The ZIA Log Streaming Disabled rule is designed to detect instances when logging for Zscaler Internet Access (ZIA) has been disabled, which could indicate a reduction in monitoring capabilities. The rule is triggered when a DELETE action is logged concerning the NSS (Network Security Service) feeds in the ZIA audit logs. It specifically looks for actions performed by an administrator that result in changes to the log streaming configuration. Because this could inadvertently expose the organization to risks by hindering the visibility of network traffic and security events, it is classified under medium severity. There are predefined tests associated with the rule: one checks for the deletion of log streaming, while the other ensures that NSS creation does not occur simultaneously. As a part of the alerting mechanism, a runbook is included suggesting that if the log streaming was disabled unintentionally, the administrator should restore the previous settings. This points to the importance of maintaining proper logging for regulatory compliance and security monitoring purposes.