I also tried using the GraphQL Audit Log API to monitor significant auditable events only to find it supports a very limited subset of events you can view or export through the user browser interface.
The stock answer you get is your feedback has been added to an internal issue tracking customer feedback regarding the addition of these missing event types to the Audit Entry interface.
The limited set of events/interfaces are here
Broadly described in the documentatuon as
- Access to your organization or repository settings.
- Changes in permissions.
- Added or removed users in an organization, repository, or team.
- Users being promoted to admin.
- Changes to permissions of a GitHub App.
Suggest you you add you feedback rust as well.
The documentation says you can use the API to ensure a secure IP and compliance and also keep copies of your audit log data.
You clearly cannot use it get a copy of you your audit log data juat the limited subset of data.