This procedure is specifically for cloud-hosted GitHub deployments. For on-prem, refer to GitHub Self-Hosted (On-Prem) Setup for Workbench.

This article explains how to connect GitHub Cloud to Workbench.

Prerequisites

You must have:

  1. A GitHub Enterprise account license. For more information, see GitHub's products.

Quick Links

  1. Install the Cloud-Hosted GitHub App

  2. Configure the Technology in Workbench

  3. Update Your GitHub Logs to Record/Display IP Addresses

Step 1: Install the Cloud-Hosted GitHub App

Expel uses a GitHub App as part of the onboarding process. During installation, the Expel GitHub App receives the following organization-level privileges:

  • Members: Read+Write

  • Administration: Read-Only

Note
GitHub doesn't log user identities, making it difficult to track suspicious activity at the user level. To solve this problem, Expel uses Write Permissions to map GitHub data to a user's identity.

  1. Go to the ExpelGitHubIntegration installation and select Configure.
  2. Follow the steps to install the application within the GitHub organization you want to onboard.

    Note
    If you have multiple organizations, create a separate Security Device in Workbench for each organization.

  3. Copy the installation ID from the URL in your browser’s address bar for use later in this process. It is the number sequence at the end of the URL after the last /.

Step 2: Configure the Technology in Workbench

Now that we have the correct access configured and noted the credentials, we can integrate your tech with Workbench.

Note
Expel secures all login information our SOC analysts need about your devices in an MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.

  1. In a new browser tab, log in to https://workbench.expel.io/settings/security-devices?setupIntegration=github.

    mceclip2.png
  2. For Where is your device? select Cloud.

  3. Complete these fields using the credentials and information from Step 1:

    • For Name, type the name of your GitHub organization.

    • For Location, type Cloud.

    • For Organization name, type the name of your GitHub organization.

    • For Enterprise slug, type the enterprise slug URL. This is only required if you use an enterprise SAML identity provider; otherwise you can leave it blank.

    • For Application ID, type the installation ID from Step 1.

  4. Leave the other fields blank.

  5. Click Save.

Step 3: Update your GitHub Logs to Record/Display IP Addresses

While not required, consider updating your GitHub audit logs to record/display IP addresses. These addresses are not automatically logged in GitHub. This is a key field when the SOC analysts investigate GitHub activity.

Follow the instructions located here for steps to set this up.