The Hunting 3CXDesktopApp Software detection rule aims to identify any instances of the 3CXDesktopApp running on Mac or Windows systems. Leveraging the Endpoint data model's Processes node, this analytic underscores the security significance of the 3CXDesktopApp, especially following the recognition of vulnerabilities in specific versions (18.12.407 and 18.12.416) that can be exploited by attackers. The rule uses data from Sysmon EventID 1, Windows Event Log Security 4688, and CrowdStrike ProcessRollup2 to trigger alerts. If this software is confirmed malicious, it could lead to unauthorized system access or data exfiltration. The implementation requires ingestion of relevant endpoint logs processed with Splunk Technology Add-ons to properly map them to the data model, ensuring effective monitoring and response.