The rule 'Wiz Update Scanner Settings' is designed to detect changes to the settings of the Wiz scanner application, specifically any updates performed on its scanning configurations. The primary goal of this detection is to ensure user awareness of potentially unauthorized or unexpected modifications to security settings which could lead to security risks. This rule checks for entries in the 'Wiz.Audit' log type that correspond to updates of scanner settings. The expected behavior is to flag any updates that occur under circumstances that are not pre-approved or scheduled. If an update is detected that does not match these criteria, the response should involve reverting the unauthorized changes and implementing measures to prevent future occurrences. Furthermore, this rule is integrated with the MITRE ATT&CK framework, specifically under tactic TA0005, technique T1562.001, indicating its relevance in detection and response scenarios.