The Account Discovery With Net App rule was designed to detect account discovery attempts associated with the 'net' command, often utilized by malware like Trickbot during reconnaissance phases. This analytic has been deprecated in favor of a more generalized rule. The detection relies heavily on data obtained from Endpoint Detection and Response (EDR) solutions, focusing on specific command-line patterns indicative of reconnaissance activities. Such activities are common precursors to malicious actions including lateral movement or privilege escalation within an organization. By identifying the usage of the 'net' command with particular patterns and context, analysts can potentially uncover significant security threats before they escalate. The rule analyzes the process relationships and command-line inputs to generate alerts when it identifies potentially malicious behavior. Given that successful detection may lead to early intervention and remediation, the analytical content and procedures established for this rule remain relevant to understanding wider threat behaviors in environments subject to similar attacks.