This rule is designed to detect usage of OpenSSL commands that could be employed by adversaries to encrypt data on Unix-like systems. The rule focuses on identifying key patterns associated with the execution of OpenSSL encryption commands. If an attacker encrypts files, either to disrupt availability or to conceal malicious activity, the rule gathers relevant data such as timestamps, host information, user details, and process attributes. It utilizes Splunk's event retrieval capabilities by querying endpoint data logs specific to Unix architectures. Moreover, it aggregates data over one-second intervals to ideally capture rapid encryption activities that may signal a larger attack or compromise. The rule indicates potential impacts associated with data encryption techniques and attempts at evasion of defenses by hiding artifacts, providing an essential layer in monitoring security postures for network and system administrators.