Google SecOps Anda).
- Klik Create credentials > API key.
- Kunci API dibuat dan ditampilkan dalam dialog.
- Klik Edit API key untuk membatasi kunci.
Membatasi kunci API
- Di halaman setelan kunci API:
- Nama: Masukkan nama deskriptif (misalnya,
Chronicle Webhook API Key)
- Nama: Masukkan nama deskriptif (misalnya,
- Di bagian Pembatasan API:
- Pilih Restrict key.
- Di drop-down Select APIs, telusuri dan pilih Google SecOps API (atau Chronicle API).
- Klik Simpan.
- Salin nilai kunci API dari kolom Kunci API di bagian atas halaman.
Simpan kunci API dengan aman.
Buat URL webhook
Gabungkan URL endpoint Google SecOps dan kunci API:
<ENDPOINT_URL>?key=<API_KEY>&secret=<SECRET_KEY>Contoh:
https://malachiteingestion-pa.googleapis.com/v2/unstructuredlogentries:batchCreate?key=AIzaSyD...&secret=abcd1234...
Mengonfigurasi webhook organisasi GitHub
- Login ke GitHub dan buka organisasi Anda.
- Klik Setelan.
- Di sidebar kiri, klik Webhook.
- Klik Tambahkan webhook.
- Berikan detail konfigurasi berikut:
- Payload URL: Tempel URL webhook lengkap yang dibuat pada langkah sebelumnya (endpoint URL dengan kunci API dan kunci rahasia ditambahkan sebagai parameter kueri)
- Jenis konten: Pilih application/json
- Secret: Biarkan kosong (autentikasi ditangani melalui parameter URL)
- Di bagian Peristiwa mana yang ingin Anda gunakan untuk memicu webhook ini?:
- Pilih Izinkan saya memilih setiap peristiwa.
- Pilih peristiwa yang ingin Anda kirim ke Google SecOps. Peristiwa yang direkomendasikan untuk pemantauan keamanan meliputi:
- Pembuatan cabang atau tag
- Penghapusan cabang atau tag
- Kolaborator ditambahkan, dihapus, atau diubah
- Kunci deployment
- Deployment
- Cabang
- Anggota
- Langganan
- Organisasi
- Permintaan pull
- Ulasan permintaan pull
- Pushes
- Rilis
- Repositori
- Peringatan pemindaian rahasia
- Peringatan keamanan
- Teams
- Perubahan visibilitas
- Centang kotak Aktif untuk mengaktifkan webhook.
- Klik Tambahkan webhook.
GitHub mengirimkan peristiwa
pingpengujian. Pastikan webhook menampilkan tanda centang hijau yang menunjukkan pengiriman berhasil.
Jenis peristiwa
Tabel berikut mencantumkan jenis peristiwa dan kondisi untuk jenis peristiwa:
| event_type | Kondisi |
|---|---|
NETWORK_CONNECTION |
[has_target] == "true" && [has_principal] == "true" |
PROCESS_LAUNCH |
[has_principal] == "true" && [has_target_process] == "true" |
STATUS_UPDATE |
[has_principal] == "true" |
USER_LOGIN |
[raw][message] =~ "Authentication success" or [message] =~ "Authentication success" && ([has_target]== "true" || [has_target_user] == "true") |
USER_RESOURCE_CREATION |
[has_target_resource] == "true" && [has_principal_userid] == "true" && [action] in ["personal_access_token.create" ,"repository_vulnerability_alert.create"] |
USER_RESOURCE_DELETION |
[has_target_resource] == "true" && [has_principal_user] == "true" && [action] in ["hook.destroy" ,"protected_branch.destroy" ,"public_key.delete"] |
USER_RESOURCE_DELETION |
[has_target_resource] == "true" && [has_principal_userid] == "true" && [action] in [ "hook.destroy" ,"protected_branch.destroy" ,"public_key.delete"] |
USER_RESOURCE_UPDATE_CONTENT |
[has_target_resource] == "true" && [has_principal_userid] == "true" && [action] in [ "pull_request.merge" , "hook.events_changed"] |
USER_RESOURCE_UPDATE_PERMISSIONS |
[has_target_resource] == "true" && [has_principal_userid] == "true" && [action] in ["repo.update_actions_secret","protected_branch.update_pull_request_reviews_enforcement_level", "org.update_member" ,"protected_branch.update_admin_enforced" ,"protected_branch.update_required_status_checks_enforcement_level","org.integration_manager_removed" ,"repo.update_member", "repo.add_member"] |
USER_UNCATEGORIZED |
[has_principal_userid] == "true" |
Tabel pemetaan UDM
| Kolom log | Pemetaan UDM | Keterangan |
|---|---|---|
above_lock_quota |
additional.fields |
|
above_warn_quota |
additional.fields |
|
ac_ms |
additional.fields |
|
accept |
additional.fields |
|
action |
metadata.product_event_type |
Untuk log JSON. |
action |
security_result.summary |
Untuk log syslog. |
active |
target.resource.attribute.labels |
|
active_job_id |
additional.fields |
|
actor |
principal.user.userid |
|
actor_id |
principal.user.attribute.labels.value |
|
actor_ip |
principal.ip |
|
actor_is_agent |
additional.fields |
|
actor_is_bot |
principal.user.attribute.labels |
|
actor_location.country_code |
principal.location.country_or_region |
|
actor_session |
additional.fields |
|
additional_list |
additional.fields |
|
additional_string |
additional.fields |
|
after |
additional.fields |
|
alert_id |
security_result.detection_fields |
|
alert_number |
security_result.detection_fields |
|
alert_numbers |
additional.fields |
|
allow_deletions_enforcement_level |
additional.fields |
|
allow_force_pushes_enforcement_level |
additional.fields |
|
allow_private_repository_forking |
additional.fields |
|
application_name |
target.application |
|
aqueduct_job_id |
additional.fields |
|
auth_tries |
additional.fields |
|
babeld |
additional.fields |
|
banner |
additional.fields |
|
before |
additional.fields |
|
best_cipher |
additional.fields |
|
best_kex |
additional.fields |
|
best_mac |
additional.fields |
|
best_sigtype |
additional.fields |
|
Body |
security_result.description |
|
branch |
target.resource.attribute.labels |
|
branches |
target.resource.attribute.labels |
|
business |
additional.fields |
|
business_id |
additional.fields |
|
cactive |
additional.fields |
|
calling_workflow_refs |
target.resource.attribute.labels |
|
calling_workflow_shas |
target.resource.attribute.labels |
|
changes.body.from |
additional.fields |
|
charset |
additional.fields |
|
check_run.app |
additional.fields |
|
check_run.app.events |
additional.fields |
