This analytic rule detects suspicious modifications to Windows registry settings that may indicate an attempt to disable security audit logs. The focus is on the 'Control\MiniNt' registry path, where modifications can prevent Windows from logging security events, thereby hindering security monitoring efforts. By analyzing Sysmon events (EventID 12 and 13), the rule identifies unauthorized changes in the registry. If malicious activity is confirmed, it allows attackers to execute actions undetected, compromising audit integrity and overall security. The implementation of this detection rule requires specific Sysmon log ingestion, specifically capturing the registry value details necessary for effective monitoring.