This detection rule identifies the creation of hidden scheduled tasks on Windows systems, a method often exploited by threat actors to execute malicious actions without user awareness. In this context, 'hidden' refers to tasks designed to run without displaying any visual interfaces, thereby avoiding detection by users or traditional security measures. The rule leverages Windows Event Code 4698, which indicates a scheduled task creation event. It specifically filters for events containing the 'Hidden' attribute set to true, allowing analysts to promptly identify potential intrusion attempts akin to those observed in incidents tied to the Industroyer2 malware. By monitoring these events, organizations can enhance their defense against covertly executed malicious activities and ensure better visibility into the security posture of their Windows environments.