This detection rule monitors changes to the visibility of GitHub Pages sites associated with repositories. Specifically, it triggers when a site's visibility is changed to public, which typically occurs during the publishing process. However, this action can also indicate potential security issues, such as unauthorized users exposing sensitive code or information inadvertently or maliciously. The rule is vital for organizations using GitHub to ensure that sensitive data is not unintentionally made publicly accessible, especially in scenarios where repositories contain proprietary information or unreleased software. The detection is based on monitoring audit logs within GitHub, particularly when a 'repo.pages_public' action is logged. It is important to differentiate between legitimate publishing activities by authorized users and malicious intent. The low severity level indicates that while this is an important event to monitor, it may not always indicate an immediate threat. Awareness and protocols around how and when pages are published can mitigate risks associated with accidental exposure.