This detection rule identifies the execution of log query utilities and commands that seek to extract sensitive information from Windows Event Logs. Threat actors often utilize these techniques to access usernames, IP addresses, and hostnames hidden within logs by issuing various commands that probe the logs for specific event IDs or data patterns. The rule employs a combination of command line checks on known log query utilities such as `wevtutil`, `wmic`, and PowerShell cmdlets that are relevant in Windows environments and leverages their potential use in reconnaissance and credential access attacks. Additional specificity is achieved by looking for particular event IDs frequently targeted by attackers. Overall, this is a powerful rule aimed at safeguarding sensitive log data against unauthorized access attempts.