|
check_run.app.owner |
additional.fields |
|
check_run.check_suite.app.client_id |
additional.fields |
|
check_run.check_suite.app.created_at |
additional.fields |
|
check_run.check_suite.app.description |
additional.fields |
|
check_run.check_suite.app.events |
additional.fields |
|
check_run.check_suite.app.external_url |
additional.fields |
|
check_run.check_suite.app.html_url |
additional.fields |
|
check_run.check_suite.app.id |
additional.fields |
|
check_run.check_suite.app.name |
additional.fields |
|
check_run.check_suite.app.node_id |
additional.fields |
|
check_run.check_suite.app.slug |
additional.fields |
|
check_run.check_suite.app.updated_at |
additional.fields |
|
check_run.check_suite.conclusion |
additional.fields |
|
check_run.check_suite.id |
additional.fields |
|
check_run.check_suite.url |
additional.fields |
|
check_run.completed_at |
additional.fields |
|
check_run.conclusion |
additional.fields |
|
check_run.output |
additional.fields |
|
check_run.started_at |
additional.fields |
|
check_suite (semua sub-kolomnya) |
additional.fields |
|
check_suite.app (semua sub-kolomnya) |
additional.fields |
|
check_suite.app.events |
additional.fields |
|
check_suite.app.owner (semua sub-kolomnya) |
additional.fields |
|
check_suite.head_commit (semua sub-kolomnya) |
additional.fields |
|
cid |
additional.fields |
|
cipher |
network.tls.cipher |
|
client_id |
principal.user.attribute.labels |
|
cloning |
additional.fields |
|
code |
additional.fields |
|
CodeNamespace |
additional.fields |
|
comment (semua sub-kolomnya) |
additional.fields |
|
comment.performed_via_github_app (semua sub-kolomnya) |
additional.fields |
|
comment.performed_via_github_app.events |
additional.fields |
|
comment.reactions (semua sub-kolomnya) |
additional.fields |
|
commit.author |
principal.resource.attribute.labels |
|
commit.commit.author.date |
additional.fields |
|
commit.commit.author.email |
additional.fields |
|
commit.commit.author.name |
additional.fields |
|
commit.commit.tree.url |
additional.fields |
|
commit.commit.verification |
additional.fields |
|
commit.committer |
additional.fields |
|
commit.parents |
additional.fields |
|
commit.sha |
additional.fields |
|
commit.url |
additional.fields |
|
commit_oid |
additional.fields |
|
committer_date |
additional.fields |
|
completed_at |
vulns.vulnerabilities.scan_end_time |
|
config.content_typt |
target.resource.attribute.labels |
|
config.insecure_ssl |
target.resource.attribute.labels |
|
config.secret |
target.resource.attribute.labels |
|
config.url |
target.url |
|
considers.site.admin |
additional.fields |
|
content_type |
target.file.mime_type |
|
cr |
additional.fields |
|
create_protected |
additional.fields |
|
created_at |
metadata.event_timestamp |
Nilai dikonversi dari milidetik UNIX menjadi stempel waktu. |
credential |
detection_fields |
|
ctotal |
additional.fields |
|
data._document_id |
metadata.product_log_id |
|
data.active_job_id |
additional.fields |
|
data.aqueduct_job_id |
additional.fields |
|
data.business |
target.administrative_domain |
|
data.business_id |
additional.fields |
|
data.cancelled_at |
extensions.vulns.vulnerabilities.scan_end_time |
Nilai dikonversi dari format ISO8601 menjadi stempel waktu. |
data.category_type |
security_result.category_details |
|
data.dn |
additional.fields |
|
data.email |
target.user.email_addresses |
|
data.entry_found |
additional.fields |
|
data.event |
target.resource.attribute.labels |
|
data.events |
security_result.about.labels.value |
|
data.head_branch |
target.resource.attribute.labels |
|
data.head_sha |
target.file.sha256 |
|
data.hook_id |
target.resource.product_object_id |
|
data.job |
target.application |
|
data.operation_type |
additional.fields |
|
data.started_at |
extensions.vulns.vulnerabilities.scan_start_time |
Nilai dikonversi dari format ISO8601 menjadi stempel waktu. |
data.team |
target.group.group_display_name |
|
data.trigger_id |
target.resource.attribute.labels |
|
data.uid |
additional.fields |
|
data.workflow_id |
target.resource.attribute.labels |
|
data.workflow_run_id |
target.resource.attribute.labels |
|
default_new_repo_branch |
additional.fields |
|
default_repo_visibility |
additional.fields |
|
default_repository_permission |
additional.fields |
|
degraded |
additional.fields |
|
dependency_scope |
additional.fields |
|
deployment.environment |
additional.fields |
|
disable_members_can_create_repositories |
additional.fields |
|
disable_members_can_delete_repositories |
additional.fields |
|
disable_user_org_creation |
additional.fields |
|
disk_info |
additional.fields |
|
disk_py_file |
additional.fields |
|
dismiss_stale_reviews_on_push |
additional.fields |
|
dotcom_contributions |
additional.fields |
|
dotcom_user_license_usage_upload |
additional.fields |
|
duration_ms |
additional.fields |
|
ecosystem |
additional.fields |
|
enforcement_level |
additional.fields |
|
enterprise |
principal.resource.attribute.labels |
|
enterprise.name |
additional.fields.value.string_value |
|
environment_name |
target.resource.attribute.labels |
|
error |
additional.fields |
|
external_id |
additional.fields |
|
external_identity_nameid |
target.user.email_addresses |
Jika nilainya adalah alamat email, nilai tersebut akan ditambahkan ke array target.user.email_addresses. |
external_identity_nameid |
target.user.userid |
|
external_identity_username |
additional.fields |
Dipetakan ke additional.fields jika tidak diisi di target.user.user_display_name. |
external_identity_username |
target.user.user_display_name |
Dipetakan saat diisi di target.user.user_display_name. |
features |
additional.fields |
|
filtered |
additional.fields |
|
filtered_request_body.query |
additional.fields |
|
