Cisco NVM - Curl Execution With Insecure Flags

This analytic detects the use of `curl.exe` with insecure flags such as `-k`, `--insecure`, `--proxy-insecure`, or `--doh-insecure` which disable TLS certificate validation. It leverages Cisco Network Visibility Module (NVM) flow data and process arguments to identify outbound connections initiated by curl where TLS checks were explicitly disabled. This behavior may indicate an attempt to bypass certificate validation to connect to potentially untrusted or malicious endpoints, a common tactic in red team operations, malware staging, or data exfiltration over HTTPS.