some fp could occur with similar tools that uses the same command line '--set-password'

source: <a href=https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk_piped_password_via_cli.yml>sigma
technicques: t1219

Techniques

Detects piping the password to an anydesk instance via CMD and the ‘–set-password’ flag.

condition: selection
selection:
  CommandLine|contains|all:
  - '/c '
  - 'echo '
  - .exe --set-password