This detection rule aims to identify unauthorized attempts to perform a full data export within Bitbucket, a popular Git repository management tool. The rule specifically observes events logged under the 'Data pipeline' category and the action 'Full data export triggered'. When such an event is detected, it may indicate a potential data exfiltration attempt, especially if initiated by a user that does not have legitimate reasons to export data. The detection relies on Bitbucket's audit logging functionality, which must be set to 'Advance' to capture the relevant events. False positives may arise from legitimate user actions as authorized personnel may have reasons to perform full exports of data for backup or migration purposes. Therefore, subsequent analysis is needed to determine the context of the export action when triggered. This rule is beneficial for maintaining data integrity and preventing potential data breaches by monitoring sensitive operations in Bitbucket.