diff --git a/nursery/interact-with-systemd-via-command-line-on-linux.yml b/nursery/interact-with-systemd-via-command-line-on-linux.yml
new file mode 100644
index 000000000..1be04f480
--- /dev/null
+++ b/nursery/interact-with-systemd-via-command-line-on-linux.yml
@@ -0,0 +1,27 @@
+rule:
+  meta:
+    name: interact with systemd via command line on Linux
+    namespace: host-interaction/service
+    authors:
+      - akshatpal
+    description: detect command-line interaction with systemd services or logs on Linux
+    scopes:
+      static: basic block
+      dynamic: call
+    att&ck:
+      - Discovery::System Service Discovery [T1007]
+    references:
+      - https://man7.org/linux/man-pages/man1/systemctl.1.html
+      - https://man7.org/linux/man-pages/man1/journalctl.1.html
+      - https://man7.org/linux/man-pages/man1/systemd-run.1.html
+  features:
+    - and:
+      - or:
+        - os: linux
+      - or:
+        - api: system
+        - match: create process on Linux
+      - or:
+        - string: /\bsystemctl\b/i
+        - string: /\bjournalctl\b/i
+        - string: /\bsystemd-run\b/i