This detection rule monitors for the execution of the 'shred' command on Linux systems, employed to irreversibly overwrite files to prevent data recovery. It utilizes data ingested from the Linux Audit daemon (Auditd) and focuses specifically on process names along with command-line arguments associated with the execution of 'shred'. This command can signify malicious intent, notably in destructive attacks exemplified by the Industroyer2 malware that aimed at disrupting critical energy infrastructure. By analyzing the command-line patterns and the context of execution within the logs, this rule seeks to identify potential threats that could lead to data loss or system integrity breaches.