McAfee Enterprise's MVISION Cloud for Github allows Security Operations Center (SOC) Admins to monitor user activity in Github, enforce DLP policies, and review threats detected by MVISION Cloud’s UEBA (User and Entity Behavior Analytics) and machine learning algorithms. This topic provides information on how to configure MVISION Cloud for Github.
For information on activity monitoring, data loss prevention, and threat protection support on MVISION Cloud for Github, see About MVISION Cloud for Github.
Before you enable API for Github, the following prerequisites are required:
- Enable the feature by reaching out to your Sales Representative to get the tenant ID administrator login credentials.
- Get the admin credentials for Github hosted on the cloud.
- Get a list of Github organizations to be monitored.
- Make sure that the admin has the owner role in the organizations to be monitored.
Enable Github API in MVISION Cloud
- Log in to MVISION Cloud with your tenant and go to Settings > Service Management.
- Click Add Service Instance, select GitHub.
- Enter a name for the instance and click Done.
- Select the Github instance you created.
- Go to the Setup tab and under API, click Enable.
- On the Enable API page, click Provide API Credentials.
- Enter your Github credentials in the email and password. Click Submit.
- You are redirected to Authorize McAfee Enterprise MVISION Cloud For Github page. The following permissions are required for Github:
- Organization webhooks. Required Read and Write permission.
- Organization and teams. Required Read-Only permission.
- Repositories. MVISION Github requires Read permission only. But Github doesn't provide any granular level permission for Read-Only, so it is set to Read and Write. For more details, refer to Github documentation and see Scopes for OAuth Apps.
- Click Authorize instance.
Once these permissions are authorized, MVISION Cloud receives Github events.
Validate McAfee Enterprise MVISION Cloud Authorization in Github
- Log in to the Github console.
- Under Authorized OAuth Apps, you can view the Github enabled for McAfee Enterprise MVISION Cloud application.
- Click McAfee Enterprise MVISION Cloud For Github to view the permissions and Organization access.
Add GitHub Organizations
To add GitHub organizations for monitoring, perform the following:
- Disable API access for GitHub in MVISION Cloud.
- Go to GitHub user Settings > Applications > Authorized OAuth application and revoke the MVISION Cloud application.
- Enable API access and grant permissions for additional organizations.