This detection rule identifies the use of the Windows Management Instrumentation Command-line (WMIC) tool specifically for querying CPU information by monitoring for specific command-line executions. The command 'wmic cpu get name' and similar variations are analyzed as they are commonly employed by attackers during reconnaissance phases to gather information about a system's hardware configuration and processing capabilities. Although WMIC is utilized legitimately by system administrators for inventory and management tasks, abnormal use of such commands can signify potential malicious behavior, such as unauthorized attempts to investigate system environments. By focusing on correlating WMIC executions related to CPU data with other signs of investigative activity, the detection can alert on possible attacker reconnaissance efforts.