This analytic detects the execution of the `Invoke-AzureHound` command-line argument, which is indicative of the AzureHound tool being used for reconnaissance within Azure environments. AzureHound is known to expose sensitive information by mapping Azure Active Directory (Azure AD) structures, making it a valuable tool for attackers aiming for privilege escalation or further attacks on Azure infrastructures. The detection leverages data collected from Endpoint Detection and Response (EDR) agents, particularly focusing on the process names and command-line arguments related to the specified command. When the command is executed, it may signal an active reconnaissance attempt, necessitating further investigation to determine if the activity is malicious in nature.