This detection rule monitors the execution of SharpHound command-line arguments, specifically targeting `-collectionMethod` and `invoke-bloodhound`. SharpHound is part of the BloodHound toolkit, used for Active Directory enumeration, which can facilitate lateral movement and privilege escalation by attackers. The rule utilizes data from Endpoint Detection and Response (EDR) agents, examining processes and command-line executions to identify potentially malicious behaviors linked to network mapping and target identification. By monitoring for these specific command-line arguments, the detection aims to flag significant security incidents that could lead to further cyber threats.