This detection rule identifies any changes made to the global SSH access configuration within Bitbucket. By monitoring the audit logs with an "Advance" log level, it looks specifically for audit events categorized under "Global administration" where the action indicates that the SSH settings have been altered. Such changes may be indicative of lateral movement or defense evasion tactics being employed by an attacker. The rule is designed to trigger an alert when the defined detection criteria are met, enhancing the security posture by ensuring that any unauthorized changes to SSH configurations are promptly identified and acted upon.