This rule aims to detect the execution of the `Get-NetTcpconnection` PowerShell cmdlet through PowerShell Script Block Logging (EventCode=4104). Monitoring this cmdlet is crucial as it can indicate reconnaissance activity by malicious actors attempting to gather information about the network infrastructure and identify active connections. Such activities may lead to further attacks such as finding points for lateral movement within a network, which can ultimately threaten the integrity and security of the organization's data and systems. To implement this detection, PowerShell Script Block Logging must be enabled on endpoints, ensuring that instances where `Get-NetTcpconnection` is invoked are logged and can be analyzed for suspicious behavior.