This detection rule identifies processes that execute command lines incorporating named pipes, which are often exploited by adversaries for purposes such as inter-process communication and evading defenses. By analyzing data from Endpoint Detection and Response (EDR) agents, the rule targets command-line executions to detect potentially malicious behaviors reminiscent of the Olympic Destroyer malware, known for its use of named pipes after process injection. Such activities may indicate attempts to maintain persistence, elevate privileges, or circumvent security measures, thereby enhancing the risk of systemic compromise. The rule leverages multiple sources such as Sysmon event IDs and Windows Event Logs, employing a detailed search query to filter relevant process executions.