This analytic rule detects the execution of the PowerShell cmdlet `export-certificate` using Script Block Logging, crucial for identifying potential certificate exfiltration attempts by adversaries on Windows endpoints. Such activities pose significant security risks as stolen certificates can lead to impersonation, decryption of sensitive data, or further attacks on systems. By monitoring this behavior, organizations can prevent unauthorized access to encrypted communications and sensitive information which could otherwise compromise the integrity and confidentiality of their systems.