This detection rule identifies the creation of a new trust to a domain, specifically monitoring Windows Event ID 4706, which signifies that a new trust relationship has been established in Active Directory. The addition of domains through trusts is a rare event, and it is essential to verify the legitimacy of such changes to protect the organization's security posture. Trusts can be exploited by attackers to gain unauthorized access and escalate privileges within the network. As a result, any instance of Event ID 4706 should trigger an alert for security teams for further investigation. Because legitimate operations might also cause this event, the detection includes a note on potential false positives, particularly legitimate extensions of domain structures. Therefore, while the rule is classified as medium severity, careful analysis is recommended to distinguish between legitimate and malicious activity surrounding domain trust creation.