This detection rule identifies suspicious command-line parameters associated with the usage of Impacket's smbexec.py, a tool commonly utilized for lateral movement within networks. Leveraging data from various endpoint detection sources, the rule focuses on specific command-line patterns that indicate possible malicious activity. This includes patterns of using cmd.exe with parameters that are characteristic of executing Impacket commands, particularly those involving file manipulation on remote machines. Given that both Red Teams and threat actors employ this tool for remote code execution, detecting its usage is critical for mitigating unauthorized access and data exfiltration risks. The rule processes logs from EDR agents and searches for indications that might suggest lateral movement and remote command execution attempts. If confirmed as malicious, these actions could allow attackers extensive access to system resources and sensitive data across the network.