github
New in version 4.3.0.
Note
This module only works on Windows, Linux and macOS. It is recommended to have it enabled only in one agent to avoid repeated logs.
XML section name
<github>
</github>
Configuration options of the GitHub module.
Options
Options |
Allowed values |
---|---|
yes, no |
|
yes, no |
|
A positive number + suffix |
|
A positive number + suffix |
|
A positive number + suffix |
|
N/A |
|
Any string |
|
Any string |
|
N/A |
|
web, git, all |
only_future_events
Set it to yes to collect events generated since the Wazuh manager was started.
By default, when Wazuh starts it will only read all log content from GitHub since the manager started.
Default value |
yes |
Allowed values |
yes, no |
interval
The interval between Wazuh wodle executions.
Note
When Wazuh starts, it waits for the configured time interval before running the first scan, unless the module has already been running before and the only_future_events
option is set to no.
Default value |
10m |
Allowed values |
A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days) |
api_auth
This block configures the credential for the authentication with the GitHub REST API.
Warning
In case of invalid configuration, after the third scan attempt, a warning message is generated in the log file and an alert is triggered.
Options |
Allowed values |
---|---|
Any string |
|
Any string |
api_parameters
This block configures the internal options in the GitHub REST API.
Options |
Allowed values |
---|---|
Any string |
Example of configuration
<github>
<enabled>yes</enabled>
<interval>1m</interval>
<time_delay>1s</time_delay>
<curl_max_size>1M</curl_max_size>
<only_future_events>yes</only_future_events>
<api_auth>
<org_name>dummy</org_name>
<api_token>ghp_oiasd6efbvptrfdua8fyepnfdc78ewf324jg</api_token>
</api_auth>
<api_parameters>
<event_type>all</event_type>
</api_parameters>
</github>
Example of multiple organizations
<github>
<enabled>yes</enabled>
<interval>1m</interval>
<time_delay>10s</time_delay>
<curl_max_size>1M</curl_max_size>
<only_future_events>no</only_future_events>
<api_auth>
<org_name>dummy1</org_name>
<api_token>ghp_oiasd6efbvptrfdua8fyepnfdc78ewf324jg</api_token>
</api_auth>
<api_auth>
<org_name>dummy2</org_name>
<api_token>ghp_oiasd6efbvptrfdua8fyepnfdc78ewf324jg</api_token>
</api_auth>
<api_parameters>
<event_type>git</event_type>
</api_parameters>
</github>