This detection rule identifies emails sent via Gsuite that contain links to known abuse web services like Pastebin, Telegram, and Discord. These services are frequently exploited by malicious actors to share dangerous payloads, making this detection vital for preventing potential malware delivery and phishing attempts within an organization. The rule utilizes Gsuite Gmail logs to pinpoint emails with specified domains in links, filtering them for internal testing addresses to minimize false positives. By logging these activities, it aims to safeguard sensitive information and organizational systems against abuses.