Why do I see classification failures for Github Audit logs when I am using a Panther-provided schema?
To troubleshoot this issue, verify what type of GitHub Audit logs are creating the classification failure. The two types are Organization and Enterprise audit logs.
If you're streaming Enterprise Audit logs, it's possible that one of the methods you're using to stream the logs listed here is transforming them in a way that the Panther-provided GitHub Audit Log schema has trouble classifying.
If you are receiving classification failures with non-enterprise audit logs (org level audit logs), please reach out to Panther Support.