This detection rule is aimed at identifying potential security risks associated with the AWS API call 'DescribeImages' when the owner parameter is not specified. Upon executing this API without the owner filter, it can inadvertently expose Amazon Machine Images (AMIs) to unauthorized access or name confusion attacks, where an attacker might leverage the ability to query images from the AWS cloud environment without proper ownership verification. The rule captures specific API call events, dissects request parameters to extract details regarding the name of AMIs while ensuring the absence of an owner parameter. The logic is framed to monitor non-AWS source IPs, which can help pinpoint external threat sources. The analysis uses several regex captures and transformations to organize the relevant data, tracks it over time, and enhances it with geographical IP location insights, making this rule a crucial addition to a cloud security monitoring posture.