Skip to main content
Panther Knowledge Base

Choosing the best method to ingest GitHub audit logs into Panther


When ingesting GitHub audit logs, would I choose to use the newer audit log streaming service that uses AWS S3 or GCS, instead of the method where Panther polls the GitHub API every minute? If I'm already using the latter, why invest the time to set up the former?


If you have GitHub Enterprise Cloud, the streaming option lets you simplify down to one integration/log source that fetches all audit logs for your entire enterprise, while the API puller can only work for one organization per integration.


  • Was this article helpful?