This detection rule is designed to monitor the GitHub organization audit log for changes involving the addition or invitation of new members to an organization. The rule specifically looks for two actions: 'org.add_member' and 'org.invite_member'. To function properly, the audit log streaming feature must be enabled, allowing the collection of relevant logs for analysis. This type of monitoring is essential for organizations to maintain security vigilance and detect any unauthorized additions that may pose a risk to sensitive repositories. The rule is categorized as 'informational', indicating that its primary use is to track legitimate organizational changes rather than to signal a direct security threat. It's important to note that one potential false positive could arise when organizations approve new members, which is a standard operational activity.