The detection rule titled 'Azure Application Gateway Modified or Deleted' is designed to monitor and identify significant administrative actions performed on Azure Application Gateways, specifically when they are modified or deleted. This detection is crucial for maintaining the security and integrity of the cloud environment, as such actions could indicate unauthorized changes that might compromise application availability or security. This rule leverages Azure activity logs to capture operations associated with the Application Gateways service that include both the WRITE and DELETE actions under the Microsoft.Network resource provider. A medium severity level has been assigned to this rule, reflecting the impact of potential unauthorized modifications or deletions. The rule includes considerations for false positives, highlighting scenarios where legitimate administrative actions may trigger alerts, thereby allowing for contextual review of such changes before concluding potential malicious activities. It is recommended to investigate modifications or deletions performed by unfamiliar user identities or agents.