Microsoft Sentinel Adds GitHub Code Repository Monitoring
Microsoft announced on Wednesday that it's now possible to use Microsoft Sentinel to continuously monitor GitHub developer repositories for possible adverse activities.
Sentinel is Microsoft's security information and event management (SIEM) service. It now has a "Continuous Threat Monitoring for GitHub" capability that can be set up using Sentinel's "Content Hub," which appears to be at the preview stage. It's also possible to set up this feature in Sentinel using a "GitHub access token," per the announcement.
Essentially, Microsoft is adding a connector that taps the audit log of GitHub, a code repository for developers that's owned by Microsoft. This arrangement permits Sentinel users get various alerts on certain activities. Sentinel users also get a dashboard view of various GitHub use stats
For instance, Sentinel users can get alerts about when a GitHub repository was created or destroyed. They also can get information about when "a payment method was removed" or when an OAuth application's client secret was removed.
Microsoft includes a "workbook that visualizes the data" as well, which comes with some "out-of-the-box content" from Microsoft. The workbook can be used to graphically show things like GitHub code forks over time, for instance. Charts generated through the workbook are based on Kusto Query Language queries, which can be customized.
Organizations wanting to use Sentinel to monitor GitHub repositories need to carry out some steps first to "connect the GitHub connector to the Microsoft Sentinel environment," as described in the announcement.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.