This detection rule targets the execution of 'rundll32.exe' with the command line argument 'Control_RunDLL', a behavior commonly associated with executing Control Panel Items (.cpl files). The concern arises from the potential exploitation of this execution method, particularly as linked to vulnerabilities such as CVE-2021-40444, which could allow attackers to run arbitrary code, elevate their privileges, or maintain persistence on affected systems. The rule relies on logs collected from Endpoint Detection and Response (EDR) agents, focusing on process execution details such as process names, command-line arguments, and parent processes. It is designed for use in environments that utilize Splunk for security analytics, requiring the ingestion of specific log formats to effectively detect these potentially malicious activities.