This analytic rule, authored by Mauricio Velazco of Splunk, detects the execution of `wmic.exe` with particular command-line arguments aimed at discovering remote systems within a domain. Utilizing telemetry from Endpoint Detection and Response (EDR) agents, this rule focuses on specific process names and command-line executions. The appearance of `wmic.exe` can signify potential reconnaissance efforts by adversaries, which may allow them to construct a view of network resources and Active Directory structures. Such reconnaissance activities, if maliciously confirmed, could facilitate unauthorized access and data exfiltration, making this detection crucial for cybersecurity analysts.