This detection rule targets process activity patterns associated with the Sliver Command and Control (C2) framework. The Sliver framework has become noteworthy for its use by threat actors to automate C2 activities, leading to potential security breaches within Windows environments. The rule looks for specific command-line arguments in process creation events. It identifies the presence of the command-line including '-NoExit -Command [Console]::OutputEncoding=[Text.UTF8Encoding]::UTF8', which signals attempts to invoke PowerShell with particular parameters indicative of a Sliver implant. By analyzing these patterns, the rule helps security teams monitor for and respond to potential Sliver-related threats effectively. The detection relies on data sources focusing on process creation events, enabling timely response to suspicious activities.