This detection rule identifies new command-line arguments executed using the `cmd.exe` with a `/c` parameter that have not been seen previously. It leverages Splunk's threat detection capabilities by analyzing Sysmon Event ID 1 logs, focusing on processes that include specific command-line patterns. The underlying logic tracks the first and last time these command-line arguments are used, aiming to flag newly introduced potential threats or anomalous behavior. The result is compared against a previously seen command line argument list to ensure that only genuinely new entries are raised as alerts. The overall approach helps in highlighting suspicious activities such as potential malware executions or unauthorized use of system commands.