This detection analytic monitors GitHub Enterprise audit logs for events indicating that a repository has been archived. The rule tracks the details of the actor responsible for the archival, the repository information, and associated metadata to identify potential unauthorized archival actions that could suggest account compromise or insider threats. Archiving is a legitimate function, but it can become a point of concern when active repositories are archived without clear justification. Such an action can disrupt development workflows and CI/CD pipelines, potentially leading to significant business delays if critical repositories are affected. The rule aims to detect any unauthorized archival events, which is essential for maintaining the integrity of software development processes. By having robust monitoring in place for repository state changes, organizations can take timely action to prevent potential exploitation, including the risk of subsequent deletions that may lead to permanent data loss if not properly backed up.