This detection rule identifies the use of the `wbadmin.exe` command to delete backup catalogs on Windows systems. The deletion of backup catalogs is a common tactic used by ransomware and other malicious actors to hinder system recovery efforts. The rule is based on monitoring process execution events, specifically looking for instances where `wbadmin.exe` is invoked with arguments indicating catalog deletion. It analyzes various Windows event logs and applies a set of criteria to determine if the action is part of a potential malicious activity. The rule provides guidance on investigation, false positive analysis, and incident response steps to assist security analysts in effectively triaging alerts related to this malicious behavior.