This detection rule identifies headless browser activity accessing the domains mockbin.org or mocky.io, specifically looking for processes that include the command line arguments '--headless' and '--disable-gpu'. As these headless browsers are frequently employed for automated tasks, they can pose a security risk, potentially being utilized for malicious activities such as web scraping or orchestrating automated attacks. The rule monitors related processes and their activities in the context of security events, making it critical for recognizing attempts to bypass security mechanisms that could lead to data exfiltration or exploitation of web applications. Since legitimate headless browsing is uncommon within organizations, this rule is aimed at identifying potentially nefarious use cases, with a focus on alerting security teams of suspicious behaviors.