This detection rule targets a potential privilege escalation vulnerability in the Enlightenment window manager on Linux systems, specifically exploiting CVE-2022-37706. The vulnerability arises from a flawed setuid root configuration in the `enlightenment_sys` process, allowing local users to manipulate pathnames and gain unauthorized root access. The rule utilizes EQL (Event Query Language) to detect a sequence of events that may indicate exploitation attempts: it looks for the execution of `enlightenment_sys` with specific arguments alongside a change in user ID (UID) to root within a 5-second timeframe. A risk score of 73 reflects the severity of the potential exploitation. Users must confirm the legitimate nature of any alerts, especially considering the possibility of false positives from known administrative tasks. Response recommendations emphasize immediate isolation of affected systems and thorough investigations to ensure no compromise has occurred, reinforcing the need for patching and monitoring for integrity changes in critical system files.