This analytic rule is designed to detect the execution of the PowerShell command `Get-WmiObject` with the parameter `Win32_UserAccount`, as logged by Windows PowerShell Script Block Logging (EventCode=4104). The detection logic scans for script block text that includes both the command and parameter, indicating an enumeration of local user accounts on the system. This behavior is essential to monitor because it may be employed by adversaries or Red Teams to gather user information as part of their reconnaissance efforts. The enumeration of user accounts can lead to further malicious activities like privilege escalation and lateral movement within the network, making it a critical indicator of potentially harmful behaviors.