The detection rule "GetWmiObject Ds Computer with PowerShell" is designed to identify suspicious usage of the PowerShell cmdlet `Get-WmiObject`, specifically with the `DS_Computer` parameter, which is commonly used for discovering information about domain computers in Active Directory. This rule targets the execution of `powershell.exe` with specific command-line patterns indicative of reconnaissance activities, which can be indicative of an adversary's attempts to gather insights about the network and its devices to facilitate further attacks or unauthorized access. The detection leverages data from EDR tools, focusing on process execution and associated command-line arguments. Confirmed malicious instances of this behavior could lead to mapping essential systems within the network and planning further intrusive actions. The rule utilizes specific logs like Sysmon EventID 1 and Windows Event Log Security 4688 along with outputs from CrowdStrike's ProcessRollup2 for comprehensive detection.