Skip to main content
Panther Knowledge Base

Why do I see classification failures for Github Audit logs when I am using a Panther-provided schema?

Question

Why do I see classification failures for Github Audit logs when I am using a Panther-provided schema?

Answer

To troubleshoot this issue, verify what type of GitHub Audit logs are creating the classification failure.  The two types are Organization and Enterprise audit logs.

  • If you're streaming Enterprise Audit logs, it's possible that one of the methods you're using to stream the logs listed here is transforming them in a way that the Panther-provided GitHub Audit Log schema has trouble classifying.
  • If you are receiving classification failures with non-enterprise audit logs (org level audit logs), please reach out to Panther Support.