# GitHub Audit Logs

## Overview <a href="#h_c716dda7a1" id="h_c716dda7a1"></a>

The assessment of excessive permissions to GitHub requires full visibility into all activity in the organization. However, the GitHub Audit API is [available only for organizations with enterprise plan](https://github.com/pricing#compare-features).

Follow the steps in this article to get the full benefits of organization with an enterprise plan.

## Export Audit Log <a href="#h_face6b4ad1" id="h_face6b4ad1"></a>

1. Navigate to the following audit trail page by replacing your organization name with `ORG_SLUG`: <https://github.com/organizations/`ORG_SLUG`/settings/audit-log>. If you have access to the organization's audit log, the top of the page should be similar to the screenshot below.

<figure><img src="/files/m1bBkZAQfPuk8vzJHh3I" alt=""><figcaption></figcaption></figure>

Otherwise, if you are not authorized, a page with the status code 404 will appear instead. In this case, ask an authorized user in your organization to follow this article.

1. Click on Export and select the JSON export format. It may take a few seconds to generate the file and download it.

<figure><img src="/files/tICMabuyugfU3PSqonfb" alt=""><figcaption></figcaption></figure>

## Upload the file to Arnica <a href="#h_bfc30b85b6" id="h_bfc30b85b6"></a>

The file upload functionality is visible only if at least one GitHub organization with a non-enterprise plan is integrated.

The message below is presented in the Risks and Inventory pages if the last event is older than 7 days.

<figure><img src="https://downloads.intercomcdn.com/i/o/447215244/a322f3f98ec2f07f16406b04/Screen+Shot+2022-01-12+at+10.36.42+AM.png" alt=""><figcaption></figcaption></figure>

Audit logs can be added from the Integrations page under the Admin section.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.arnica.io/arnica-documentation/getting-started/scm-integrations/github/github-audit-logs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.