This detection rule is designed to identify instances where files uploaded to SharePoint have been flagged as malware by the file scanning engine. Such uploads pose a significant risk as attackers can use the file sharing capabilities of SharePoint to spread malware laterally within an organization, potentially leading to broader compromise. Users may inadvertently upload malicious files without being aware, thus presenting opportunities for attackers to gain initial access to other endpoints. The rule focuses on specific audit events indicating a file's malicious detection within SharePoint, alerting security teams to potential lateral movement threats. The investigation process involves reviewing event details, examining user accounts and file metadata, checking file sharing permissions, and analyzing the upload source. Responding to incidents detected by this rule includes isolating the affected SharePoint resources, notifying security personnel, quarantining the malicious content, and implementing enhanced monitoring for future detections.