fluentbit_pod_name |
additional.fields |
|
fp_sha256 |
additional.fields |
|
frontend |
additional.fields |
|
frontend_pid |
intermediary.process.pid |
|
frontend_ppid |
intermediary.process.parent_process.pid |
|
fs_host |
target.hostname |
|
fsc_ms |
additional.fields |
|
fully_qualified_domain_name |
additional.fields |
|
gh.sdk.name |
additional.fields |
|
gh.sdk.version |
additional.fields |
|
gh.timerd.timer.name |
additional.fields |
|
ghsa_id |
additional.fields |
|
git.maxobjectsize |
additional.fields |
|
git_dir_safe |
target.resource.attribute.labels |
|
github_event_after |
target.resource.attribute.labels |
|
github_event_before |
target.resource.attribute.labels |
|
github_event_compare |
target.resource.attribute.labels |
|
github_event_created |
target.resource.attribute.labels |
|
github_event_deleted |
target.resource.attribute.labels |
|
github_event_forced |
target.resource.attribute.labels |
|
github_event_head_commit_author_email |
target.resource.attribute.labels |
|
github_event_head_commit_author_name |
target.resource.attribute.labels |
|
github_event_head_commit_author_username |
target.resource.attribute.labels |
|
github_event_head_commit_committer_email |
target.resource.attribute.labels |
|
github_event_head_commit_committer_name |
target.resource.attribute.labels |
|
github_event_head_commit_committer_username |
target.resource.attribute.labels |
|
github_event_head_commit_distinct |
target.resource.attribute.labels |
|
github_event_head_commit_msg1 |
target.resource.attribute.labels |
|
github_event_head_commit_timestamp |
target.resource.attribute.labels |
|
github_event_pusher_email |
target.resource.attribute.labels |
|
github_event_pusher_name |
target.resource.attribute.labels |
|
github_event_ref |
target.resource.attribute.labels |
|
github_event_repository_has_projects |
target.resource.attributes.labels |
|
github_event_repository_master_branch |
target.resource.attribute.labels |
|
github_event_repository_organization |
target.resource.attribute.labels |
|
github_event_repository_owner_name |
target.resource.attribute.labels |
|
github_event_repository_stargazers |
target.resource.attribute.labels |
|
github_event_workflow_job_completed_at |
target.resource.attributes.labels |
|
gpv |
additional.fields |
|
handler_code |
additional.fields |
|
hashed_token |
network.session_id |
|
head_branch |
target.resource.attribute.labels |
|
head_sha |
target.file.sha256 |
|
healthy |
additional.fields |
|
hmac |
additional.fields |
|
hook_id |
target.resource.attribute.labels |
|
host.name |
principal.user.attribute.labels |
|
http_version |
network.application_protocol_version |
|
id |
metadata.product_log_id |
|
ignore_approvals_from_contributors |
additional.fields |
|
imode |
additional.fields |
|
imperfect |
additional.fields |
|
InstrumentationScope |
additional.fields |
|
integration_id |
additional.fields |
|
intel.flat |
additional.fields |
|
is_hosted_runner |
target.resource.attribute.labels |
|
issue (semua sub-kolomnya) |
additional.fields |
|
issue.pull_request (semua sub-kolomnya) |
additional.fields |
|
job_name |
target.resource.attribute.labels.value |
|
job_workflow_ref |
target.resource.attribute.labels.value |
|
job_workflow_sha |
target.resource.attribute.labels.value |
|
kafka_cluster |
additional.fields |
|
kex |
additional.fields |
|
keytype |
additional.fields |
|
kubernetes.container_image |
principal.resource.attribute.labels |
|
kubernetes.container_name |
principal.resource.attribute.labels |
|
kubernetes.host |
principal.resource.attribute.labels |
|
kubernetes.labels.app |
principal.resource.attribute.labels |
|
kubernetes.labels.chart |
principal.resource.attribute.labels |
|
kubernetes.labels.component |
principal.resource.attribute.labels |
|
kubernetes.labels.heritage |
principal.resource.attribute.labels |
|
kubernetes.labels.pod-template-hash |
principal.resource.attribute.labels |
|
kubernetes.labels.release |
principal.resource.attribute.labels |
|
kubernetes.labels.system |
principal.resource.attribute.labels |
|
kubernetes.namespace_name |
principal.resource.attribute.labels |
|
kubernetes.pod_ip |
principal.ip, principal.asset.ip |
|
kubernetes.pod_name |
principal.resource.attribute.labels |
|
last_state_change_at |
additional.fields |
|
last_state_change_reason |
additional.fields |
|
lat |
principal.location.region_coordinates.latitude |
|
ldap.debug_logging_enabled |
additional.fields |
|
level |
security_result.severity |
|
lfs_auth_scope |
additional.fields |
|
lfs_deploy_key_header |
additional.fields |
|
lfs_verify_reason |
additional.fields |
|
linear_history_requirement_enforcement_level |
additional.fields |
|
lock_allows_fetch_and_merge |
additional.fields |
|
lock_branch_enforcement_level |
additional.fields |
|
log_level |
security_result.severity |
|
log_source |
additional.fields |
|
log_source_file |
target.file.full_path |
|
logData.Count |
additional.fields |
|
logData.Metrics.* |
additional.fields |
Tanda bintang (*) menunjukkan bahwa ini mencakup semua subkolom. |
logType |
additional.fields |
|
lon |
principal.location.region_coordinates.longitude |
|
loop |
additional.fields |
|
matched_policies |
security_result.detection_fields |
|
member |
target.user.attribute.labels |
|
merge_queue_enforcement_level |
additional.fields |
|
method |
additional.fields |
|
multi_repo |
security_result.detection_fields |
|
mysql_component |
additional.fields |
|
mysql_warning_code |
additional.fields |
|
name |
target.resource.attribute.labels |
|
non_integer_id |
additional.fields |
|
ns |
additional.fields |
|
number |
additional.fields |
|
oauth_application |
principal.application |
|
oauth_application_id |
principal.resource.attribute.labels |
|
oauth_party |
