The 'Automated Collection Command Prompt' detection rule focuses on identifying automated methods adversaries utilize to collect sensitive internal data after gaining a foothold within a system or network. The rule is designed to recognize specific command-line activity that appears suspicious due to the extension types of files being accessed or the use of certain commands indicative of collection activities, like directory listings (dir) or text searching (findstr). Specifically, it looks for command-line inputs that include file extensions associated with documents, spreadsheets, or other typical data formats (.doc, .xls, .ppt, etc.) and checks for the usage of these commands in conjunction with file type filtering. A predefined level of confidence is assigned to the detection due to the medium risk associated with such operational behaviors. This rule is relevant for environments using the Windows platform, where 'process creation' logs can be monitored to catch any potentially malicious data gathering attempts by unauthorized users.