This analytic rule identifies the use of `curl.exe` with insecure flags (such as `-k`, `--insecure`, `--proxy-insecure`, or `--doh-insecure`), which disable TLS certificate validation. It uses flow data from the Cisco Network Visibility Module (NVM) alongside process arguments to detect outbound connections where TLS validation has been explicitly disabled. The presence of these flags suggests an intention to bypass certificate checks, potentially allowing connections to untrusted or malicious endpoints. Such behavior is often associated with red team operations, malware staging, or data exfiltration over HTTPS. The rule will generate alerts whenever users attempt to execute `curl` in a manner that could compromise the security of the network communications, making it a vital detection mechanism within the security infrastructure.