This detection rule identifies newly observed remote named pipes that are not part of a predefined list of known named pipes. By monitoring named pipes accessed remotely, this rule aims to detect potential lateral movement and remote execution attempts via named pipes, which could indicate malicious activity within a network. The rule operates primarily by checking for access attempts to the Inter-Process Communication (IPC) share, filtering out known benign named pipes. The inclusion of filters for specific keywords further sharpens the detection capabilities, aiming to reduce false positives related to legitimate named pipe operations. Overall, this rule serves as a proactive measure to enhance network security by recognizing suspicious behavior associated with named pipe usage.