This detection rule is designed to identify the creation of hidden scheduled tasks on Windows systems, which are scheduled tasks that are not visible in the graphical user interface (GUI) of the Windows Task Scheduler. The rule leverages Security Event Code 4698, which is generated when a scheduled task is created. By inspecting the properties of these tasks, particularly the 'Hidden' setting, the rule can flag potential malicious activity. This behavior is concerning because it can be indicative of malware attempts to establish stealthy persistence in the system without user knowledge, such as those seen in notable attacks like Industroyer2, or from the use of living-off-the-land binaries (LOLBINs) that may be employed to download additional payloads. Should this detection trigger, it warrants further investigation to determine if this task creation is benign or part of a nefarious action, such as unauthorized code execution or further exploitation of the system.