This detection rule identifies suspicious attempts to gather information about SMB (Server Message Block) shares on Windows systems through the PowerShell command `get-smbshare`. Adversaries often use such commands to explore shared folders and drives as part of their reconnaissance strategy, allowing them to discover file resources across the network. The rule is particularly pertinent when shared network drives are present, as they can be targeted for lateral movement or data collection. To effectively activate this detection rule, Script Block Logging must be enabled on the system. It aims to flag instances where the `get-smbshare` command is executed, thereby alerting on potentially suspicious activities related to SMB share enumeration.