This detection rule focuses on identifying a high frequency of file deletions specifically within the /etc/ directory on Linux systems, through the analysis of logs generated by Sysmon for Linux. The rule detects occurrences of 200 or more file deletions in a one-hour window, categorized by the process name and process ID involved. Such a pattern of activity is particularly concerning as it may signal wiper malware operations, typified by threats such as AcidRain, which are designed to erase essential system files. Successful implementation of this rule can help organizations mitigate risks of system instability and data loss due to malicious file operations.