This detection rule identifies instances where the PowerShell console history log (specifically the file 'ConsoleHost_history.txt') has been deleted. The deletion of PowerShell history logs can signify an attempt to eradicate forensic evidence, which is often associated with malicious activities aiming to cover tracks or evade detection. The rule is configured to trigger on file deletion events where the target filename matches the history log located in the PSReadLine directory. Given the nature of this detection, it is categorized under defense evasion tactics aligned with MITRE ATT&CK technique T1070, which pertains to the deletion of logs. This rule is associated with a medium severity level due to the potential significance of log deletions in forensic investigations.