Dispostion will be be either Allow or Deny
If the policy is set to Prevention Disabled (Log Only) then the Disposition will always be Allow
The Operation is the call being made to the Windows API such as NtOpenKey to open a registry key, NtCreateFile to create or modify a file on the system, or Connect when a process is trying to communicate over the network.
Please mark as SOLVED if this answers your question
-Shane