This analytic detection rule identifies the use of the `GetCurrent` method from the WindowsIdentity .NET class through PowerShell Script Block Logging (specifically EventCode=4104). The method is instrumental in identifying the current Windows user, which can be a point of interest for security events. By leveraging the details recorded in PowerShell script block logs, this rule can detect when adversaries or malicious actors invoke this method to gain insights into user identities during Active Directory reconnaissance activities. Since this technique may facilitate privilege escalation or lateral movement within a network if exploited, its detection is vital for maintaining security posture.