This rule aims to detect the utilization of the 'sysinfo' system call in Linux environments, which can provide sensitive system statistics such as uptime, load averages, and memory usage. This information can be exploited by malware or reconnaissance tools to gather important data about a system, potentially identifying it as a target for further attacks. The rule employs the auditd service for Linux, requiring specific audit configurations to monitor the syscall. In addition, a specific filter for the Splunk application is included to reduce false positive alerts from legitimate administrative activities. This detection falls under the low severity category due to its generalized nature, though it remains crucial for identifying potential reconnaissance activities on Linux systems.