This detection rule targets a potentially harmful Unix shell command that is capable of deleting critical data from a Linux host. Specifically, it monitors the execution of the 'rm' command executed with both '-rf' and '--no-preserve-root' options, which are often used by attackers to conduct malicious data destruction. This rule employs insights from Endpoint Detection and Response (EDR) systems, where data from Sysmon for Linux is analyzed. Engaging in this command without appropriate safeguards can lead to irreversible data loss, prompt service disruptions, and system compromise. Hence, the detection of such commands is crucial as it serves as an early warning for data destruction attempts, potentially associated with malware like Awfulshred. Immediate investigation and responsive actions are necessary to mitigate the risk posed by such activities.