The Sunburst Correlation DLL and Network Event detection rule identifies the loading of the SolarWinds.Orion.Core.BusinessLayer.dll by the SolarWinds.BusinessLayerHost.exe process, along with DNS queries directed at avsvmcloud.com. This is crucial for recognizing potential Sunburst malware infections resulting from a supply chain attack. The detection mechanism utilizes Sysmon Event IDs 7 and 22 to capture relevant events: Event ID 7 (Driver loaded) is triggered when the malicious DLL is loaded, while Event ID 22 (DNS Query) captures the malicious network activity. The events are correlated over a period of 12 to 14 days to enhance detection accuracy. If suspicious activity is confirmed, it may indicate unauthorized access, data exfiltration, and other compromises of affected systems. Thus, deploying this rule contributes significantly to monitoring and responding to advanced threats associated with the SolarWinds incident.