The detection rule identifies attempts by adversaries to perform System Information Discovery on Windows platforms. This method involves acquiring detailed system information, such as the operating system version, installed patches, architecture, and hardware details. This data can aid attackers in deciding the nature of subsequent actions, which may include escalating privileges or installing further malware. The rule employs a Splunk logic format to track specific event codes (4103 and 4104), which relate to PowerShell commands and system information retrieval indicators (e.g., commands like 'systeminfo', 'set', 'hostname', and 'reg query'). The usage of regex helps filter processes related to the information gathering activity. The results are refined using statistics to present values by timestamps and hosts involved, allowing for effective monitoring and alerting in security operations.