-
Notifications
You must be signed in to change notification settings - Fork 389
/
Copy pathgithub_webhooks.yml
209 lines (209 loc) · 16.9 KB
/
github_webhooks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
name: GitHub Webhooks
id: 88aa4632-3c3e-43f6-a00a-998d71f558e3
version: 2
date: '2025-01-23'
author: Patrick Bareiss, Splunk
description: Data source object for GitHub Webooks
mitre_components:
- User Account Authentication
- Configuration Modification
- Application Log Content
- User Account Metadata
- Scheduled Job Metadata
source: github
sourcetype: aws:firehose:json
supported_TA: []
fields:
- _time
- action
- host
- index
- linecount
- meta
- punct
- source
- sourcetype
- splunk_server
- timestamp
- workflow_run.actor.avatar_url
- workflow_run.actor.events_url
- workflow_run.actor.followers_url
- workflow_run.actor.following_url
- workflow_run.actor.gists_url
- workflow_run.actor.gravatar_id
- workflow_run.actor.html_url
- workflow_run.actor.id
- workflow_run.actor.login
- workflow_run.actor.node_id
- workflow_run.actor.organizations_url
- workflow_run.actor.received_events_url
- workflow_run.actor.repos_url
- workflow_run.actor.site_admin
- workflow_run.actor.starred_url
- workflow_run.actor.subscriptions_url
- workflow_run.actor.type
- workflow_run.actor.url
- workflow_run.artifacts_url
- workflow_run.cancel_url
- workflow_run.check_suite_id
- workflow_run.check_suite_node_id
- workflow_run.check_suite_url
- workflow_run.conclusion
- workflow_run.created_at
- workflow_run.event
- workflow_run.head_branch
- workflow_run.head_commit.author.email
- workflow_run.head_commit.author.name
- workflow_run.head_commit.committer.email
- workflow_run.head_commit.committer.name
- workflow_run.head_commit.id
- workflow_run.head_commit.message
- workflow_run.head_commit.timestamp
- workflow_run.head_commit.tree_id
- workflow_run.head_repository.collaborators_url
- workflow_run.head_repository.description
- workflow_run.head_repository.fork
- workflow_run.head_repository.forks_url
- workflow_run.head_repository.full_name
- workflow_run.head_repository.hooks_url
- workflow_run.head_repository.html_url
- workflow_run.head_repository.id
- workflow_run.head_repository.keys_url
- workflow_run.head_repository.name
- workflow_run.head_repository.node_id
- workflow_run.head_repository.owner.avatar_url
- workflow_run.head_repository.owner.events_url
- workflow_run.head_repository.owner.followers_url
- workflow_run.head_repository.owner.following_url
- workflow_run.head_repository.owner.gists_url
- workflow_run.head_repository.owner.gravatar_id
- workflow_run.head_repository.owner.html_url
- workflow_run.head_repository.owner.id
- workflow_run.head_repository.owner.login
- workflow_run.head_repository.owner.node_id
- workflow_run.head_repository.owner.organizations_url
- workflow_run.head_repository.owner.received_events_url
- workflow_run.head_repository.owner.repos_url
- workflow_run.head_repository.owner.site_admin
- workflow_run.head_repository.owner.starred_url
- workflow_run.head_repository.owner.subscriptions_url
- workflow_run.head_repository.owner.type
- workflow_run.head_repository.owner.url
- workflow_run.head_repository.private
- workflow_run.head_repository.teams_url
- workflow_run.head_repository.url
- workflow_run.head_sha
- workflow_run.html_url
- workflow_run.id
- workflow_run.jobs_url
- workflow_run.logs_url
- workflow_run.name
- workflow_run.node_id
- workflow_run.previous_attempt_url
- workflow_run.pull_requests{}.base.ref
- workflow_run.pull_requests{}.base.repo.id
- workflow_run.pull_requests{}.base.repo.name
- workflow_run.pull_requests{}.base.repo.url
- workflow_run.pull_requests{}.base.sha
- workflow_run.pull_requests{}.head.ref
- workflow_run.pull_requests{}.head.repo.id
- workflow_run.pull_requests{}.head.repo.name
- workflow_run.pull_requests{}.head.repo.url
- workflow_run.pull_requests{}.head.sha
- workflow_run.pull_requests{}.id
- workflow_run.pull_requests{}.number
- workflow_run.pull_requests{}.url
- workflow_run.repository.archive_url
- workflow_run.repository.assignees_url
- workflow_run.repository.blobs_url
- workflow_run.repository.branches_url
- workflow_run.repository.collaborators_url
- workflow_run.repository.comments_url
- workflow_run.repository.commits_url
- workflow_run.repository.compare_url
