This rule is designed to detect the execution of the 'systeminfo' command, which is commonly used for retrieving system information in Windows environments. The detection is based on monitoring process creation events specifically targeting the 'systeminfo.exe' executable or its alternative naming, 'sysinfo.exe'. By identifying these processes, the rule aims to flag potential misuse of this command that could signify reconnaissance activity conducted by malicious actors. The rule features a low severity level and is primarily focused on enhancing visibility into discovery behaviors on Windows systems.