Skip to main content

GitHub organization removed from an enterprise

ID:github_organization_removed_from_enterprise
Data type:GitHub
Severity:
Low
MITRE ATT&CK:TA0040:T1485

Description

AlphaSOC detected that a GitHub organization was removed from an enterprise account. This action eliminates enterprise-level security controls that protect organizational repositories and development infrastructure.

Impact

Removal of an organization from the enterprise can impact security posture by eliminating enterprise-level access controls such as audit logging. This action could lead to loss of visibility into the organization's activities and potential future compromise of the environment, including unauthorized access to repositories, data exfiltration, or other malicious activities.

Severity

SeverityCondition
Low
GitHub organization removed from an enterprise

Investigation and Remediation

Review GitHub enterprise audit logs to verify whether this action was authorized and identify the user account responsible for the removal. If unauthorized, contact GitHub support to attempt restoration of the organization to the enterprise, rotate any potentially compromised accounts, and audit the environment, especially member permissions, to prevent future unauthorized removals.