diff --git a/eda/rulebooks/insights_detection.yml b/eda/rulebooks/insights_detection.yml
new file mode 100644
index 0000000..142cdb6
--- /dev/null
+++ b/eda/rulebooks/insights_detection.yml
@@ -0,0 +1,19 @@
+---
+- name: Listen for Red Hat Insights events
+  hosts: localhost
+  sources:
+    - redhat.insights_eda.insights:
+        host: 0.0.0.0
+        port: 5000
+  rules:
+    - name: Match Malware detected-malware event
+      condition: 
+        event.payload.application == "malware-detection"
+        and event.payload.event_type == "detected-malware"
+      action:
+        run_job_template:
+          name: "handle-malware-detection"
+          organization: Default
+          job_args: 
+            extra_vars: "{{ event.payload }}"
+