This analytic rule is designed to detect the creation of Scheduled Tasks with names that exhibit high entropy, indicative of randomly generated names. It utilizes Windows Event ID 4698, which logs the creation of new Scheduled Tasks. By employing the `ut_shannon` function from the URL ToolBox Splunk application, entropy is calculated to identify suspicious task names with a high likelihood of being used by malicious actors. Such tasks are frequently employed by adversaries for smooth lateral movement and facilitate remote execution of arbitrary code, often using frameworks like Impacket or CrackMapExec. The detection of such anomalies is crucial for identifying potential threats to network security and preventing further compromise. The relevant Splunk command retrieves the event logs, extracts task names, calculates their entropy, and filters for results that exceed a predefined threshold, making it a vital component of endpoint security practices.