This detection rule identifies events related to the update or deletion of data classifiers within the Wiz platform. It is crucial for maintaining data governance and ensuring that any unexpected changes to data classification can be promptly addressed. The detection focuses on the audit log entries generated when a data classifier is altered or removed, allowing administrators to verify whether such changes were intended or could indicate improper access or modification by insiders or external actors. The rule operates by monitoring specific log actions such as 'DeleteDataClassifier' and correlating them with expected outcomes. Any unauthorized modifications trigger alerts for further investigation, helping organizations maintain compliance and data integrity.