The OpenCanary GIT Clone Request rule identifies and alerts on Git Clone requests made to a Git service running on OpenCanary nodes. As an experimental detection rule, it is primarily focused on monitoring application logs associated with OpenCanary, which is an open-source honeypot framework designed to emulate various services to attract and log attacks. The logs captured by this rule correspond to specific event types that are indicative of attempted reconnaissance or data collection by adversaries using GIT services, especially in environments where GIT is not expected to be accessed by unauthorized users. The rule utilizes a log type identifier (16001) to filter relevant logs, thereby minimizing false positives and enhancing the accuracy of detected incidents. This rule is part of the broader attack techniques mapped to MITRE ATT&CK framework under collection tactics, specifically T1213, which covers data from information repositories. It emphasizes the need for attention to potentially malicious activities aiming to retrieve version-controlled code or sensitive information from repositories.