This rule detects inbound ICS calendar file attachments that reference AWS Lambda URLs. It triggers when an attachment has a .ics extension or a content type of application/ics or text/calendar, and the attachment content contains the case-insensitive substring 'lambda-url'. The intent is to identify calendar invites that fetch or reference external resources via an AWS Lambda URL, which could be used to deliver malicious payloads or redirect users to suspicious resources. Detection relies on file/content analysis and URL analysis of the ICS attachment, flagging potential credential phishing or malware delivery vectors. The rule is labeled as medium severity and is associated with evasion techniques and the use of free file hosting to host payloads, reflecting a focus on suspicious external references embedded in calendar invites.