GitHub organization removed from an Enterprise account
Description
AlphaSOC detected that a GitHub organization was removed from an enterprise account. This action eliminates enterprise-level security controls that protect organizational repositories and development infrastructure.
Impact
Removal of an organization from the enterprise can impact security posture by eliminating enterprise-level access controls such as audit logging. This action could lead to loss of visibility into the organization's activities and potential future compromise of the environment, including unauthorized access to repositories, data exfiltration, or other malicious activities.
Severity
| Severity | Condition |
|---|---|
Low | GitHub organization removed from an enterprise |
Investigation and Remediation
Review GitHub enterprise audit logs to verify whether this action was authorized and identify the user account responsible for the removal. If unauthorized, contact GitHub support to attempt restoration of the organization to the enterprise, rotate any potentially compromised accounts, and audit the environment, especially member permissions, to prevent future unauthorized removals.