This detection rule targets modifications to the Windows registry setting `PromptOnSecureDesktop`, which plays a crucial role in User Account Control (UAC) mechanisms. By monitoring registry modification events, this rule aims to identify potential abuse of UAC to elevate process privileges. UAC helps prevent unauthorized changes by prompting the user for confirmation or an administrator password, thus maintaining security at various integrity levels. Adversaries can exploit the registry modification of `PromptOnSecureDesktop` to achieve privilege escalation by bypassing UAC prompts. The rule captures relevant events (EventCode 1 and EventCode 13) related to changes made to the specified registry key. By integrating with Splunk, it consolidates event data efficiently to highlight any suspicious alterations that could indicate an attempt to disable or manipulate UAC functions, thereby facilitating further investigation into potential security incidents.