The "System Information Discovery" detection rule is designed to identify execution of common commands related to system information retrieval on Linux systems. These commands include '/uname', '/hostname', '/uptime', '/lspci', '/dmidecode', '/lscpu', and '/lsmod'. The rule monitors process creation events within the Linux environment, specifically targeting the execution of these commands that may indicate unauthorized probing for system details by attackers. While such commands are often used for legitimate administrative tasks, their use can also suggest potential reconnaissance activities during a compromise. Administrators should be aware of the possibility of false positives arising from standard system management practices.