This rule detects the use of the "<" operator in command line executions through 'cmd.exe', which can potentially indicate an attempt to read from standard input (stdin) via a redirected input stream. The operator could facilitate unauthorized access to file contents and might be used as part of an execution chain to execute malicious scripts or commands. This detection rule focuses specifically on process creation events related to 'cmd.exe'. It uses the selection criteria to filter for processes where the executed command line includes the '<' character, indicating that the command is attempting to read input from a file. Given that this functionality may be used legitimately or maliciously, false positives may occur, particularly with benign scripts or command usage. As such, further investigation is suggested for any alerts generated by this rule.