- workflow_run.repository.contents_url
- workflow_run.repository.contributors_url
- workflow_run.repository.deployments_url
- workflow_run.repository.description
- workflow_run.repository.downloads_url
- workflow_run.repository.events_url
- workflow_run.repository.fork
- workflow_run.repository.forks_url
- workflow_run.repository.full_name
- workflow_run.repository.git_commits_url
- workflow_run.repository.git_refs_url
- workflow_run.repository.git_tags_url
- workflow_run.repository.hooks_url
- workflow_run.repository.html_url
- workflow_run.repository.id
- workflow_run.repository.issue_comment_url
- workflow_run.repository.issue_events_url
- workflow_run.repository.issues_url
- workflow_run.repository.keys_url
- workflow_run.repository.labels_url
- workflow_run.repository.languages_url
- workflow_run.repository.merges_url
- workflow_run.repository.milestones_url
- workflow_run.repository.name
- workflow_run.repository.node_id
- workflow_run.repository.notifications_url
- workflow_run.repository.owner.avatar_url
- workflow_run.repository.owner.events_url
- workflow_run.repository.owner.followers_url
- workflow_run.repository.owner.following_url
- workflow_run.repository.owner.gists_url
- workflow_run.repository.owner.gravatar_id
- workflow_run.repository.owner.html_url
- workflow_run.repository.owner.id
- workflow_run.repository.owner.login
- workflow_run.repository.owner.node_id
- workflow_run.repository.owner.organizations_url
- workflow_run.repository.owner.received_events_url
- workflow_run.repository.owner.repos_url
- workflow_run.repository.owner.site_admin
- workflow_run.repository.owner.starred_url
- workflow_run.repository.owner.subscriptions_url
- workflow_run.repository.owner.type
- workflow_run.repository.owner.url
- workflow_run.repository.private
- workflow_run.repository.pulls_url
- workflow_run.repository.releases_url
- workflow_run.repository.stargazers_url
- workflow_run.repository.statuses_url
- workflow_run.repository.subscribers_url
- workflow_run.repository.subscription_url
- workflow_run.repository.tags_url
- workflow_run.repository.teams_url
- workflow_run.repository.trees_url
- workflow_run.repository.url
- workflow_run.rerun_url
- workflow_run.run_attempt
- workflow_run.run_number
- workflow_run.run_started_at
- workflow_run.status
- workflow_run.triggering_actor.avatar_url
- workflow_run.triggering_actor.events_url
- workflow_run.triggering_actor.followers_url
- workflow_run.triggering_actor.following_url
- workflow_run.triggering_actor.gists_url
- workflow_run.triggering_actor.gravatar_id
- workflow_run.triggering_actor.html_url
- workflow_run.triggering_actor.id
- workflow_run.triggering_actor.login
- workflow_run.triggering_actor.node_id
- workflow_run.triggering_actor.organizations_url
- workflow_run.triggering_actor.received_events_url
- workflow_run.triggering_actor.repos_url
- workflow_run.triggering_actor.site_admin
- workflow_run.triggering_actor.starred_url
- workflow_run.triggering_actor.subscriptions_url
- workflow_run.triggering_actor.type
- workflow_run.triggering_actor.url
- workflow_run.updated_at
- workflow_run.url
- workflow_run.workflow_id
- workflow_run.workflow_url
example_log: '{"action":"requested","workflow_run":{"id":2088708615,"name":"auto-update","node_id":"WFR_kwLOCa00Ec58fyoH","head_branch":"mac_os_detections","head_sha":"4049334910ea3d52a917ca35aed66d11c80ed966","run_number":9504,"event":"push","status":"queued","conclusion":null,"workflow_id":4692335,"check_suite_id":5918781611,"check_suite_node_id":"CS_kwDOCa00Ec8AAAABYMlwqw","url":"https://api.github.com/repos/splunk/security_content/actions/runs/2088708615","html_url":"https://github.com/splunk/security_content/actions/runs/2088708615","pull_requests":[{"url":"https://api.github.com/repos/splunk/security_content/pulls/2131","id":893091277,"number":2131,"head":{"ref":"mac_os_detections","sha":"4049334910ea3d52a917ca35aed66d11c80ed966","repo":{"id":162346001,"url":"https://api.github.com/repos/splunk/security_content","name":"security_content"}},"base":{"ref":"develop","sha":"a7d3d1dc57f9bf36fe22e470bcf518fcc2c89283","repo":{"id":162346001,"url":"https://api.github.com/repos/splunk/security_content","name":"security_content"}}}],"created_at":"2022-04-04T08:43:15Z","updated_at":"2022-04-04T08:43:15Z","actor":{"login":"jsmith","