The O365 SharePoint Malware Detection rule aims to identify the presence of malicious files in the SharePoint Online environment, which is part of the Microsoft Office 365 suite. This detection is based on events logged in the O365 Universal Audit Log, particularly those capturing instances where a file has been flagged as containing malware. Attackers often exploit cloud services, like those provided by Microsoft Office 365, to stage attacks or disseminate malicious payloads. As Office 365 provides built-in malware detection capabilities, it is crucial that any alerts generated from these capabilities be closely monitored and acted upon promptly. The rule utilizes a search query to aggregate data about the identified malicious files, including file names, signatures, and timestamps of the detected events. This information is key for security teams to track and respond to possible security incidents effectively. To implement this detection rule, users must have the Splunk Microsoft Office 365 Add-on installed to ingest relevant management activity events from Office 365.