This detection rule identifies potential privilege escalation attempts in Linux systems associated with the usage of the `pkexec` command. The focus of the rule is on process telemetry gathered from Endpoint Detection and Response (EDR) agents, specifically looking for instances where `pkexec` is executed without command-line arguments. This pattern is linked to CVE-2021-4034, known as PwnKit, which represents a critical vulnerability in Polkit's pkexec. Exploitation of this vulnerability can grant attackers unrestricted root access to the affected Linux system, leading to a full compromise and potential exposure of sensitive data. The detection logic leverages the Splunk environment to aggregate telemetry data and apply regex filters to pinpoint suspicious behavior. As the deteciton may generate false positives, further filtering is recommended to enhance accuracy.