This analytic rule is designed to detect instances of `regasm.exe` executing without any command line arguments, a behavior commonly associated with process injection tactics. The detection leverages data from Endpoint Detection and Response (EDR) sources, focusing on process activity and command-line executions. Executing `regasm.exe` in this manner is indicative of efforts by an attacker to manipulate processes for malicious purposes, such as evading detection, granting unauthorized privilege escalation, maintaining persistence, or accessing sensitive data. The detection query utilizes Splunk's datamodels to extract pertinent process information over the last hour and filters results to identify runs of `regasm.exe` devoid of command line parameters. Investigating the context surrounding these events, including network connections and parallel processes, is crucial for confirming whether the behavior constitutes a legitimate threat.