Compliance Rules

2 detection rules in this category.

Rule	Severity	MITRE	Source
Audit logging config changed	Critical	T1562.008	AuditLog
DLP policy deleted	Critical	T1562.001	AuditLog

---

Audit logging config changed

Property	Value
Severity	🔴 Critical
Source	AuditLog
MITRE	T1562.008 (Defense Evasion)

Audit log configuration changed - possible tampering

Conditions

• Match: all
• Operation Equals Set-AdminAuditLogConfig

---

DLP policy deleted

Property	Value
Severity	🔴 Critical
Source	AuditLog
MITRE	T1562.001 (Defense Evasion)

DLP policy deleted - data protection removed

Conditions

• Match: all
• Operation Equals Remove-DlpCompliancePolicy