This detection rule identifies the execution of the Nltest.EXE process on Windows systems, which may be utilized by attackers for information discovery within a network environment. The rule monitors for specific command executions that could indicate the gathering of sensitive data regarding domain controllers, trust relationships, and other network-related information. Given that legitimate administrative users may also execute these commands for valid purposes, the rule includes a caveat regarding potential false positives.