id":8362376,"node_id":"MDQ6VXNlcjgzNjIzNzY=","avatar_url":"https://avatars.githubusercontent.com/u/8362376?v=4","gravatar_id":"","url":"https://api.github.com/users/jsmith","html_url":"https://github.com/jsmith","followers_url":"https://api.github.com/users/jsmith/followers","following_url":"https://api.github.com/users/jsmith/following{/other_user}","gists_url":"https://api.github.com/users/jsmith/gists{/gist_id}","starred_url":"https://api.github.com/users/jsmith/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/jsmith/subscriptions","organizations_url":"https://api.github.com/users/jsmith/orgs","repos_url":"https://api.github.com/users/jsmith/repos","events_url":"https://api.github.com/users/jsmith/events{/privacy}","received_events_url":"https://api.github.com/users/jsmith/received_events","type":"User","site_admin":false},"run_attempt":1,"run_started_at":"2022-04-04T08:43:15Z","triggering_actor":{"login":"jsmith","id":8362376,"node_id":"MDQ6VXNlcjgzNjIzNzY=","avatar_url":"https://avatars.githubusercontent.com/u/8362376?v=4","gravatar_id":"","url":"https://api.github.com/users/jsmith","html_url":"https://github.com/jsmith","followers_url":"https://api.github.com/users/jsmith/followers","following_url":"https://api.github.com/users/jsmith/following{/other_user}","gists_url":"https://api.github.com/users/jsmith/gists{/gist_id}","starred_url":"https://api.github.com/users/jsmith/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/jsmith/subscriptions","organizations_url":"https://api.github.com/users/jsmith/orgs","repos_url":"https://api.github.com/users/jsmith/repos","events_url":"https://api.github.com/users/jsmith/events{/privacy}","received_events_url":"https://api.github.com/users/jsmith/received_events","type":"User","site_admin":false},"jobs_url":"https://api.github.com/repos/splunk/security_content/actions/runs/2088708615/jobs","logs_url":"https://api.github.com/repos/splunk/security_content/actions/runs/2088708615/logs","check_suite_url":"https://api.github.com/repos/splunk/security_content/check-suites/5918781611","artifacts_url":"https://api.github.com/repos/splunk/security_content/actions/runs/2088708615/artifacts","cancel_url":"https://api.github.com/repos/splunk/security_content/actions/runs/2088708615/cancel","rerun_url":"https://api.github.com/repos/splunk/security_content/actions/runs/2088708615/rerun","previous_attempt_url":null,"workflow_url":"https://api.github.com/repos/splunk/security_content/actions/workflows/4692335","head_commit":{"id":"4049334910ea3d52a917ca35aed66d11c80ed966","tree_id":"df4ddc1359be3b19f093b7a27dbf5708187743a0","message":"small
change","timestamp":"2022-04-04T08:43:01Z","author":{"name":"jsmith","email":"[email protected]"},"committer":{"name":"jsmith","email":"[email protected]"}},"repository":{"id":162346001,"node_id":"MDEwOlJlcG9zaXRvcnkxNjIzNDYwMDE=","name":"security_content","full_name":"splunk/security_content","private":false,"owner":{"login":"splunk","id":651467,"node_id":"MDEyOk9yZ2FuaXphdGlvbjY1MTQ2Nw==","avatar_url":"https://avatars.githubusercontent.com/u/651467?v=4","gravatar_id":"","url":"https://api.github.com/users/splunk","html_url":"https://github.com/splunk","followers_url":"https://api.github.com/users/splunk/followers","following_url":"https://api.github.com/users/splunk/following{/other_user}","gists_url":"https://api.github.com/users/splunk/gists{/gist_id}","starred_url":"https://api.github.com/users/splunk/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/splunk/subscriptions","organizations_url":"https://api.github.com/users/splunk/orgs","repos_url":"https://api.github.com/users/splunk/repos","events_url":"https://api.github.com/users/splunk/events{/privacy}","received_events_url":"https://api.github.com/users/splunk/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/splunk/security_content","description":"Splunk
