Clarified the conditions under which IP addresses are displayed in the audit log for api.request events. (#58083)

Author: tallzeebaa

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise.md

@@ -36,7 +36,7 @@ If members of your enterprise access {% data variables.location.product_location
 * Interactions with a resource owned by the personal account, including a repository, gist, or project
 * Interactions with a public repository owned by an organization in your enterprise
 
-{% data variables.product.github %} does not display IP address in the audit log for `api.request` events triggered by GraphQL requests.
+{% data variables.product.github %} does not display IP addresses in the audit log for `api.request` events that do not have repository context, such as requests triggered by GraphQL or requests to endpoints that reference only a user or organization.
 
 ## Enabling display of IP addresses in the audit log
 

content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization.md

@@ -36,9 +36,9 @@ After you enable the feature, you can access the audit log to view events that i
 
 {% data variables.product.github %} displays an IP address for each event in the organization audit log that meets these criteria.
 
-* The actor is an organization member or owner
+* The actor is an organization member or owner.
 * The target is either an organization-owned repository that is private or internal, or an organization resource that is not a repository, such as a project.
-* For `api.request` events, the request was not triggered by GraphQL.
+* For `api.request` events, the request must have repository context; requests triggered by GraphQL or to endpoints that reference only a user or organization do not meet this condition.
 
 ## Enabling display of IP addresses in the audit log