This detection rule identifies calendar files that do not comply with the RFC standards and are transmitted from unsolicited senders. Specifically, it targets .ics files that lack the mandatory 'UID' identifiers while also containing specific components such as VTODO, VJOURNAL, VFREEBUSY, or VEVENT. The rule is particularly relevant in the context of phishing and social engineering attacks where attackers forge ICS invites, making them appear as if they come from a legitimate source. The rule employs a filtering mechanism based on the attachments' file extension and content type, and it analyses the contents of the calendar files for compliance with RFC guidelines. The potential for attackers to spoof calendar invites necessitates this detection approach, particularly considering the increasing utilization of calendar applications for organizational communication.