The 'Office Test Registry Persistence' detection rule identifies modifications to the Microsoft Office 'Office Test' Registry key, which can be exploited by attackers to execute a malicious DLL every time an MS Office application starts, thereby maintaining persistence on a compromised host. This rule specifically filters for registry modifications on Windows systems, excluding deletion events, to pinpoint potential misuse of this registry path. The rule is supported by various data sources from endpoint logs, M365 Defender events, and cloud funnel logs from SentinelOne. In its implementation, the rule contributes to threat detection for persistence and defense evasion tactics, aligning with MITRE ATT&CK techniques relating to registry modifications and Office application startups, providing a structured framework for investigation and response.