This detection rule is designed to identify when two-factor authentication (2FA) requirements are disabled in GitHub Organizations, as recorded in GitHub's audit logs. The rule pipeline monitors actions related to disabling 2FA by capturing actor details, organization information, and associated metadata. Disabling 2FA is a critical security concern because it may indicate an attempt to weaken the security controls protecting user accounts. Without 2FA, accounts are more vulnerable to unauthorized access, even if passwords are compromised. The rule emphasizes that disabling these security measures can lead to serious ramifications like account takeovers, unauthorized access to sensitive content, and broadening of security breaches within the software supply chain. Safeguarding against such actions is vital for maintaining the integrity of software development processes and protecting intellectual property. The rule utilizes Splunk for detection through tailored queries, requiring the ingestion of specific GitHub logs for effective monitoring.