This analytic detection rule monitors for and alerts SOC analysts when classic branch protection rules are disabled within GitHub Enterprise repositories. Such branch protection rules are critical as they enforce necessary security protocols, including mandatory code review and restrictions on force pushes. Disabling these rules can significantly undermine code integrity, allowing potentially malicious actors to manipulate repositories and circumvent security controls, opening the door to code tampering and the introduction of security vulnerabilities. The detection utilizes GitHub Enterprise audit logs to identify events indicating the removal of branch protection, tracking various actor details (including IP addresses and locations) for enhanced contextual analysis. By employing this detection rule, organizations can proactively safeguard their software supply chains against unauthorized changes and maintain the integrity of their development processes.