- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
",t};e.buildCustomizationMenuUi=t;function n(e){let t='
",t}function s(e){let n=e.filter.currentValue||e.filter.defaultValue,t='${e.filter.label}
`,e.filter.options.forEach(s=>{let o=s.id===n;t+=``}),t+="${e.filter.label}
`,t+=`Set up the github integration.
Detects GitHub Personal Access Token (PAT) abuse through correlation of impossible travel patterns with new user agent activity. Identifies potential credential compromise when a PAT is used from geographically impossible locations within a short timeframe alongside previously unseen user agents.
This rule monitors GitHub audit logs through signal correlation, combining two detection patterns over a 2-hour evaluation window. The correlation tracks events by @hashed_token
to identify when the same PAT exhibits both impossible travel behavior and new user agent usage.
{{@http.useragent}}
, detected for {{@hashed_token}}
to determine if they represent legitimate applications or suspicious tooling.{{@github.actor}}
, associated with the compromised PAT and review recent repository access patterns and API calls.