This detection rule focuses on identifying the creation of a Windows service named 'Sliver' that is indicative of the Sliver Command and Control (C2) framework's lateral movement tactics utilizing the PsExec module. By leveraging Windows Event Code 7045 from the System Event log, this rule highlights potentially malicious activities where an adversary seeks to establish persistence on a compromised system or execute commands remotely. If such service creation is confirmed as malicious, it presents significant risks, including the ability for attackers to maintain control over the system, run arbitrary code, and conduct further infiltration into the network. The implementation requires logs of the specified event codes, and the Splunk platform is recommended for efficient detection and analysis.