- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
",t};e.buildCustomizationMenuUi=t;function n(e){let t='
",t}function s(e){let n=e.filter.currentValue||e.filter.defaultValue,t='${e.filter.label}
`,e.filter.options.forEach(s=>{let o=s.id===n;t+=``}),t+="${e.filter.label}
`,t+=`Detects mass cloning of GitHub repositories using personal access tokens, indicating potential data exfiltration attempts. Alerts when users clone an unusually high number of distinct repositories within a short timeframe.
This rule monitors GitHub audit logs for git.clone
actions performed using personal access tokens (both classic and fine-grained). The rule implements multiple severity thresholds based on the volume of repositories cloned and incorporates threat intelligence enrichment to identify cloning activity from suspicious IP addresses. Mass repository cloning using programmatic access tokens is a common technique used by malicious actors to exfiltrate large amounts of source code and sensitive data from organizations.
{{@github.actor}}
to determine if the volume and pattern of repository access aligns with legitimate business activities.