DEV Community

Leo
Leo

Posted on • Originally published at cicd.deployment.to

GitHub streams Copilot agent sessions to the SIEM, in preview

GitHub put Copilot agent session streaming into public preview on July 2, and for anyone whose runners are already delegating shell work to a coding agent the headline is simple: the prompts, responses and tool calls that used to live inside a proprietary black box are now shippable to a SIEM. Per the changelog, enterprise managed users on GitHub Enterprise Cloud can turn it on from the Copilot subpage under AI Controls. The catch is who this is for, and how much history you actually get.

What the stream carries

GitHub is exposing three things from Copilot agent sessions: prompts, responses, and tool calls. The changelog names the surfaces it covers: cloud agents on github.com, data-resident deployments on ghe.com, GitHub Copilot CLI, Visual Studio Code, Visual Studio, and the JetBrains and Eclipse partner IDEs. If a Copilot agent runs there, the session is in scope.

The distinction that matters at 3am is "tool calls". A prompt-and-response log tells you what the developer typed and what the model said back. A tool-call log tells you which files the agent opened, which commands it ran, which endpoints it reached. That is the log you want in front of you when the question is "which PR did the runaway agent open at 4:15?"

Turning it on

The plumbing is not automatic. GitHub says administrators toggle it in AI Controls, on the Copilot subpage, by selecting "Enable everywhere" for both "Copilot Usage Records Streaming" and "Copilot Usage Records API". Two egress paths ship together. A streaming endpoint pushes to an event collector or SIEM, with Microsoft Purview listed as the supported target (itself in public preview). A REST endpoint at GET /enterprises/{enterprise}/copilot/usage-records covers pull-based access for tools that want to poll.

Both are gated behind the same license bar: GitHub Enterprise Cloud with enterprise managed users. Teams on smaller plans, or on Enterprise Cloud without EMU, get nothing here.

The 48-hour window

The REST endpoint returns only the last 48 hours of session data, per the changelog. That is not a bug, but it is a design constraint worth naming. Two days is enough to reconstruct an incident that broke on-call. It is not enough to answer a compliance question from a quarterly audit. Anything longer has to be picked up by whatever the streaming endpoint feeds, which means the retention responsibility moves to the SIEM.

For platform teams, the practical read is that the API is a live diagnostic surface and the stream is the archive. Wiring them up as if they were interchangeable will end with someone asking for a session from three weeks ago and getting nothing back.

Where it sits in the audit chain

CI systems have spent years learning to attribute actions to identities: which runner did what, against which token, at what time. Copilot agents cut across that model. The identity is a developer's, but the intent is generated by a model. Before this preview, the answer to "what did the agent actually do" was proprietary telemetry, held by GitHub, exposed only in the Copilot UI.

Streaming those events out closes the biggest gap on the observability side. It does not close the gap on control. Nothing in the changelog talks about blocking a session in flight or rate-limiting per-tool-call spend. Those levers live elsewhere in the Copilot stack, in session limits, cost centers and managed settings. This preview does not touch them.

What is still preview about it

Two things are stacked in "public preview" today: the feature itself, and Microsoft Purview as its supported streaming target. Enterprises hoping to route agent events into a non-Microsoft SIEM will need to watch whether GitHub broadens the endpoint list, or plan on a bridge component in front of Purview. The REST route is available regardless, but its 48-hour window makes it an operational tool, not a substitute.

For now the offer is narrow but concrete: prompts, responses and tool calls, out of the Copilot black box and into whatever the security team already reads, on preview terms and behind an EMU-tier license. That is real progress on the visibility side. The control-plane work is still ahead.

Top comments (0)