This analytic rule detects the deletion of CloudWatch log groups in AWS, which is identified through `DeleteLogGroup` events in Amazon CloudTrail logs. The detection relies on the analysis of Amazon Security Lake logs parsed in the Open Cybersecurity Framework standard format. Deletion of CloudWatch log groups poses significant risks as attackers might utilize this method to obfuscate their malicious activities, effectively hindering forensic investigations and diminishing incident response capabilities. Such actions can allow adversaries to cover their tracks post-exploitation, making it harder for organizations to trace unauthorized actions and potentially facilitating further intrusions or data breaches within AWS environments. Operationalizing this rule involves ingesting relevant CloudTrail logs into Splunk and configuring searches based on the provided detection logic.