This detection rule aims to identify potentially malicious communication with the Notion API by non-browser processes on Windows systems. The rule specifically looks for processes that are not known standard web browsers but are still making network connections to the Notion API endpoint (api.notion.com). This behavior is pointed out as potentially indicative of covert command-and-control (C2) activity, particularly referencing tools like "OffensiveNotion C2" that exploit legitimate applications to evade detection. The detection logic filters out known web browsers and the Notion application itself to focus on any processes that are likely operating maliciously. By identifying these unusual connections, security teams can further investigate potential compromises or unauthorized data exfiltration activities.