This detection rule is designed to identify potential automated data collection activities orchestrated by adversaries using PowerShell on Windows systems. It targets the use of specific PowerShell commands that indicate a search for documents and files such as .doc, .xls, .ppt, .pdf, and common text files. For the rule to function properly, it requires the Script Block Logging feature to be enabled, which records detailed information about all PowerShell scripts and commands executed on the system. The rule establishes a condition that all selections related to file searching commands must be met to trigger an alert, making it effective in pinpointing automated collection attempts that may happen during the reconnaissance or exfiltration stages of an attack.