additional.fields |
|
offset |
additional.fields |
|
old_permissions |
additional.fields |
|
old_repo_permissions |
additional.fields |
|
org |
target.administrative_domain |
|
org_id |
additional.fields.value.string_value |
|
organization.url |
additional.fields |
|
original_user_agent |
additional.fields |
|
overridden_codes |
additional.fields |
|
owner |
principal.user.user_display_name |
|
owner_id |
principal.user.userid |
|
package |
additional.fields |
|
package_name |
target.application |
|
parent |
additional.fields |
|
parent_installation_id |
additional.fields |
|
partition |
additional.fields |
|
path_info |
additional.fields |
Ini adalah pemetaan saat jalur sudah dipetakan ke target.file.full_path. |
path_info |
target.file.full_path |
Ini adalah pemetaan saat jalur belum dipetakan ke target.file.full_path. |
pgroup |
additional.fields |
|
pk_ms |
additional.fields |
|
prin_ip |
principal.ip, principal.asset.ip |
|
prin_port |
principal.port |
|
prin_usr |
principal.user.userid |
|
pro_pid |
target.process.pid |
|
probe_fail |
additional.fields |
|
probe_ok |
additional.fields |
|
programmatic_access_type |
additional.fields.value.string_value |
|
pubkey_creator_id |
additional.fields |
|
pubkey_creator_login |
additional.fields |
|
pubkey_fingerprint |
additional.fields |
|
pubkey_id |
additional.fields |
|
pubkey_verifier_id |
additional.fields |
|
pubkey_verifier_login |
additional.fields |
|
public_repo |
additional.fields.value.string_value |
|
public_repo |
target.location.name |
|
publicly_leaked |
security_result.detection_fields |
|
pull_request.* |
additional.fields |
Tanda bintang (*) menunjukkan bahwa ini mencakup semua subkolom. |
pull_request._links.comments.href |
additional.fields |
|
pull_request._links.commits.href |
additional.fields |
|
pull_request._links.html.href |
additional.fields |
|
pull_request._links.issue.href |
additional.fields |
|
pull_request._links.review_comment.href |
additional.fields |
|
pull_request._links.review_comments.href |
additional.fields |
|
pull_request._links.self.href |
additional.fields |
|
pull_request._links.statuses.href |
additional.fields |
|
pull_request.base.* |
additional.fields |
Tanda bintang (*) menunjukkan bahwa ini mencakup semua subkolom. |
pull_request.base.repo.* |
additional.fields |
Tanda bintang (*) menunjukkan bahwa ini mencakup semua subkolom. |
pull_request.base.repo.owner.* |
additional.fields |
Tanda bintang (*) menunjukkan bahwa ini mencakup semua subkolom. |
pull_request.head.* |
additional.fields |
Tanda bintang (*) menunjukkan bahwa ini mencakup semua subkolom. |
pull_request.head.owner.* |
additional.fields |
Tanda bintang (*) menunjukkan bahwa ini mencakup semua subkolom. |
pull_request.head.repo.* |
additional.fields |
Tanda bintang (*) menunjukkan bahwa ini mencakup semua subkolom. |
pull_request.head.user.* |
additional.fields |
Tanda bintang (*) menunjukkan bahwa ini mencakup semua subkolom. |
pull_request.requested_reviewers.* |
additional.fields |
Tanda bintang (*) menunjukkan bahwa ini mencakup semua subkolom. |
pull_request.requested_teams.* |
additional.fields |
Tanda bintang (*) menunjukkan bahwa ini mencakup semua subkolom. |
pull_request.user. (dan semua sub-field-nya kecuali login) |
principal.user.attribute.labels |
|
pull_request.user.login |
principal.user.user_display_name |
|
pull_request_id |
target.resource.attribute.labels |
|
pull_request_title |
target.resource.attribute.labels |
|
query_string |
additional.fields.value.string_value |
|
queue_duration |
additional.fields |
|
quotas_enabled |
additional.fields |
|
rate_limit |
additional.fields |
|
rate_limit_family |
additional.fields |
|
rate_limit_key |
additional.fields |
|
rate_limit_remaining |
additional.fields.value.string_value |
|
rate_limit_reset |
additional.fields |
|
rate_limit_used |
additional.fields |
|
raw.at |
additional.fields |
|
raw.hashed_token |
network.session_id |
|
raw.token_type |
additional.fields |
|
raw.url |
target.url |
|
raw.user_agent |
network.http.user_agent, network.http.parsed_user_agent |
|
raw_login |
additional.fields |
|
read_only |
additional.fields |
|
readonly |
additional.fields |
|
reasons |
additional.fields |
|
ref |
target.resource.attribute.labels |
|
replicas |
additional.fields |
|
repo |
target.resource.name |
|
repo_id |
additional.fields.value.string_value |
|
repo_owner_login |
target.resource.attribute.labels |
|
repo_owner_type |
target.resource.attribute.labels |
|
repo_public |
additional.fields |
|
repository |
target.resource.attribute.labels |
|
repository.archive_url |
target.resource.attribute.labels |
|
repository.assignees_url |
target.resource.attribute.labels |
|
repository.blobs_url |
target.resource.attribute.labels |
|
repository.branches_url |
target.resource.attribute.labels |
|
repository.clone_url |
target.resource.attribute.labels |
|
repository.collaborators_url |
target.resource.attribute.labels |
|
repository.comments_url |
target.resource.attribute.labels |
|
repository.commits_url |
target.resource.attribute.labels |
|
repository.compare_url |
target.resource.attribute.labels |
|
repository.contents_url |
target.resource.attribute.labels |
|
repository.contributors_url |
target.resource.attribute.labels |
|
repository.created_at |
target.resource.attribute.labels |
|
repository.custom_properties. (dan semua sub-kolomnya) |
target.resource.attribute.labels |
|
repository.deployments_url |
target.resource.attribute.labels |
|
repository.downloads_url |
target.resource.attribute.labels |
|
repository.events_url |
target.resource.attribute.labels |
|
repository.fork |
target.resource.attribute.labels |
|
repository.forks_url |
target.resource.attribute.labels |
|
repository.full_name |
