This detection rule identifies potentially suspicious calendar invites sent through GSuite that may indicate compromised accounts or malicious internal activity. By analyzing GSuite calendar logs, the rule focuses on scenarios where a user sends a high volume of calendar invites (over 100) within a compressed time frame of 5 minutes. Such behavior raises red flags as it could imply the dissemination of phishing attempts that involve malicious links or attachments. If confirmed, these activities can lead to widespread phishing attacks, unauthorized access, or malware distribution across an organization. The search query is designed to filter out legitimate calendar usage by excluding invites not targeting the internal domain, thereby enhancing the accuracy of malicious event detection. To implement this rule effectively, it is essential for organizations to have proper logging in place and to adapt the search parameters to reflect their specific email domains and organizational structures.