GitHub enterprise or organization recovery codes activity
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detect when a GitHub enterprise or organization recovery code has been interacted with by a user.
Strategy
This rule monitors GitHub audit logs for when a Github recovery code is generated, viewed, downloaded, or printed. Attackers may use recovery codes to establish an administrator account and allow persistent access to the Github organization.
Triage and response
- Determine if the action taken by
{{@github.actor}}
is expected and/or authorized. - If the change was not authorized or was unexpected, begin your organization’s incident response process and investigate.