This rule is designed to detect potentially malicious calendar invites sent via email when the invite is delivered as an ICS file attachment. Specifically, it targets messages that have a single ICS file attachment with a filename starting with 'meeting_' followed by five alphanumeric characters. This strategy leverages social engineering tactics commonly experienced in business email compromise (BEC) and credential phishing scenarios where attackers craft seemingly legitimate meeting invitations to lure users into clicking on malicious links or divulging sensitive information. The detection mechanism checks both the file extension and content type to ensure accurate identification of the ICS file format, thereby minimizing false positives.