Quick Links

Integrating with GitHub

Overview

You can use HTTP Ingest to integrate Blumira with GitHub and bypass the need for an on-premises Ubuntu sensor or traditional API-polling Cloud Connector. This method uses Blumira’s Cloud Ingest API, which provides a unique HTTPS endpoint where your organization can transfer structured logs.

Most Blumira editions have no limit to the number of HTTP integrations you can add. However, the following restrictions apply:

  • Detect Lite, Respond Core, and SIEM Core editions have a limit of one ingestion source
  • M365 Edition accounts do not include access to any HTTP logging

Before you begin

Before configuring any log source for outbound HTTP log streaming, you must generate your unique ingestion credentials by doing the following:

  1. In the Blumira app, navigate to Ingestion > HTTP Ingestion.
  2. Click Add Ingestion Instance.
  3. In the window that appears, do the following:
    1. In Vendor, select the vendor you would like to integrate with.
    2. (Optional) In Ingestion Instance Name, edit the pre-populated name.
    3. (Optional) In Description, type a description that provides context for this instance being created.
    4. Click Save.
  4. In the Credentials window, do at least one of the following:
    • Copy and save each credential to use later when configuring your vendor integration.
    • Keep the Credentials window open to copy and paste the values directly from Blumira into the vendor's site in a different browser tab. 

      Important: You must copy the token before you close the window. You will not be able to see the token again after you close the Credentials window.

credentials for GitHub.png

Configuring GitHub

To integrate with GitHub and start receiving logs, do the following:

  1. In GitHub, navigate to Settings > Audit log > Log streaming.
  2. Click Configure stream and select Splunk from the dropdown.

    Note: The “Splunk” option does not create a connection with Splunk; it provides an HTTP streaming capability and allows you to provide the Blumira endpoint and token credentials.
  3. In the Domain box, paste the Domain value you copied from the Credentials for GitHub Enterprise window in Blumira.
  4. In the Port box, type 443.
  5. In the Token box, paste the Token value you copied from the Credentials for GitHub Enterprise window in Blumira.
  6. Click the check box next to Enable SSL verification.
  7. Click Check endpoint.
  8. After the endpoint check is successful, click Save.


For information about managing this HTTP integration and its tokens, see Using Blumira HTTP Ingestion.