This detection rule identifies the creation of an AWS DataSync task using AWS CloudTrail logs. The creation of such tasks can be indicative of potential data exfiltration, particularly if attackers misuse DataSync to transfer sensitive data from a secure AWS environment to less secure or public locations. This rule specifically looks for `CreateTask` events, which can signify unauthorized attempts to access or transfer sensitive information. Given the critical nature of the data that can be transferred via DataSync, detection of this activity is crucial for maintaining data security and preventing breaches. The rule incorporates various fields such as source IP, user identity, and geographical information to assist in identifying and mitigating risks arising from potentially malicious DataSync task creations.