This analytic rule detects the use of Impacket's `wmiexec.py`, a common tool utilized by threat actors for lateral movement within networks. By analyzing command-line parameters associated with processes spawned by `wmiprvse.exe`, the rule identifies specific patterns that indicate potential misuse of the `wmiexec` utility. The detection relies on telemetry from Endpoint Detection and Response (EDR) agents, particularly monitoring Sysmon EventID 1 and Windows Event Log Security 4688. If identified as malicious, this behavior can lead to unauthorized command execution on remote systems, revealing a substantial threat to an organization's cybersecurity posture. The rule aims to proactively detect such lateral movement attempts before they can escalate into significant data breaches or further exploitation of network resources.