This rule is designed to detect unusual behavior in Microsoft 365 concerning file deletions reported by Microsoft Cloud App Security. Specifically, it monitors event logs for instances where a user has deleted an unusually high number of files, which may indicate potential data exfiltration or malicious actions. The rule operates by analyzing events sourced from the Security Compliance Center with a focus on successful deletion activities. When the specified conditions are met, the rule triggers an alert to notify security teams, helping mitigate risks associated with insider threats or compromised accounts. By focusing on volume-based anomalies in file deletion, the rule aims to catch patterns that standard logging might overlook, thereby enhancing the organization’s security posture against data loss incidents.