This detection rule identifies potential exploitation attempts related to a newly identified vulnerability in Internet Explorer, specifically CVE-2025-33053. Suspicious child processes spawned by the legitimate 'iediagcmd.exe' utility are monitored. The rule uses an EQL (Event Query Language) query to look for processes that are initiated within a specific timeframe and match specific conditions, namely those that are not expected to arise from the designated parent executable. Key investigative steps include examining the process tree for anomalies, checking network activity for unauthorized communication, and scanning the affected system for other signs of compromise. The rule adheres to best practices in threat detection and remediation, promoting a prompt response to isolate affected systems and terminate dubious processes, alongside strategies for minimizing future risks by updating security policies.