This detection rule identifies malware infections associated with files uploaded to OneDrive storage within organizations using Microsoft 365. Adversaries can utilize OneDrive for lateral movement by uploading malicious files that, once shared, may inadvertently gain access to more systems or users. The rule operates by filtering events within the 'o365.audit' dataset, looking specifically for events flagged by Microsoft's security environment concerning file operations that indicate malware detection. By reviewing the actions taken on shared files, the organization's security teams can investigate, contain, and remediate risks related to malicious file uploads. This proactive monitoring significantly aids in preventing potential breaches and mitigating the spread of malware across company networks.