This detection rule monitors for the disabling of HTTP logging on a Windows IIS web server, which can be an action associated with evasion tactics employed by threat actors, particularly Threat Group 3390 (Bronze Union). The rule specifically looks for the process creation of the application 'appcmd.exe', which is the Windows utility for managing IIS servers. It captures the command line arguments passed to this utility, particularly those indicating that logging should be disabled (e.g., 'set config section:httplogging dontLog:true'). This action is indicative of an effort to obfuscate web traffic behaviors and evade detection mechanisms. The high severity of this rule is due to its correlation with malicious activities aimed at compromising web server observability, which could potentially facilitate further exploits or data exfiltration.