This detection rule identifies modifications to the Windows registry key `ProxyEnable`, which controls proxy settings for network traffic. By monitoring changes in this key, particularly when it is set to `0x00000001` (which enables the proxy), the rule looks for potentially nefarious activities commonly associated with malware and threat actors who use proxies for covert communication—such as connecting to Command and Control (C2) servers. Proxy manipulation is a significant threat as it can allow unauthorized traffic redirection, facilitating data exfiltration and compromising system security. This rule utilizes data sourced from Sysmon Events, specifically EventID 12 and EventID 13, to collate relevant registry modifications, thus ensuring efficient threat detection targeting Windows endpoints.