Detects when a user connects an external integration to their Anthropic account, logging details of the connection to support compliance visibility into external data pathways. The rule records the actor (type user_actor, email, user_id, IP, user_agent), the integration_type (e.g., github, google_drive), event type (integration_user_connected), organization context, and timestamp. It enables investigation into third-party connections and potential data exposure. The runbook guides correlating activity within a 1-hour window around the event, checking whether the actor has connected other integrations in the past 30 days, and whether the actor's IP matches previously seen addresses. The rule maps to MITRE ATT&CK TA0009:T1530. Example tests include a GitHub integration connection (expected true) and a non-matching event type (expected false). This rule is enabled and currently labeled as Experimental, serving compliance and governance needs for external service integrations in the Anthropic ecosystem.