Security Content","fork":false,"url":"https://api.github.com/repos/splunk/security_content","forks_url":"https://api.github.com/repos/splunk/security_content/forks","keys_url":"https://api.github.com/repos/splunk/security_content/keys{/key_id}","collaborators_url":"https://api.github.com/repos/splunk/security_content/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/splunk/security_content/teams","hooks_url":"https://api.github.com/repos/splunk/security_content/hooks","issue_events_url":"https://api.github.com/repos/splunk/security_content/issues/events{/number}","events_url":"https://api.github.com/repos/splunk/security_content/events","assignees_url":"https://api.github.com/repos/splunk/security_content/assignees{/user}","branches_url":"https://api.github.com/repos/splunk/security_content/branches{/branch}","tags_url":"https://api.github.com/repos/splunk/security_content/tags","blobs_url":"https://api.github.com/repos/splunk/security_content/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/splunk/security_content/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/splunk/security_content/git/refs{/sha}","trees_url":"https://api.github.com/repos/splunk/security_content/git/trees{/sha}","statuses_url":"https://api.github.com/repos/splunk/security_content/statuses/{sha}","languages_url":"https://api.github.com/repos/splunk/security_content/languages","stargazers_url":"https://api.github.com/repos/splunk/security_content/stargazers","contributors_url":"https://api.github.com/repos/splunk/security_content/contributors","subscribers_url":"https://api.github.com/repos/splunk/security_content/subscribers","subscription_url":"https://api.github.com/repos/splunk/security_content/subscription","commits_url":"https://api.github.com/repos/splunk/security_content/commits{/sha}","git_commits_url":"https://api.github.com/repos/splunk/security_content/git/commits{/sha}","comments_url":"https://api.github.com/repos/splunk/security_content/comments{/number}","issue_comment_url":"https://api.github.com/repos/splunk/security_content/issues/comments{/number}","contents_url":"https://api.github.com/repos/splunk/security_content/contents/{+path}","compare_url":"https://api.github.com/repos/splunk/security_content/compare/{base}...{head}","merges_url":"https://api.github.com/repos/splunk/security_content/merges","archive_url":"https://api.github.com/repos/splunk/security_content/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/splunk/security_content/downloads","issues_url":"https://api.github.com/repos/splunk/security_content/issues{/number}","pulls_url":"https://api.github.com/repos/splunk/security_content/pulls{/number}","milestones_url":"https://api.github.com/repos/splunk/security_content/milestones{/number}","notifications_url":"https://api.github.com/repos/splunk/security_content/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/splunk/security_content/labels{/name}","releases_url":"https://api.github.com/repos/splunk/security_content/releases{/id}","deployments_url":"https://api.github.com/repos/splunk/security_content/deployments"},"head_repository":{"id":162346001,"node_id":"MDEwOlJlcG9zaXRvcnkxNjIzNDYwMDE=","name":"security_content","full_name":"splunk/security_content","private":false,"owner":{"login":"splunk","id":651467,"node_id":"MDEyOk9yZ2FuaXphdGlvbjY1MTQ2Nw==","avatar_url":"https://avatars.githubusercontent.com/u/651467?v=4","gravatar_id":"","url":"https://api.github.com/users/splunk","html_url":"https://github.com/splunk","followers_url":"https://api.github.com/users/splunk/followers","following_url":"https://api.github.com/users/splunk/following{/other_user}","gists_url":"https://api.github.com/users/splunk/gists{/gist_id}","starred_url":"https://api.github.com/users/splunk/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/splunk/subscriptions","organizations_url":"https://api.github.com/users/splunk/orgs","repos_url":"https://api.github.com/users/splunk/repos","events_url":"https://api.github.com/users/splunk/events{/privacy}","received_events_url":"https://api.github.com/users/splunk/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/splunk/security_content","description":"Splunk
Security Content","fork":false,"url":"https://api.github.com/repos/splunk/security_content","forks_url":"https://api.github.com/repos/splunk/security_content/forks","keys_url":"https://api.github.com/repos/splunk/security_content/keys{/key_id}","collaborators_url":"https://api.github.com/repos/splunk/security_content/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/splunk/security_content/teams","hooks_url":"https://api.github.com/repos/splunk/security_content/hooks","issue_events_url":"https://api.github.com/repos/splunk/security_content/issues/events{/num'