This detection rule addresses the execution of TruffleHog on Linux systems. TruffleHog is a tool designed to find secrets in various platforms such as Git, Jira, Slack, and SharePoint. While it serves legitimate purposes for CI pipelines and security assessments, its misuse has been reported, particularly in the 'Shai-Hulud' malware campaign, which targeted npm packages to extract sensitive information. The rule triggers when either the TruffleHog binary is executed or when command lines containing references to the aforementioned platforms are processed. Given the nature of its execution, although it can be a legitimate tool in the hands of security professionals or developers, its presence warrants attention due to its potential for misuse.