This detection rule targets unusual Remote Procedure Call (RPC) traffic transmitted over the Internet. RPC is a protocol commonly used for remote system management but can be exploited if exposed publicly. The rule identifies network events on TCP port 135 that originate from the Internet, allowing for a proactive alert against potential initial access attempts by threat actors. By filtering out internal IP addresses and focusing on TCP traffic associated with RPC, it helps to pinpoint suspicious activities possibly related to backdoor channels. Investigation guides and remediation steps are provided to assist in handling verified alerts, making the rule critical in safeguarding against external threats that leverage RPC for unauthorized access.