This detection rule focuses on monitoring the AWS API call `GetBucketObjectLockConfiguration`, which is critical for organizations utilizing Amazon S3 for cloud storage. An attacker that gains unauthorized access to an AWS environment can leverage this API to query the Object Lock configurations of S3 buckets, potentially revealing insights into how data retention and immutability are enforced. The `GetBucketObjectLockConfiguration` call allows users to retrieve Object Lock settings that dictate how long objects are protected from deletion or modification, thus enabling the threat actor to plan subsequent malicious activities such as data exfiltration or modification strategies. The Splunk logic provided captures relevant fields, aggregates the data over time, and enhances it with DNS and geolocation information, which aids in identifying the source and intent of potentially malicious activity.