target.resource.attribute.labels |
|
repository.git_commits_url |
target.resource.attribute.labels |
|
repository.git_refs_url |
target.resource.attribute.labels |
|
repository.git_tags_url |
target.resource.attribute.labels |
|
repository.git_url |
target.resource.attribute.labels |
|
repository.homepage |
target.resource.attributes.labels |
|
repository.hooks_url |
target.resource.attribute.labels |
|
repository.html_url |
target.resource.attribute.labels |
|
repository.id |
target.resource.attribute.labels |
|
repository.issue_comment_url |
target.resource.attribute.labels |
|
repository.issue_events_url |
target.resource.attribute.labels |
|
repository.issues_url |
target.resource.attribute.labels |
|
repository.keys_url |
target.resource.attribute.labels |
|
repository.labels_url |
target.resource.attribute.labels |
|
repository.languages_url |
target.resource.attribute.labels |
|
repository.license |
target.resource.attributes.labels |
|
repository.merges_url |
target.resource.attribute.labels |
|
repository.milestones_url |
target.resource.attribute.labels |
|
repository.mirror_url |
target.resource.attributes.labels |
|
repository.name |
target.resource.attribute.labels |
|
repository.node_id |
target.resource.attribute.labels |
|
repository.notifications_url |
target.resource.attribute.labels |
|
repository.open_issues_count |
target.resource.attribute.labels |
|
repository.owner.avatar_url |
target.resource.attribute.labels |
|
repository.owner.events_url |
target.resource.attribute.labels |
|
repository.owner.followers_url |
target.resource.attribute.labels |
|
repository.owner.following_url |
target.resource.attribute.labels |
|
repository.owner.gists_url |
target.resource.attribute.labels |
|
repository.owner.gravatar_id |
target.resource.attribute.labels |
|
repository.owner.html_url |
target.resource.attribute.labels |
|
repository.owner.id |
target.resource.attribute.labels |
|
repository.owner.node_id |
target.resource.attribute.labels |
|
repository.owner.organizations_url |
target.resource.attribute.labels |
|
repository.owner.received_events_url |
target.resource.attribute.labels |
|
repository.owner.repos_url |
target.resource.attribute.labels |
|
repository.owner.site_admin |
target.resource.attribute.labels |
|
repository.owner.starred_url |
target.resource.attribute.labels |
|
repository.owner.subscriptions_url |
target.resource.attribute.labels |
|
repository.owner.type |
target.resource.attribute.labels |
|
repository.owner.url |
target.resource.attribute.labels |
|
repository.owner.user_view_type |
target.resource.attribute.labels |
|
repository.private |
target.resource.attribute.labels |
|
repository.pulls_url |
target.resource.attribute.labels |
|
repository.pushed_at |
target.resource.attribute.labels |
|
repository.releases_url |
target.resource.attribute.labels |
|
repository.size |
target.resource.attribute.labels |
|
repository.ssh_url |
target.resource.attribute.labels |
|
repository.stargazers_url |
target.resource.attribute.labels |
|
repository.statuses_url |
target.resource.attribute.labels |
|
repository.subscribers_url |
target.resource.attribute.labels |
|
repository.subscription_url |
target.resource.attribute.labels |
|
repository.svn_url |
target.resource.attribute.labels |
|
repository.tags_url |
target.resource.attribute.labels |
|
repository.teams_url |
target.resource.attribute.labels |
|
repository.topics |
target.resource.attributes.labels |
|
repository.trees_url |
target.resource.attribute.labels |
|
repository.updated_at |
target.resource.attribute.labels |
|
repository.url |
target.resource.attribute.labels |
|
repository.visibility |
target.resource.attribute.labels |
|
repository_public |
target.resource.attribute.labels |
|
req_content_type |
target.file.mime_type |
|
request_access_security_header |
security_result.detection_fields |
|
request_auth |
additional.fields |
|
request_body |
additional.fields.value.string_value |
|
request_duration |
additional.fields |
|
request_host |
principal.ip, principal.asset.ip |
Jika alamat IP ada, pemetaan dilakukan ke principal.ip (mempertahankan pemetaan principal.hostname yang ada). |
request_method |
network.http.method |
Nilai dikonversi menjadi huruf besar. |
requested_reviewers.* |
additional.fields |
Tanda bintang (*) menunjukkan bahwa ini mencakup semua subkolom. |
require_code_owner_review |
additional.fields |
|
require_last_push_approval |
additional.fields |
|
required_approving_review_count |
additional.fields |
|
required_deployments_enforcement_level |
additional.fields |
|
required_review_thread_resolution_enforcement_level |
additional.fields |
|
rerun_type |
additional.fields |
|
res_type |
target.resource.resource_subtype |
|
response_time |
additional.fields |
|
review_id |
target.resource.attributes.labels |
|
route |
additional.fields.value.string_value |
|
rpc.jsonrpc.error_code |
network.http.response_code |
|
rpc.jsonrpc.error_message |
security_result.summary |
|
rule_suite_id |
security_result.rule_id |
|
run_attempt |
additional.fields |
|
run_number |
additional.fields |
|
runner_labels |
target.resource.attribute.labels |
|
runner_owner_type |
target.resource.attribute.labels |
|
runner_tenant_id |
target.resource.attribute.labels |
|
s3_tag |
additional.fields |
|
secret_type |
security_result.detection_fields |
|
secret_types |
security_result.detection_fields |
|
secrets_passed |
security_result.detection_fields |
|
sender.id |
src.user.product_object_id |
|
sender.login |
src.user.user_display_name |
|
sender.node_id |
src.asset_id |
|
sender.type |
src.user.title |
|
sender.url |
src.url |
|
service |
target.resource.name |
|
service.version |
additional.fields |
|
serviceName |
target.resource.name |
|
severity (jika tinggi) |
