GitHub Enterprise Cloud Connector: Audit Log Data Ingestion Now Generally Available

What Changed

The GitHub Enterprise Cloud audit log connector and its detection rule set transitioned from Preview to Generally Available (GA) status. This includes removing “(Preview)” designations from the connector definition and 11 associated Analytic Rules.

Security Impact (Visibility & Fidelity)

Organizations using the GitHub connector during Preview can now rely on production-grade support for monitoring DevOps security events including repository management, user access controls, OAuth application changes, and payment method modifications.

The GA promotion signals Microsoft’s confidence in the connector’s stability for production deployment across enterprise GitHub environments.

Detection Coverage

The following detection scenarios are now GA:

• Repository creation and destruction events
• User access management (additions, blocking, invitations)
• Two-factor authentication status changes
• OAuth application credential management
• Payment method modifications
• Pull request lifecycle monitoring
• User visibility changes

All detection rules target GitHub audit log events ingested via the CCF-based connector into the GitHubAuditLogsV2_CL table.

Affected Files

Solutions/GitHub/Analytic Rules/GitHub - A payment method was removed.yaml
Solutions/GitHub/Analytic Rules/GitHub - Activities from Infrequent Country.yaml
Solutions/GitHub/Analytic Rules/GitHub - Oauth application - a client secret was removed.yaml
Solutions/GitHub/Analytic Rules/GitHub - Repository was created.yaml
Solutions/GitHub/Analytic Rules/GitHub - Repository was destroyed.yaml
Solutions/GitHub/Analytic Rules/GitHub - Two Factor Authentication Disabled in GitHub.yaml
Solutions/GitHub/Analytic Rules/GitHub - User visibility Was changed.yaml
Solutions/GitHub/Analytic Rules/GitHub - User was added to the organization.yaml
Solutions/GitHub/Analytic Rules/GitHub - User was blocked.yaml
Solutions/GitHub/Analytic Rules/GitHub - User was invited to the repository.yaml
Solutions/GitHub/Analytic Rules/GitHub - pull request was created.yaml
Solutions/GitHub/Analytic Rules/GitHub - pull request was merged.yaml
Solutions/GitHub/Data Connectors/GitHubAuditLogs_CCF/GitHubAuditLogs_ConnectorDefinition.json
(packaging artefacts: 3.1.3.zip, ReleaseNotes.md, Solution_GitHub.json, createUiDefinition.json, mainTemplate.json)