GitHub repository transfer

github-telemetry

Classification:

attack

Goal

Detect when a GitHub repository transfer occurs.

Strategy

This rule monitors GitHub audit logs for when a GitHub organization transfer occurs. Repositories can be transferred to other users or organization accounts.

Triage and response

  1. Determine if the change taken by {{@github.actor}} is authorized.
  2. If the change was not authorized or was unexpected, begin your organization’s incident response process and investigate.