This analytic rule detects the use of the PowerShell `Get-WmiObject` command with the `DS_Computer` parameter through PowerShell Script Block Logging, specifically monitoring EventCode 4104. The rule inspects script block text for indications of queries targeting domain computers via Windows Management Instrumentation (WMI). By identifying these queries, the rule aims to mitigate risks associated with Active Directory discovery activities that adversaries commonly utilize for reconnaissance or situational awareness. The potential impact of such behavior is significant, as it may enable attackers to map domain environments, facilitate lateral movement, or escalate privileges within the network. The rule is implemented by enabling PowerShell Script Block Logging on endpoints, allowing for the analysis of these potentially malicious actions in a timely manner.