The rule 'Lambda Update Function Configuration with Layers' identifies when an AWS Lambda function's configuration is updated, particularly when layers are added. This is critical because the addition of Lambda layers may indicate potential security risks by introducing dependencies that could be exploited. The rule operates by analyzing AWS CloudTrail logs for any event indicating that a Lambda function configuration update has occurred, specifically when the 'UpdateFunctionConfiguration' API call is invoked. According to the configured severity level, a medium classification applies due to the necessity of warning about possible unauthorized modifications that may compromise the function's integrity or signal a lateral movement by an attacker. The rule is designed to trigger alerts for events where a Lambda function’s configuration is changed in a way that is atypical or unauthorized, requiring a follow-up investigation.