This detection rule identifies potential local email collection activities carried out via PowerShell, which may indicate an adversarial tactic focused on extracting sensitive information from user email accounts on Windows systems. Attackers may utilize PowerShell scripts to access user email data, such as files generated by Microsoft Outlook. The specific indicators of compromise within this rule focus on scripts that reference Outlook interop objects and predefined folder structures. The detection requires that script block logging is enabled to capture the execution of relevant PowerShell anomalies. Notably, common commands and parameters such as `Get-Inbox.ps1`, `-comobject outlook.application`, and references to Outlook default folder structures are monitored. This enables prompt identification of any unauthorized attempts to access or collect email data without proper permissions, thus enhancing the protection of sensitive user information.