security_result.severity |
|
SeverityText |
security_result.severity |
|
shallow |
additional.fields |
|
sign_in_verification_method |
security_result.detection_fields |
|
signature_requirement_enforcement_level |
additional.fields |
|
sigtype |
additional.fields |
|
source |
src.resource.name |
|
spec |
additional.fields |
|
sr |
additional.fields |
|
ss |
additional.fields |
|
started_at |
vulns.vulnerabilities.scan_start_time |
|
stateless |
additional.fields |
|
status_code |
network.http.response_code |
|
strict_required_status_checks_policy |
additional.fields |
|
subject.business.id |
target.resource.attribute.labels |
|
subject.owner.id |
additional.fields |
|
subject.owning_organization.id |
principal.group.product_object_id |
|
subject.repository.id |
target.resource.product_object_id |
|
subject.repository.internal |
target.resource.attribute.labels |
|
subject.repository.owner.id |
additional.fields |
|
subject.repository.public |
target.resource.attribute.labels |
|
subject.repository.writable |
target.resource.attribute.labels |
|
subject.type |
target.resource.attribute.labels |
|
synthetic_status |
additional.fields |
|
tar_application |
target.application |
|
telemetry.sdk.name |
additional.fields |
|
tenant_id |
target.resource.attribute.labels |
|
tid |
additional.fields |
|
time |
metadata.event_timestamp |
|
time_duration_ms |
additional.fields |
|
time_zone |
additional.fields |
|
timestamp |
metadata.event_timestamp |
|
tls_version |
network.tls.version |
|
token_id |
additional.fields.value.string_value |
|
token_scopes |
additional.fields.value.string_value |
|
topic |
additional.fields |
|
total |
additional.fields |
|
transport_protocol |
additional.fields |
|
transport_protocol_name |
network.application_protocol |
Nilai dikonversi menjadi huruf besar. |
ts |
metadata.event_timestamp |
Jika process_type adalah github_production. |
TTY |
additional.fields |
|
twirp_method |
additional.fields |
|
twirp_package |
additional.fields |
|
twirp_service |
additional.fields |
|
twirp_status |
network.http.response_code |
|
two_factor_type |
security_result.detection_fields |
|
type |
additional.fields |
|
unavailable |
additional.fields |
|
updated_at |
metadata.collected_timestamp |
|
url_path |
target.url |
|
usage_metrics |
additional.fields |
|
user |
target.user.userid |
|
user.id |
target.user.attr.labels |
Jika actor.id ada. |
user.id |
target.user.userid |
Jika actor.id tidak ada. |
user_agent |
network.http.parsed_user_agent |
Nilai diuraikan. |
user_agent |
network.http.user_agent |
|
user_id |
target.user.userid |
|
user_operator_mode |
additional.fields |
|
user_programmatic_access_id |
additional.fields |
|
user_renaming_enabled |
additional.fields |
|
user_spammy |
additional.fields |
|
version |
metadata.product_version |
Pemetaan ini mencakup log JSON. |
visibility |
additional.fields |
|
vk_ms |
additional.fields |
|
vulnerability_id |
additional.fields |
|
vulnerable_version_range_id |
additional.fields |
|
workflow |
target.resource.attributes.labels |
|
workflow.name |
target.resource.attribute.labels |
|
workflow_id |
target.resource.attribute.labels |
|
workflow_job.head_branch |
security_result.detection_fields |
|
workflow_job.name |
target.resource.attributes.labels |
|
workflow_job.workflow_name |
security_result.detection_fields |
|
workflow_run.actor. (dan semua subkolomnya kecuali kolom login, yang disertakan di setiap subkolom) |
principal.user.attribute.labels |
|
workflow_run.actor.login |
principal.user.userid |
|
workflow_run.artifacts_url |
target.resource.attributes.labels |
|
workflow_run.cancel_url |
target.resource.attributes.labels |
|
workflow_run.check_suite_id |
additional.fields |
|
workflow_run.check_suite_node_id |
additional.fields |
|
workflow_run.check_suite_url |
target.resource.attributes.labels |
|
workflow_run.conclusion |
target.resource.attribute.labels |
|
workflow_run.created_at |
metadata.event_timestamp |
|
workflow_run.display_title |
target.resource.attribute.labels |
|
workflow_run.event |
additional.fields.value.string_value |
|
workflow_run.event |
target.resource.attribute.labels |
|
workflow_run.head_branch |
target.resource.attribute.labels |
|
workflow_run.head_commit |
target.resource.attributes.labels |
|
workflow_run.head_repository |
additional.fields |
|
workflow_run.head_sha |
target.file.sha256 |
|
workflow_run.html_url |
target.resource.attribute.labels |
|
workflow_run.id |
target.resource.attribute.labels.value |
|
workflow_run.jobs_url |
target.resource.attributes.labels |
|
workflow_run.logs_url |
target.resource.attributes.labels |
|
workflow_run.name |
target.resource.name |
|
workflow_run.node_id |
target.resource.product_object_id |
|
workflow_run.path |
target.resource.attribute.labels |
|
workflow_run.previous_attempt_url |
target.resource.attributes.labels |
|
workflow_run.pull_requests |
about.resource.attribute.labels |
|
workflow_run.repository |
additional.fields |
|
workflow_run.rerun_url |
target.resource.attributes.labels |
|
workflow_run.run_attempt |
target.resource.attribute.labels |
|
workflow_run.run_number |
target.resource.attribute.labels |
|
workflow_run.run_started_at |
target.resource.attribute.labels |
|
workflow_run.status |
security_result.description |
|
workflow_run.triggering_actor |
additional.fields |
|
workflow_run.updated_at |
metadata.collected_timestamp |
|
workflow_run.url |
target.url |
|
workflow_run.workflow_id |
security_result.about.labels.value |
|
workflow_run.workflow_id |
target.resource.attribute.labels |
|
workflow_run.workflow_url |
target.resource.attributes.labels |
Referensi delta rilis
Pada 8 Januari 2026, Google SecOps merilis versi baru parser GitHub, yang mencakup perubahan signifikan.
