This detection rule aims to identify the use of a specific command-line parameter often associated with cryptocurrency miners, particularly those that operate on Linux systems. The `--cpu-priority` flag is frequently utilized by various coin mining software to adjust the CPU scheduling priority, enabling them to gain more CPU resources for mining tasks. The rule inspects audit logs for attempts to execute commands that start with `--cpu-priority`, capturing multiple occurrences across different command parameters (cmd1 to cmd7). Given the critical nature of this detection, it addresses the growing concerns regarding underground cryptocurrency mining activities that can lead to unauthorized resource utilization and privilege escalation on affected systems.