This detection rule identifies when a Route53 Resolver Query Log Configuration is deleted in AWS. The deletion of such configurations can stop logging of DNS queries and responses, allowing potential adversaries to evade detection and obscure unauthorized activities within a network. This is a common tactic used by attackers to mitigate exposure during or after compromise by removing evidential logs of their interactions. The rule utilizes AWS CloudTrail logs to detect successful deletions of query log configurations by filtering for events where the action 'DeleteResolverQueryLogConfig' is invoked by the Route53 Resolver. Investigators are encouraged to analyze deletion events, assess user permissions, and correlate incidents to discern if the deletion is malicious or legitimate.