The 'System Time enumeration' detection rule targets potential adversary attempts to gather system time and time zone information from Windows systems, particularly in corporate networks. This process is often performed using the 'net.exe' or 'net1.exe' tools, which are frequently exploited by threat actors, such as APT28 (Fancy Bear), to perform reconnaissance and gather intelligent data from compromised machines. The rule operates by monitoring processes that execute within a specified time frame, specifically targeting entries that involve these tools, while also looking for specific patterns in process names that may indicate time queries. Furthermore, the associated techniques, including T1124 under the ATT&CK framework, highlight the broader scope of time-based reconnaissance in cyber threat landscapes. Useful during incident response and threat hunting, this rule is particularly relevant for environments leveraging EDR logs to enhance detection capabilities.