This detection rule identifies potentially malicious use cases of msiexec.exe, a legitimate Windows program used for installing and modifying software through the Windows Installer framework. It highlights a tactic leveraged by threat actors, such as those behind the FlawedGrace attacks, who exploit msiexec.exe to install malware or execute harmful scripts while appearing legitimate, thus evading security mechanisms. The rule specifically detects instances where msiexec.exe is executed with suspicious parent processes that are commonly associated with malicious activities. By analyzing the parent processes like spoolsv.exe, PowerShell, and taskhost.exe, the rule provides critical insights into potential compromises and aids in safeguarding endpoints from abuse of this system binary. The logic is implemented in Splunk, utilizing regex to filter relevant process names, thereby enhancing detection capabilities against system binary proxy execution techniques.