This rule monitors the use of the PowerShell cmdlet Get-ADComputer, which is commonly utilized to collect information regarding computers within Active Directory. The detection framework specifically looks for script blocks that contain 'Get-ADComputer' alongside parameters that suggest the intention to retrieve detailed entries about computers, and subsequently output them to a file. The filtering mechanism leverages known patterns in the usage of cmdlets such as 'Select', 'Out-File', 'Set-Content', and 'Add-Content'. This detection is essential as such activities can indicate reconnaissance operations by attackers attempting to gather information about a network prior to executing attacks. Notably, the detection relies on the availability of Script Block Logging being enabled, which is crucial for capturing the relevant PowerShell activities.