Tag
This rule detects attempts to disable auditing for security-sensitive audit policy sub-categories on Windows systems, often done by attackers to evade detection and forensic analysis.