This rule detects suspicious modifications to the Windows registry setting that defines the maximum number of connections per server. This specific registry key, located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer, can be targeted by attackers to increase the number of simultaneous connections to remote servers, potentially enabling denial of service (DDoS) attacks or facilitating lateral movement within a compromised network. The rule leverages data from Sysmon Events ID 12 and 13 to monitor for unauthorized changes to this registry path, which can indicate malicious activities. By identifying such modifications, security teams can take appropriate measures to investigate and mitigate potential threats. The usage of this rule is essential in protecting network integrity and ensuring that system configurations remain within expected parameters.