This detection rule focuses on monitoring modifications to trust records within the Windows Registry, specifically targeting the path '\Security\Trusted Documents\TrustRecords'. Trust records are utilized by applications like Microsoft Office to verify the sources of macros, which can often be exploited by malicious actors to execute harmful scripts. The rule aims to identify instances when these trust records are altered, indicating potential modus operandi for initial access attacks via malicious macros. While this rule is robust in targeting suspicious modifications, it may generate false positives due to legitimate macro usage, thus requiring additional tuning to optimize its efficacy. The importance of this detection stems from the tendency for attackers to leverage trusted documents and macros to bypass standard security measures, making early detection critical in preventing further exploitation. References and further reading are provided to assist analysts in understanding the context and history of these threats.