This detection rule identifies the execution of the 'shred' command on Linux systems, which is used for securely deleting files by overwriting their data to prevent recovery. The detection is implemented using Endpoint Detection and Response (EDR) agents, focusing on process details—specifically the command-line arguments passed to the 'shred' command. 'shred' is a tool that can be misused in malicious scenarios, particularly observed in incidents involving the Industroyer2 malware that targeted energy sectors. If detected, it indicates a potential threat to critical data as it indicates an attempt to permanently remove files that could be essential for operations. The detection relies on a structured search that evaluates process names and parameters to identify potential misuse of this command, thereby alerting administrators to possible data destruction activities.