This detection rule identifies the registration of new ODBC drivers within the Windows Registry. It specifically looks for changes in the registry under the path '\SOFTWARE\ODBC\ODBCINST.INI\' where new driver entries are typically added. The main criteria for a match include the presence of the 'Driver' keyword in the target object, indicating that a new ODBC driver has been registered. Additionally, the rule incorporates filters to minimize false positives by excluding well-known SQL Server and Microsoft Office ODBC drivers, so that only suspicious registrations outside of these categories trigger an alert. This helps in focusing on potentially malicious activity, such as persistence mechanisms exploited by attackers through the registration of unauthorized ODBC drivers.