This detection rule is designed to identify potential enumeration of local network configurations on Linux systems by monitoring process creation events specifically targeting network-related commands. The rule focuses on identifying instances where certain network management commands like 'firewall-cmd', 'ufw', 'iptables', 'netstat', 'ss', 'ip', 'ifconfig', 'systemd-resolve', and 'route' are spawned, suggesting that an entity may be probing the system's network configuration. Additionally, the rule checks whether the command line associated with these processes contains references to '/etc/resolv.conf', which could indicate attempts to access DNS configuration. The condition requires that at least one of these criteria is met, providing flexibility in detection while mitigating false positives originating from legitimate administrative activities. As network discovery is a common precursor to various attacks, such detection is valuable for maintaining system integrity and security.