When ingesting GitHub audit logs, would I choose to use the newer audit log streaming service that uses AWS S3 or GCS, instead of the method where Panther polls the GitHub API every minute? If I'm already using the latter, why invest the time to set up the former?
If you have GitHub Enterprise Cloud, the streaming option lets you simplify down to one integration/log source that fetches all audit logs for your entire enterprise, while the API puller can only work for one organization per integration.