This rule identifies command-and-control (C2) beaconing activity utilizing a statistical model with high confidence, crucial for detecting covert communications between attackers and compromised systems. Beaconing allows attackers to receive commands, exfiltrate data, sustain persistence, and maintain stealth within a network. The rule operates on network logs collected through the Network Beaconing Identification integration, requiring setup through the Elastic Defend or Network Packet Capture integrations. It employs a query that triggers alerts based on a beaconing score of 3, indicating potential malicious activity. Analysts are guided through a detailed triage and analysis process to investigate flagged traffic, differentiate legitimate from suspicious traffic, and implement necessary response and remediation actions to mitigate threats. The rule also incorporates a risk score of 21, categorizing it as low severity, while emphasizing the importance of thorough investigation to avoid false positives caused by benign network activities. Moreover, it is mapped to the MITRE ATT&CK framework, specifically under the Command and Control tactic, providing context for threat actors' methodology and enhancing the security posture against C2 threats.