Tag
This rule detects a high number of unique private repository clone events originating from a single Github personal access token (PAT) within a short time period, potentially indicating unauthorized access and exfiltration of sensitive code.