Delta pemetaan kolom log
Tabel berikut mencantumkan delta pemetaan untuk kolom log GitHub ke UDM yang ditampilkan sebelum 8 Januari 2026 dan setelahnya (masing-masing tercantum di kolom Pemetaan lama dan Pemetaan saat ini):
| Kolom log | Pemetaan lama | Pemetaan saat ini |
|---|---|---|
action (untuk log JSON) |
metadata.product_event_type, security_result.summary,security_result.detection_fields |
metadata.product_event_type |
action (untuk log syslog) |
additional.fields, security_result.summary |
security_result.summary |
business |
additional.fields, target.user.company_name |
additional.fields |
business_id |
target.resource.attribute.labels |
additional.fields |
data.email |
target.email |
target.user.email_addresses |
data.event |
security_result.about.labels |
target.resource.attribute.labels |
data.head_branch |
security_result.about.labels |
target.resource.attribute.labels |
data.hook_id |
target.resource.attribute.labels |
target.resource.product_object_id |
data.team |
target.user.group_identifiers |
target.group.group_display_name |
data.trigger_id |
security_result.about.labels |
target.resource.attribute.labels |
data.workflow_id |
security_result.about.labels |
target.resource.attribute.labels |
data.workflow_run_id |
security_result.about.labels |
target.resource.attribute.labels |
hashed_token |
additional.fields |
network.session_id |
hook_id (untuk log JSON) |
additional.fields |
target.resource.attribute.labels |
name |
additional.fields |
target.resource.attribute.labels |
oauth_application_id |
additional.fields |
principal.resource.attribute.labels |
pull_request_id |
additional.fields |
target.resource.attribute.labels |
pull_request_title |
additional.fields |
target.resource.attribute.labels |
repository.archive_url |
additional.fields |
target.resource.attribute.labels |
repository.assignees_url |
additional.fields |
target.resource.attribute.labels |
repository.blobs_url |
additional.fields |
target.resource.attribute.labels |
repository.branches_url |
additional.fields |
target.resource.attribute.labels |
repository.clone_url |
additional.fields |
target.resource.attribute.labels |
repository.collaborators_url |
additional.fields |
target.resource.attribute.labels |
repository.comments_url |
additional.fields |
target.resource.attribute.labels |
repository.commits_url |
additional.fields |
target.resource.attribute.labels |
repository.compare_url |
additional.fields |
target.resource.attribute.labels |
repository.contents_url |
additional.fields |
target.resource.attribute.labels |
repository.contributors_url |
additional.fields |
target.resource.attribute.labels |
repository.created_at |
additional.fields |
target.resource.attribute.labels |
repository.deployments_url |
additional.fields |
target.resource.attribute.labels |
repository.downloads_url |
additional.fields |
target.resource.attribute.labels |
repository.events_url |
additional.fields |
target.resource.attribute.labels |
repository.fork |
additional.fields |
target.resource.attribute.labels |
repository.forks_url |
additional.fields |
target.resource.attribute.labels |
repository.full_name |
additional.fields |
target.resource.attribute.labels |
repository.git_commits_url |
additional.fields |
target.resource.attribute.labels |
repository.git_refs_url |
additional.fields |
target.resource.attribute.labels |
repository.git_tags_url |
additional.fields |
target.resource.attribute.labels |
repository.git_url |
additional.fields |
target.resource.attribute.labels |
repository.hooks_url |
additional.fields |
target.resource.attribute.labels |
repository.html_url |
additional.fields |
target.resource.attribute.labels |
repository.id |
additional |
target.resource.attribute.labels |
repository.issue_comment_url |
additional.fields |
target.resource.attribute.labels |
repository.issue_events_url |
additional.fields |
target.resource.attribute.labels |
repository.issues_url |
additional.fields |
target.resource.attribute.labels |
repository.keys_url |
additional.fields |
target.resource.attribute.labels |
repository.labels_url |
additional.fields |
target.resource.attribute.labels |
repository.languages_url |
additional.fields |
target.resource.attribute.labels |
repository.merges_url |
additional.fields |
target.resource.attribute.labels |
repository.milestones_url |
additional.fields |
target.resource.attribute.labels |
repository.name |
additional.fields |
target.resource.attribute.labels |
repository.node_id |
additional.fields |
target.resource.attribute.labels |
repository.notifications_url |
additional.fields |
target.resource.attribute.labels |
repository.owner.avatar_url |
additional.fields |
target.resource.attribute.labels |
repository.owner.events_url |
additional.fields |
target.resource.attribute.labels |
repository.owner.followers_url |
additional.fields |
target.resource.attribute.labels |
repository.owner.following_url |
additional.fields |
target.resource.attribute.labels |
repository.owner.gists_url |
additional.fields |
target.resource.attribute.labels |
repository.owner.gravatar_id |
additional.fields |
target.resource.attribute.labels |
repository.owner.html_url |
additional.fields |
target.resource.attribute.labels |
repository.owner.id |
additional.fields |
target.resource.attribute.labels |
repository.owner.node_id |
additional.fields |
target.resource.attribute.labels |
repository.owner.organizations_url |
