This detection rule identifies the execution of Masscan, a powerful open-source network security scanner. Masscan is designed to scan large networks at high speeds, making it a preferred tool for threat actors looking to discover open ports and vulnerabilities on remote systems. The detection rule leverages Splunk to monitor Unix-based operating systems, capturing instances where the Masscan executable is run. The rule retrieves endpoint data, checks for the term 'masscan' in process names using a regular expression, and logs detailed information about the execution, such as the user, host, and relevant process details. By monitoring for the use of such tools, security teams can potentially mitigate the risks associated with reconnaissance activities that may lead to exploitation attempts.