This rule detects the usage of the PowerShell cmdlet `Get-NetTCPConnection` which can provide adversaries with information about network connections on Windows systems. The ability to query and list TCP connections can give attackers insight into the target's network activity, including which services are communicating externally. The detection logic checks for the presence of the `Get-NetTCPConnection` keyword in logs associated with PowerShell executions. By identifying such queries, defenders can flag potential reconnaissance activities undertaken by an attacker during their session. Detection is classified as low-level due to the commonness of legitimate use cases for network connection queries, but any unauthorized use should be investigated further to maintain security posture.