The rule "ZIA Golden Restore Point Dropped" is designed to detect instances when a golden restore point within the Zscaler Internet Access (ZIA) platform has been dropped, indicating that data that was previously undeletable can now be deleted. This situation may pose a risk if the change was unplanned or if the golden restore point contains critical data. The detection is triggered under specific conditions monitored through admin audit logs. Key indicators include a record of administrative actions related to backup and restore processes, especially focusing on the transition from a state where the golden restore point exists to a state where it no longer does. The rule evaluates audit log entries for events classified under 'UPDATE' and assesses the status of 'goldenRestorePoint' to ascertain whether it has been changed from true to false. The rule specificity ensures that only legitimate events are flagged, reducing false positives and enabling prompt investigation or remediation based on the severity of the event.