The 'Wiz Connector Updated Or Deleted' detection rule is designed to monitor and respond to changes made to data connectors within the Wiz platform. It effectively identifies when connectors are updated or deleted, which may either be part of legitimate operational changes or indicative of unexpected, potentially malicious behavior. The rule is enabled by monitoring audit logs tagged as 'Wiz.Audit' and is set to trigger when there is at least one event occurring within a minute, thereby ensuring a timely response to any unexpected alterations. The testing framework supports both successful and failed operations by verifying the expected results against actual log entries. In the event of a detected deletion or update, the prescribed runbook advises confirming whether such changes were intentional prior to taking any further action. If the change is found to be unplanned, it should be reverted to maintain system integrity. The rule has a medium severity rating due to the potential impact that unauthorized connector modifications could have on security posture and service functionality.