This detection rule identifies anomalous uploads of new containers to the AWS Elastic Container Registry (ECR) that occur outside standard business hours. Utilizing AWS CloudTrail logs, the rule monitors for 'PutImage' API calls executed before 8 AM or after 8 PM, as well as any uploads that occur during weekends. This behavior may signal unauthorized access or the potential for malicious deployments, which warrants further investigation by security operations. Prompt detection and response to such uploads can significantly reduce the risk of security incidents, including data breaches or compromised services. The implementation requires ingestion of CloudTrail logs into Splunk, ensuring compliance with the latest AWS Add-on versions.