This detection rule is designed to identify if an executable on a Windows environment is attempting to access the portmap.io domain. Accessing this domain could indicate that a system is engaging in unauthorized communications possibly linked to command and control (C2) activities or data exfiltration attempts by threat actors. The rule monitors network connections specifically by filtering for events where the 'Initiated' flag is set to true and verifies that the destination hostname ends with the designated '.portmap.io' suffix.