additional.fields |
target.resource.attribute.labels |
repository.owner.received_events_url |
additional.fields |
target.resource.attribute.labels |
repository.owner.repos_url |
additional.fields |
target.resource.attribute.labels |
repository.owner.site_admin |
additional.fields |
target.resource.attribute.labels |
repository.owner.starred_url |
additional.fields |
target.resource.attribute.labels |
repository.owner.subscriptions_url |
additional.fields |
target.resource.attribute.labels |
repository.owner.type |
additional.fields |
target.resource.attribute.labels |
repository.owner.url |
additional.fields |
target.resource.attribute.labels |
repository.owner.user_view_type |
additional.fields |
target.resource.attribute.labels |
repository.private |
additional.fields |
target.resource.attribute.labels |
repository.pulls_url |
additional.fields |
target.resource.attribute.labels |
repository.pushed_at |
additional.fields |
target.resource.attribute.labels |
repository.releases_url |
additional.fields |
target.resource.attribute.labels |
repository.size |
additional.fields |
target.resource.attribute.labels |
repository.ssh_url |
additional.fields |
target.resource.attribute.labels |
repository.stargazers_url |
additional.fields |
target.resource.attribute.labels |
repository.statuses_url |
additional.fields |
target.resource.attribute.labels |
repository.subscribers_url |
additional.fields |
target.resource.attribute.labels |
repository.subscription_url |
additional.fields |
target.resource.attribute.labels |
repository.svn_url |
additional.fields |
target.resource.attribute.labels |
repository.tags_url |
additional.fields |
target.resource.attribute.labels |
repository.teams_url |
additional.fields |
target.resource.attribute.labels |
repository.trees_url |
additional.fields |
target.resource.attribute.labels |
repository.updated_at |
additional.fields |
target.resource.attribute.labels |
repository.url |
additional.fields |
target.resource.attribute.labels |
repository.visibility |
additional.fields |
target.resource.attribute.labels |
repository_public |
additional.fields |
target.resource.attribute.labels |
res_type |
target.resource.type |
target.resource.resource_subtype |
sender.id |
src.user.product_object_id, additional.fields |
src.user.product_object_id |
sender.login |
additional.fields, src.user.user_display_name |
src.user.user_display_name |
sender.node_id |
src.asset_id, additional.fields |
src.asset_id |
sender.type |
src.user.title, additional.fields |
src.user.title |
sender.url |
src.url, additional.fields |
src.url |
workflow.name |
security_result.about.labels |
target.resource.attribute.labels |
workflow_job.head_branch |
security_result.about.labels |
security_result.detection_fields |
workflow_job.workflow_name |
security_result.about.labels |
security_result.detection_fields |
workflow_run.event |
additional.fields |
target.resource.attribute.labels |
workflow_run.head_branch |
security_result.about.labels |
target.resource.attribute.labels |
workflow_run.workflow_id |
security_result.about.labels |
target.resource.attribute.labels |
Perubahan kondisi jenis peristiwa
Kondisi yang menentukan jenis peristiwa Google SecOps diubah dalam rilis 8 Januari 2026.
Tabel berikut mencantumkan jenis peristiwa dan kondisi saat ini (yaitu, kondisi berbeda sebelum rilis 8 Januari 2026):
| event_type | Kondisi |
|---|---|
NETWORK_CONNECTION |
[has_target] == "true" && [has_principal] == "true" |
STATUS_UPDATE |
[has_principal] == "true" |
USER_RESOURCE_DELETION |
[has_target_resource] == "true" && [has_principal_user] == "true" && [action] in ["hook.destroy" ,"protected_branch.destroy" ,"public_key.delete"] |
USER_RESOURCE_UPDATE_CONTENT |
[has_target_resource] == "true" && [has_principal_userid] == "true" && [action] in [ "pull_request.merge" , "hook.events_changed"] |
USER_RESOURCE_UPDATE_PERMISSIONS |
[has_target_resource] == "true" && [has_principal_userid] == "true" && [action] in ["repo.update_actions_secret","protected_branch.update_pull_request_reviews_enforcement_level", "org.update_member" ,"protected_branch.update_admin_enforced" ,"protected_branch.update_required_status_checks_enforcement_level","org.integration_manager_removed" ,"repo.update_member", "repo.add_member"] |
Perubahan konfigurasi tombol
Tabel berikut mencantumkan perbedaan pemetaan untuk kunci di kolom log mentah ke kunci di kolom UDM yang ditampilkan sebelum 8 Januari 2026 dan setelahnya (masing-masing tercantum di kolom Kunci lama dan Kunci saat ini):
| Kunci dalam log mentah | Kunci lama | Kunci saat ini |
|---|---|---|
alert.secret_type_display_name |
secret_type_display_name |
alert_secret_type_display_name |
enterprise.name |
Enterprise Name |
enterprise_name |
hook_id |
Hook Id |
Hook_Id |
invitation.failed_at |
failed_at |
invitation_failed_at |
invitation.failed_reason |
failed_reason |
invitation_failed_reason |
invitation.invitation_source |
invitation_source |
invitation_invitation_source |
raw.failure_reason |
failure_reason |
raw_failure_reason |
raw.failure_type |
failure_type |
raw_failure_type |
raw.from |
from |
raw_from |
workflow_run.event |
event |
workflow_run_event |
workflow_run.head_branch |
Head Branch |
Head_Branch |
workflow_run.id |
workflow_run_id |
workflow_Run_id |
workflow_run.workflow_id |
Workflow Id |
Workflow_Id |
Perlu bantuan lain? Dapatkan jawaban dari anggota Komunitas dan profesional Google SecOps.