@@ -66,7 +66,7 @@ order by
6666folder : Authentication
6767` ` `
6868
69- ## Access Token Examples
69+ ## Personal Access Token Examples
7070
7171### Personal Access Token Creation
7272
@@ -88,7 +88,7 @@ order by
8888```
8989
9090``` yaml
91- folder : Access Token
91+ folder : Personal Access Token
9292` ` `
9393
9494### Personal Access Token Usage
@@ -111,72 +111,78 @@ order by
111111```
112112
113113``` yaml
114- folder : Access Token
114+ folder : Personal Access Token
115115` ` `
116116
117- ### OAuth Application Authorizations
117+ ### Repository-Specific Token Access
118118
119- Monitor OAuth application authorization events .
119+ Monitor personal access tokens granted access to specific repositories .
120120
121121` ` ` sql
122122select
123123 timestamp,
124124 action,
125125 actor,
126- oauth_application_name,
127- oauth_application_id
126+ repositories,
127+ permissions,
128+ repository_selection
128129from
129130 github_security_log
130131where
131- action like 'oauth_authorization.%'
132+ repositories is not null
133+ and action in ('personal_access_token.access_granted', 'personal_access_token.request_created')
132134order by
133135 timestamp desc;
134136```
135137
136138``` yaml
137- folder : Access Token
139+ folder : Personal Access Token
138140` ` `
139141
140- ### Token Regeneration Events
142+ ### Token Permission Changes
141143
142- Track when authentication tokens were regenerated .
144+ Track changes in token permissions using the old_value field .
143145
144146` ` ` sql
145147select
146148 timestamp,
147149 action,
148150 actor,
149- token_id,
150- tp_source_ip
151+ permissions_added,
152+ permissions_unchanged,
153+ permissions_upgraded,
154+ old_value,
155+ new_value
151156from
152157 github_security_log
153158where
154- action like '%regenerate%'
159+ action = 'personal_access_token.request_created'
160+ and (permissions_added is not null or permissions_upgraded is not null)
155161order by
156162 timestamp desc;
157163```
158164
159165``` yaml
160- folder : Access Token
166+ folder : Personal Access Token
161167` ` `
162168
163- ### Repository-Specific Token Access
169+ ## Access Token Examples
164170
165- Monitor personal access tokens granted access to specific repositories.
171+ ### OAuth Application Authorizations
172+
173+ Monitor OAuth application authorization events.
166174
167175` ` ` sql
168176select
169177 timestamp,
170178 action,
171179 actor,
172- repositories,
173- permissions,
174- repository_selection
180+ oauth_application_name,
181+ oauth_application_id
175182from
176183 github_security_log
177184where
178- repositories is not null
179- and action in ('personal_access_token.access_granted', 'personal_access_token.request_created')
185+ action like 'oauth_authorization.%'
180186order by
181187 timestamp desc;
182188```
@@ -185,25 +191,21 @@ order by
185191folder : Access Token
186192` ` `
187193
188- ### Token Permission Changes
194+ ### Token Regeneration Events
189195
190- Track changes in token permissions using the old_value field .
196+ Track when authentication tokens were regenerated .
191197
192198` ` ` sql
193199select
194200 timestamp,
195201 action,
196202 actor,
197- permissions_added,
198- permissions_unchanged,
199- permissions_upgraded,
200- old_value,
201- new_value
203+ token_id,
204+ tp_source_ip
202205from
203206 github_security_log
204207where
205- action = 'personal_access_token.request_created'
206- and (permissions_added is not null or permissions_upgraded is not null)
208+ action like '%regenerate%'
207209order by
208210 timestamp desc;
209211```
0 commit comments