This analytic rule monitors for the use of PowerView commandlets, specifically `Get-DomainComputer` and `Get-NetComputer`, which are often used in reconnaissance activities related to Kerberos Constrained Delegation in Active Directory environments. By leveraging PowerShell Script Block Logging (EventCode=4104), the detection identifies when these commandlets are executed with the `-TrustedToAuth` parameter. Such usage can indicate that an adversary is mapping out delegation settings and possibly preparing for privilege escalation or lateral movement within a network. Detection is based on specific ScriptBlockPatterns in the logs, and mitigation strategies might be necessary if irregularities are detected during such analysis. False positives may occur due to legitimate administrative activities.