This detection rule targets the execution of "TroubleshootingPack" cmdlets, which can be exploited to utilize CVE-2022-30190, or to perform actions similar to the "msdt" LOLBIN (Living Off The Land Binaries). This rule focuses specifically on detecting powershell scripts making use of the Invoke-TroubleshootingPack command or related subcommands typically found in attack scenarios that leverage this vulnerability. The requirement for Script Block Logging to be enabled ensures that the rule can capture relevant script execution for analysis. The rule outlines the specific components of the command that should be monitored, making it easier for analysts to identify potential misuse in the environment.