This detection rule identifies suspicious modifications to web proxy settings using the built-in `networksetup` command on macOS systems. The rule aims to flag potential malicious activities such as traffic hijacking or credential theft through modifications that redirect web traffic without user consent. It does so by monitoring specific command arguments (`-setwebproxy`, `-setsecurewebproxy`, `-setautoproxyurl`) while ignoring known legitimate applications in its checks. The rule is particularly relevant in scenarios where adversaries exploit proxy alterations for traffic sniffing or to capture credentials. False positives are mitigated by excluding legitimate software like Fiddler and FreedomHelper from triggering alerts. Effective adherence to established procedures during incidents is emphasized, including immediate isolation of affected devices, resetting web proxy settings, conducting thorough scans for malware, and ensuring enhanced monitoring of proxy settings across the network to thwart future attempts.