This detection rule monitors for an uncommon method of rebooting Linux systems through the SysRq trigger. Specifically, it looks for process executions where an attempt is made to echo 'b' into /proc/sysrq-trigger, which issues a command to reboot the system. This technique was notably used in the Awfulshred malware, indicating potential compromise when observed. The rule queries Endpoint Detection and Response (EDR) data to identify when this command is executed, analyzing the involved processes and their contexts to highlight potentially malicious activity that disrupts system operations.