This detection rule is designed to identify the execution of specific PowerShell cmdlets associated with PowerView, a toolset utilized within the PowerSploit framework for network and AD reconnaissance. PowerView provides various cmdlets for gathering information about Active Directory domains, local users, groups, and access permissions. By monitoring script blocks for the execution of cmdlets such as 'Find-DomainUserEvent' and 'Invoke-Kerberoast', the rule aims to catch potentially malicious behavior indicative of network intrusion or lateral movement tactics employed by attackers. The detection relies on PowerShell Script Block Logging being enabled, which captures detailed command execution contexts, allowing for effective monitoring of this openly available exploitation technique. The rule is categorized with a high severity level due to the potential implications of such reconnaissance activities that might precede further attacks on network resources.