This detection rule identifies the execution of the 'net.exe' or 'net1.exe' utilities on Windows systems to mount an Internet-hosted WebDAV share. The rule captures process creation events specifically targeting these utilities, with a focus on their usage in conjunction with HTTP protocol in the command line. By analyzing the command line input, the rule aims to detect lateral movement attempts where attackers may leverage WebDAV shares for data exfiltration or command execution. It is important to monitor such actions, as they can indicate potential compromise or misuse occurring within an organization's network, particularly if unauthorized users are accessing shared resources via the WebDAV protocol. The rule emphasizes comprehensive coverage by requiring both the existence of the specified executables and the inclusion of HTTP commands in the executed command line, providing a stringent context for detection.