The rule 'Panther.Detection.Deleted' is designed to monitor the deletion of detection content within the Panther platform. It is classified as an 'Info' severity log. When detection content is deleted, it will generate audit logs reflecting the action, including relevant details such as the actor who performed the deletion, the type of actions executed, and the result of those actions. This helps in tracking user activities related to detection management, ensuring that any changes made to detection content are properly logged for review and compliance purposes. The system relies on the Panther Audit Log collection, assessing events based on structured criteria to guarantee no unauthorized deletions are taking place. Additionally, a review of the logs can serve as evidence for operational changes within the detection framework, assisting in improving security postures by identifying potential defense evasion tactics. The rule encompasses tests for both single detection deletions and multiple deletions, as well as a negative test to ensure that non-deletion actions do not generate false positives.