The AWS DNS Logs Deleted rule is designed to detect instances where logs for a DNS Resolver have been deleted in an AWS environment. This is accomplished by monitoring events in AWS CloudTrail, specifically targeting the deletion of resolver query log configurations. The rule captures and analyzes event data when the 'DeleteResolverQueryLogConfig' API call is made, which indicates that a query log configuration is being removed. The event data includes key details such as event time, event ID, source IP address, user identity, and request parameters. By observing such deletions, this rule aims to prevent potential malicious activities aimed at impairing security controls related to DNS logging. The severity of this threat is classified as low, but proper investigation should follow any detection to ascertain legitimacy. The associated MITRE ATT&CK technique indicates that it falls under 'Defense Evasion' related to log deletions.