This detection rule is designed to identify potential enumeration of groups within Active Directory using the PowerShell cmdlet `Get-AdGroup`. The rule focuses on detecting scripts that contain calls to `Get-AdGroup` along with the `-Filter` parameter, which is commonly utilized by attackers and system administrators alike to retrieve information on domain groups. The context for this detection is set specifically for PowerShell scripts, highlighting the necessity of having Script Block Logging enabled on Windows systems for the detection to work accurately. The rule operates under a low alert level, suggesting that while the behavior is noteworthy, it might also be part of legitimate administrative tasks. Understanding the positioning of this cmdlet within both malicious and benign activities is crucial for analysts in evaluating alerts generated by this rule.