This detection rule identifies the execution of commands using `cmd.exe /c`, a technique that is frequently exploited by attackers to facilitate the execution of batch commands or invoke other shell environments such as PowerShell. The rule integrates data gathered from Endpoint Detection and Response (EDR) agents, which provide crucial insights into command-line executions and associated process metadata. This monitoring is essential for recognizing potential script-based attacks or unauthorized command executions within an environment. When such behavior is determined to be malicious, it can result in serious security incidents including unauthorized code execution, privilege escalation, or persistence within the system. Security analysts should implement this rule to enhance their capability to detect and respond to nefarious activity involving command execution on endpoints.