This detection rule identifies instances of the 3CXDesktopApp.exe software version 18.12.x using Sysmon logs and specifically targets versions 18.12.407 and 18.12.416, which are known to contain vulnerabilities that may be exploited by attackers. By analyzing fields such as process name, original file name, and command lines, this rule effectively picks up signs of potentially malicious activity relating to these vulnerable versions. The exploitation of these vulnerabilities could allow unauthorized access or code execution on affected systems, representing significant security risks. The implementation of this search requires an ingestion of logs that track process and command-line activities and necessitates the use of Sysmon version 6.0.4 or later for optimal results. The rule includes mechanisms to mitigate false positives by restricting the search to the specific vulnerable versions of the software and provides helpful diagnostic information to ensure effective identification and management of threats related to 3CX software.