This detection rule identifies the creation of sharing links for files and folders in SharePoint Online and OneDrive for Business environments. Sharing links, if not properly managed, can present security vulnerabilities by enabling unauthorized external user access to sensitive information. This detection utilizes Splunk logic to capture relevant events from cloud data sources, specifically filtering for occurrences where sharing links are created or added. It consolidates pertinent event data, which can include user information, access details, and cloud service specifics, to facilitate a robust review of potentially malicious sharing activities. Considering the techniques involved, this rule primarily aims at detecting data exfiltration via web services and unauthorized data collection from cloud storage, underpinning its essential role in defending against data leaks and maintaining corporate cybersecurity hygiene. The reference link provided highlights the risks associated with file-sharing features being misused for phishing and other malicious intents, reinforcing the valid need for monitoring such activities.