How do I resolve "Organization not found" when ingesting GitHub audit logs in Panther?
Issue
I try to onboard GitHub audit logs and I get the error:
Status 404 Not Found, organization <name>: github: Organization not found
Resolution
In order to ingest your GitHub Organization's audit logs using Panther's native integration, you need to:
- Assure that your GitHub Organization is a part of a GitHub Enterprise Cloud Account (the GitHub Enterprise Server plan is not supported).
- Follow the steps described on our documentation page "How to onboard Github logs to Panther"
If your GitHub Organization is a part of a GitHub Enterprise Server, you can proceed manually following GitHub's documentation page for streaming your audit logs to an AWS S3 bucket and then importing them to Panther by creating a new AWS S3 log source.
For the log source's attached schema, you can use our GitHub.Audit schema as a reference in creating your new custom schema.
You can also try inferring the schema by using a sample of your GitHub audit logs.
Cause
This issue can occur if you are using a Github Organization type that is not supported.