This detection rule is part of the Elastic Defend framework and is designed to trigger alerts whenever a malicious file prevention alert is generated. The rule specifically targets events where malicious files are prevented from execution by Elastic Endpoint Security. The alert generation relies on a combination of supervised machine learning models and yara signatures to classify the threats. Key fields for investigation include the classification score and signature metadata, allowing for a detailed analysis of the file and its potential malicious characteristics. The rule is intended to facilitate immediate investigation into these alerts, guiding analysts through possible next steps such as validating file signatures, analyzing process activities, and taking remedial actions if malware is confirmed. Importantly, this rule excludes detection-only alerts and selectively processes malicious file prevention cases, offering analysts a focused scope for urgent investigations.