Analytics Story: GitHub Malicious Activity
Description
Leverage searches that allow you to detect and investigate suspicious GitHub activities that might indicate malicious behavior, including pull requests from unknown users, disabled security workflows, and other potentially harmful repository modifications. These detections help identify attempts to compromise repositories through unauthorized code changes, bypassed security controls, and other suspicious actions that could lead to supply chain attacks or data breaches.
Why it matters
GitHub is a popular platform for developers to collaborate on code and manage projects. However, it can also be used by malicious actors to conduct various types of attacks, including supply chain attacks, data breaches, and other malicious activities.
Detections
Name ▲▼ |
Technique ▲▼ |
Type ▲▼ |
GitHub Enterprise Delete Branch Ruleset |
Disable or Modify Tools, Supply Chain Compromise |
Anomaly |
GitHub Enterprise Disable 2FA Requirement |
Disable or Modify Tools, Supply Chain Compromise |
Anomaly |
GitHub Enterprise Disable Audit Log Event Stream |
Disable or Modify Cloud Logs, Supply Chain Compromise |
Anomaly |
GitHub Enterprise Disable Classic Branch Protection Rule |
Disable or Modify Tools, Supply Chain Compromise |
Anomaly |
GitHub Enterprise Disable Dependabot |
Disable or Modify Tools, Supply Chain Compromise |
Anomaly |
GitHub Enterprise Disable IP Allow List |
Disable or Modify Tools, Supply Chain Compromise |
Anomaly |
GitHub Enterprise Modify Audit Log Event Stream |
Disable or Modify Cloud Logs, Supply Chain Compromise |
Anomaly |
GitHub Enterprise Pause Audit Log Event Stream |
Disable or Modify Cloud Logs, Supply Chain Compromise |
Anomaly |
GitHub Enterprise Register Self Hosted Runner |
Disable or Modify Tools, Supply Chain Compromise |
Anomaly |
GitHub Enterprise Remove Organization |
Data Destruction, Supply Chain Compromise |
Anomaly |
GitHub Enterprise Repository Archived |
Data Destruction, Supply Chain Compromise |
Anomaly |
GitHub Enterprise Repository Deleted |
Data Destruction, Supply Chain Compromise |
Anomaly |
GitHub Organizations Delete Branch Ruleset |
Disable or Modify Tools, Supply Chain Compromise |
Anomaly |
GitHub Organizations Disable 2FA Requirement |
Disable or Modify Tools, Supply Chain Compromise |
Anomaly |
GitHub Organizations Disable Classic Branch Protection Rule |
Disable or Modify Tools, Supply Chain Compromise |
Anomaly |
GitHub Organizations Disable Dependabot |
Disable or Modify Tools, Supply Chain Compromise |
Anomaly |
GitHub Organizations Repository Archived |
Data Destruction, Supply Chain Compromise |
Anomaly |
GitHub Organizations Repository Deleted |
Data Destruction, Supply Chain Compromise |
Anomaly |
Data Sources
References
Source: GitHub | Version: 1