This rule detects the termination of critical processes associated with energy facility networks caused by Industroyer2 malware, leveraging Sysmon EventCode 5. Specifically, it focuses on the processes "PServiceControl.exe" and "PService_PPD.exe", which are vital for energy infrastructure operations. The detection is significant as it points towards potential malicious activity aimed at disrupting essential services and could indicate a severe operational impact. Upon detection, an immediate investigation is warranted to confirm the malicious nature of the activity and mitigate potential threats to the energy sector. This rule requires the ingestion of Windows Security Event Logs with EventCode 4698 enabled and is structured to filter and analyze data effectively, thereby aiding in the identification of compromised systems.