This detection rule is designed to monitor changes to the settings for forking private and internal repositories in GitHub. Specifically, it detects when the configuration that permits forking of these repositories is altered, either by enabling or disabling the feature. Such configuration changes can be pivotal for security as allowing forks can lead to sensitive information exposure. The rule requires the GitHub audit log streaming feature to be activated to capture relevant logs. Alerts are triggered for actions specifically related to clearing or enabling private repository forking. False positives may occur due to legitimate administrative actions.