This detection rule identifies suspicious user agent strings associated with crypto mining activities from proxy logs. It specifically looks for user agents that start with 'XMRig ' or 'ccminer', which are widely used by cryptocurrency mining software to communicate with command-and-control servers. When a match is found based on these criteria, it raises an alert, indicating the potential presence of unauthorized mining operations within the network. The rule is aimed at network security professionals who monitor proxy logs for signs of cryptomining activities that may indicate system compromise or misuse of resources. It is important to validate the findings due to the potential for false positives linked with legitimate use cases.