This rule detects the execution of reconnaissance commands that output their results to the 'findstr.exe' utility, which is commonly used for searching plain text data sets for lines that match a given regular expression. The focus of this rule is on inline command calls to 'cmd.exe,' specifically those utilizing the '/c' or '/k' parameters to execute commands like 'ipconfig,' 'netstat,' 'whoami,' among others. Attackers often leverage these commands during the reconnaissance phase to gather information about the system or network. By monitoring for these specific command line patterns, this detection rule aims to identify potentially malicious activity indicative of system scanning or information gathering by an unauthorized user.