This detection rule identifies the execution of PowerShell scripts that invoke a credential prompt. By checking for the presence of the specific command 'PromptForCredential' within PowerShell script blocks, the rule aims to flag potential unauthorized access attempts or credential harvesting activities, typical behavior associated with malicious actors in the cybersecurity realm. The utilization of credential prompts is often indicative of a script that is seeking user credentials, either for legitimate user interactions or for nefarious purposes, highlighting the importance of monitoring PowerShell activities within a Windows environment. The rule is classified under high severity due to the critical nature of credential access and execution attacks. It's important to note that the detection is contingent upon having Script Block Logging enabled in the Windows environment, which provides the necessary granular detail to analyze script executions effectively. This detection is particularly relevant considering the increasing use of PowerShell in both legitimate IT operations and cyber threats.