This rule detects the use of PowerShell commands indicative of adversarial reconnaissance attempts targeting internal system data. Specifically, it looks for script block logging entries encapsulating the use of common cmdlets like Get-Service, Get-ChildItem, and Get-Process, which adversaries may leverage to extract information from the system. The detection requires that script block logging is enabled on the system and identifies instances where output is redirected to a temp folder, suggesting that the collected data may be exported or further manipulated. This rule is part of recognizing and mitigating data collection tactics during security monitoring efforts.