This detection rule is designed to identify potential privilege escalation attempts on Linux systems through the misuse of the 'make' command. When executed with elevated privileges (via 'sudo'), especially when coupled with options like '--eval', it can allow attackers to invoke system commands as root. Given its significant implications, the rule utilizes telemetry from Endpoint Detection and Response (EDR) agents by monitoring command-line executions. The included search syntax leverages 'Sysmon for Linux' logs which track process executions based on specific command patterns. Detecting this behavior is critical, as verified malicious exploitation could lead to the attacker gaining full control over the system, executing arbitrary commands, and endangering the environment as a whole.