This analytic rule detects malicious attempts to use the PowerShell cmdlet `Get-WmiObject` with the DS_User class via PowerShell Script Block Logging (EventCode=4104). The detection is significant because it can indicate potential reconnaissance activities aimed at enumerating domain users, which is a common tactic employed by adversaries or red team operations to gather information about Active Directory environments. Such actions can facilitate deeper network penetration, as identifying users aids in targeting accounts for further exploits, privilege escalation, or lateral movement within a network. The detection rule utilizes specific script block text patterns associated with user enumeration commands, and it emphasizes the importance of monitoring for these events to enhance security postures against such threats.