This detection rule identifies a pattern of multiple (15) executions of the `nslookup.exe` command from the same host, which may indicate potential command and control (C2) activity via DNS tunneling. Specifically, the rule triggers when there are multiple `nslookup.exe` executions with explicit query types within a 5-minute period. The primary concern is that attackers can leverage DNS queries to bypass network security controls, issuing commands or exfiltrating data through DNS protocol misuse. Additionally, the rule provides guidance for investigation and response, highlighting the need to analyze parent processes, inspect DNS queries, and assess potential indicators of compromise (IoCs).