This analytic rule detects the execution of a command that enables all SysRq functions on Linux, specifically monitoring for a process that attempts to pipe the bitmask '1' to /proc/sys/kernel/sysrq. The presence of such an action is indicative of attempts to manipulate system requests and is often associated with the AwfulShred malware, which is known for its destructive capabilities. The detection leverages data from Sysmon for Linux (EventID 1) to monitor processes executing the specific command that activates SysRq functionality. This constitutes a significant security risk, as it may allow an attacker to perform critical operations, potentially leading to system compromise or instability.