This detection rule identifies the execution of 'dmidecode' from a parent shell process on Linux systems, which is a common method used by adversaries to gather system information that can aid in further exploitation or lateral movement within a network. The rule leverages Elastic Query Language (EQL) to monitor for the specific process calls that indicate the gathering of system data, focusing on instances where 'dmidecode' is executed by common shell processes like 'bash', 'sh', etc. Adversaries might exploit this information as a fingerprint of the compromised system, making it crucial for security systems to alert on its use. With a low severity score of 21, this rule aims to enhance the detection of reconnaissance activities within a Linux environment.