This detection rule, crafted by Elastic, identifies attempts by non-root users to access specific file paths generally associated with virtual machine hardware information. The rule is triggered when processes attempt to read system files like BIOS version, product name, chassis vendor, and other related system files without root privileges. Such activities are indicative of virtual machine fingerprinting, a reconnaissance technique often employed by malware like Pupy RAT to evade detection and tailor their operations based on the environment. The rule includes comprehensive setup instructions for both Elastic Defend and Auditbeat integrations, alongside detailed investigation and response guidelines for detected threats. With a high severity level and a risk score of 73, this rule is crucial for endpoint protection against sophisticated discovery tactics used by adversaries.