How do I resolve "Organization not found" when ingesting GitHub audit logs in Panther?

Last updated
Save as PDF

Issue

I try to onboard GitHub audit logs and I get the error:

Status 404 Not Found, organization <name>: github: Organization not found

Resolution

In order to ingest your GitHub Organization's audit logs using Panther's native integration, you need to:

Assure that your GitHub Organization is a part of a GitHub Enterprise Cloud Account (the GitHub Enterprise Server plan is not supported).
Follow the steps described on our documentation page "How to onboard Github logs to Panther"

If your GitHub Organization is a part of a GitHub Enterprise Server, you can proceed manually following GitHub's documentation page for streaming your audit logs to an AWS S3 bucket and then importing them to Panther by creating a new AWS S3 log source.

For the log source's attached schema, you can use our GitHub.Audit schema as a reference in creating your new custom schema.

You can also try inferring the schema by using a sample of your GitHub audit logs.

Cause

This issue can occur if you are using a Github Organization type that is not supported.