Vendor
This rule detects the first time a Python process spawns a shell on a given macOS host using the `-c` flag, indicating potential malicious activity stemming from compromised Python environments.