This detection rule identifies potential abuse of the Microsoft Management Console (MMC) to execute malicious Group Policy Editor (`gpedit.msc`) commands. Malicious actors may leverage `mmc.exe` to run `.msc` files which could manipulate system configurations or carry out management tasks, leading to unauthorized changes in the Windows environment. The rule is designed to catch instances where `gpedit.msc` is executed, indicating the possible execution of administrative commands that should typically be closely monitored. The detection logic is structured for use with Splunk and utilizes Windows Sysmon event data, focusing on Event Code 1 to track process creations that include `mmc.exe` in the event logs. By monitoring for these events, security teams can respond to potential exploitation attempts stemming from this vector.