GitHub activity from automated scraping tool

github-telemetry

Classification:

attack

Tactic:

TA0009-collection

Technique:

T1213-data-from-information-repositories

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detects GitHub API requests from automated scraping tools that may be collecting sensitive repository data.

Strategy

This rule monitors GitHub audit logs for API requests containing common user agents from scraping tools. Automated scraping tools often use distinctive user agent strings and generate high-volume API requests that differ from normal user behavior patterns.

Triage & Response

  • Examine the GitHub API requests from {{@github.actor}} to determine the scope and nature of data being accessed.
  • Review the repositories, organizations, and resources targeted by the automated tool to assess potential data exposure risks.
  • Identify if the scraping activity is authorized by checking with repository owners and organization administrators.
  • Rotate the access keys involved in this behavior, if needed.