This rule detects the creation of manual or public snapshots in AWS RDS (Relational Database Service). An attacker may create a manual snapshot to exfiltrate sensitive database content to another AWS account. The rule monitors AWS CloudTrail logs to identify any `CreateDBSnapshot` events with specified parameters that indicate a security risk. If a manual snapshot is discovered, the system recommends verifying if the snapshot is shared with a trusted AWS account; if not, the snapshot should be deleted and the IAM user who performed the action should be quarantined. The rule specifies that automated snapshots and AWS backup-created snapshots should not trigger alerts, focusing solely on manual and potentially public snapshots.