This detection rule identifies when a repository is deleted within a GitHub Organization by monitoring audit logs for `repo.destroy` events. Utilizing various attributes such as actor details, repository metadata, and action timestamps, it facilitates the prompt detection of potentially harmful activities. The relevance of this rule lies in subverting malicious actors who might exploit repository deletions to erase valuable source code, intellectual property, or evidence of cyber breaches. Besides the immediate loss of repositories, such actions can disrupt development workflows and lead to severe financial repercussions if backups are not adequately maintained. This monitoring capability emphasizes the need for SOC (Security Operations Center) teams to act swiftly, enabling investigation and potential restoration of lost repositories. It encourages best practices around backup maintenance and security monitoring to mitigate risks associated with unauthorized deletions.