Tag
This rule identifies attempts to disable auditing for security-sensitive audit policy sub-categories on Windows systems, often employed by attackers to evade detection and forensic analysis.