This rule is designed to detect potentially malicious activity involving the use of Git to clone repositories that may harbor harmful content. It focuses on the execution of Git commands in a Windows environment, specifically targeting the execution of `git.exe` and `git-remote-https.exe`. The detection criteria include command-line parameters containing keywords indicative of vulnerability exploitation, such as 'exploit', 'CVE-', and 'RemoteCodeExecution', among others. These keywords reflect common patterns associated with malicious activities aimed at exploiting known vulnerabilities. The rule captures process creation events from the Windows operating system, emphasizing both CLI usage and the specific images involved. By filtering for these characteristics, it aims to identify potentially suspicious operations that could lead to security breaches or exploitation within the environment.