The 'Gsuite Suspicious Shared File Name' rule focuses on detecting potentially harmful shared files within Google Drive that use filenames typically associated with spear phishing attacks. This analytic utilizes logs from GSuite Drive to monitor documents with titles that contain specific keywords such as 'dhl', 'ups', 'invoice', and 'shipment'. These words are often used by attackers to entice victims into opening malicious documents or clicking on harmful links, which may result in unauthorized access, data breaches, or further compromises of the victim’s system. This detection rule not only highlights the presence of suspicious filenames but also filters out internal test emails to minimize false positives, enhancing the effectiveness of the detection process. By ensuring that logs related to the file type, source, and destination emails are ingested, this rule can be seamlessly implemented in a secure environment leading to an improved security posture against social engineering attacks.