Reco

The GitHub Enterprise integration allows Reco to access audit logs to find malicious activities on your GitHub Enterprise instance. To set up this integration, please follow these steps:

A GitHub user that have permissions to generate tokens

1. A GitHub user that have permissions to generate tokens
2. A Reco user with Admin Role

Navigate to your Git account settings, then Developer Settings. Click the Personal access tokens menu, then click Generate new token (classic) (<a href="https://github.com/settings/tokens" rel="nofollow noopener noreferrer" target="_blank">https://github.com/settings/tokens</a>)

Select this list of scopes: <code>read:org</code>, <code>read:user</code>, <code>read:project</code>, <code>read:audit_log</code>, <code>repo</code>, <code>admin:org_hook</code>, <code>admin:org -&gt; read:org</code> ​

GitHub will display the personal access token only once. Ensure that you copy the token and store it in a safe space.

Click on "Configurations" then click on "Integrations"

Locate the "GitHub Enterprise" object and click on Add Integration

1. Login to GitHub
2. Navigate to your Git account settings, then Developer Settings. Click the Personal access tokens menu, then click Generate new token (classic) (<a href="https://github.com/settings/tokens" rel="nofollow noopener noreferrer" target="_blank">https://github.com/settings/tokens</a>)
3. 
 
 
4. Select this list of scopes: <code>read:org</code>, <code>read:user</code>, <code>read:project</code>, <code>read:audit_log</code>, <code>repo</code>, <code>admin:org_hook</code>, <code>admin:org -&gt; read:org</code> ​
 
 
5. Click on Generate Token ​
 
 
6. GitHub will display the personal access token only once. Ensure that you copy the token and store it in a safe space.

7. Login to the Reco Platform
8. Click on "Configurations" then click on "Integrations"
9. Locate the "GitHub Enterprise" object and click on Add Integration

In order to have access to endpoints that return a breakdown of aggregated metrics for various GitHub Copilot features, he Copilot Metrics API access policy must be enabled for the organization. ​ For more information on how to enable this policy see <a href="https://docs.github.com/en/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization" rel="nofollow noopener noreferrer" target="_blank">Managing policies for Copilot in your organization</a> or <a href="https://docs.github.com/en/enterprise-cloud@latest/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise" rel="nofollow noopener noreferrer" target="_blank">Managing policies and features for Copilot in your enterprise</a>.

Navigate to you GitHub organization settings.

Search for Copilot Policies in the sidebar. ​

Enable Copilot Metrics API Access. ​

1. Navigate to you GitHub organization settings.
2. Search for Copilot Policies in the sidebar. ​
 
 
3. Enable Copilot Metrics API Access. ​

Permission	Meaning	Access Type
Administration	Repository creation, deletion, settings, teams, and collaborators	Read-only
Metadata	Search repositories, list collaborators, and access repository metadata	Read-only

Permission	Meaning	Access Type
Blocking users	View and manage users blocked by the organization	Read-only
Members	Organization members and teams	Read-only
Projects	Manage projects for an organization	Read-only

Event	Meaning
Member	Collaborator added to, removed from, or has changed permissions for a repository
Repository	Repository crated, deleted, archived, unarchived, publicized, privatized, edited, renames, or transferred
Organization	Organization deleted, renamed, member invited, member added, or member removed
Public	Repository changes from private to public

Prerequisites

Integrate GitHub Enterprise with Reco

Access to GitHub Copilot Metrics API

What do we ingest exactly?