Forum Discussion
How to monitor multiple Github orgs with Github Enterprise Audit logs Data connector
As stated in the subject, I am trying to figure out how I can monitor multiple organizations using the Github enterprise Audit log Data connector. Sending logs from an org to sentinel using the ...
Also, I managed to deploy the solution, but it is not ingesting security logs, and we are receiving duplicate logs on top of that.
The discussion regarding duplicate logs can be found here in more detail.
https://github.com/Azure/Azure-Sentinel/issues/1384
I raised an issue as a bug. The details can be found at https://github.com/Azure/Azure-Sentinel/issues/9356
I look forward to hearing back from them.
Porter76I would appreciate it if you could let me know if you found an alternative solution.
Many Thanks
The discussion regarding duplicate logs can be found here in more detail.
https://github.com/Azure/Azure-Sentinel/issues/1384
I raised an issue as a bug. The details can be found at https://github.com/Azure/Azure-Sentinel/issues/9356
I look forward to hearing back from them.
Porter76I would appreciate it if you could let me know if you found an alternative solution.
Many Thanks
We ended up using the log streaming directly from github. We stream to an S3 (there are more options) and then use an azure function to pull the logs into LA and into sentinel. It did require some dev work but it is working for us.
- Many Thanks for letting me know. I might try that approach.