This detection rule identifies suspicious behavior related to the execution of the Windows command-line tool `cmdkey.exe` with the `/delete` parameter. Cmdkey.exe is used for managing stored credentials, and by deleting stored credentials, attackers can facilitate unauthorized access or privilege escalation. This rule monitors process execution logs from EDR solutions by leveraging Sysmon and Windows Event Logs to flag any instances of cmdkey.exe being executed with the delete command. The identification of such events is crucial as they can indicate malicious intentions to erase user credentials, complicating incident response and allowing attackers to maintain persistence on compromised systems.