Why do I see classification failures for Github Audit logs when I am using a Panther-provided schema?
Question
Why do I see classification failures for Github Audit logs when I am using a Panther-provided schema?
Answer
To troubleshoot this issue, verify what type of GitHub Audit logs are creating the classification failure. The two types are Organization and Enterprise audit logs.
- If you're streaming Enterprise Audit logs, it's possible that one of the methods you're using to stream the logs listed here is transforming them in a way that the Panther-provided GitHub Audit Log schema has trouble classifying.
- If you are receiving classification failures with non-enterprise audit logs (org level audit logs), please reach out to Panther Support.