From 53cfeb76e3c57ab74c477b1023b45f04bbce6a7b Mon Sep 17 00:00:00 2001
From: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
Date: Tue, 3 Dec 2024 20:32:55 +0530
Subject: [PATCH] Add event dataset for missing rule in Github integration
 (#4278)

---
 .../integrations/github/impact_github_repository_deleted.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/integrations/github/impact_github_repository_deleted.toml b/rules/integrations/github/impact_github_repository_deleted.toml
index 287db18a7..614e7ade0 100644
--- a/rules/integrations/github/impact_github_repository_deleted.toml
+++ b/rules/integrations/github/impact_github_repository_deleted.toml
@@ -2,7 +2,7 @@
 creation_date = "2023/08/29"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/11/27"
+updated_date = "2024/12/03"
 min_stack_version = "8.12.0"
 min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
@@ -33,7 +33,7 @@ timestamp_override = "event.ingested"
 type = "eql"
 
 query = '''
-configuration where event.module == "github" and event.action == "repo.destroy"
+configuration where event.module == "github" and event.dataset == "github.audit" and event.action == "repo.destroy"
 '''