This detection rule focuses on identifying manual memory dumping activities via the proc filesystem on Linux systems. Memory dumping is a technique often exploited by attackers to extract sensitive information such as passwords and encryption keys from running processes. The rule leverages the Elastic Query Language (EQL) to filter for processes that start with specific commands indicative of memory access through the proc filesystem, particularly when the command line includes patterns like "/proc/*/mem". The rule is aimed at monitoring for potential credential dumping attacks, aligning with the MITRE ATT&CK framework under techniques such as OS Credential Dumping and Exploitation for Credential Access. Important prerequisites for implementing this rule include having Elastic Defend integrated with the Elastic Agent to ensure proper data collection from the host system.