When a new ESA rule is deployed, it may be observed that disabled rules are also inadvertently deployed.
This issue is permanently resolved in Security Analytics 10.5.1.0.
Review all ESA rules directly after the deployment of new rules. If any disabled rules are found enabled that should not be, disable them again. Alternately, review ESA rules and delete any disabled rules if they are no longer required.