The detection rule identifies the execution of the Sharp Chisel tool through specific command-line arguments that indicate its usage. Sharp Chisel is a known tool in red teaming and penetration testing that creates a secure tunnel for command-and-control (C2) communications. The rule specifically tracks processes created that end with 'SharpChisel.exe' or have a product name of 'SharpChisel'. The detection is set to a high level due to the nature of the tool's capabilities in evading firewall and intrusion detection systems. Given the tool's legitimate use in penetration testing, the rule has a low likelihood of false positives, primarily focusing on situations where Sharp Chisel is not authorized for use.