This detection rule identifies anomalous behavior related to the uploading of container images to AWS Elastic Container Registry (ECR) outside of standard business hours, which are defined as any time from 8 PM to 8 AM, including weekends. Leveraging AWS CloudTrail logs, the rule captures `PutImage` events to monitor for potential unauthorized access or insider threats. The significance of detecting these uploads lies in the possibility that they could indicate a compromised account or malicious activity aimed at deploying unauthorized containers. Such incidents pose a risk for data breaches or service disruptions, necessitating timely investigation and response.