The rule focuses on detecting suspicious activity involving process discovery on Windows systems using the PowerShell command `Get-Process`. This can be indicative of an attacker trying to determine what processes are running on a system to facilitate further malicious actions. The detection is based on the presence of `Get-Process` within the script block text of PowerShell scripts. To avoid false positives, it is noted that legitimate PowerShell scripts may also use this command; hence, careful analysis of the context in which it is being executed is necessary. For proper operation, Script Block Logging should be enabled on the target systems, allowing the monitoring of executed PowerShell scripts. This rule assists sysadmins and security teams in identifying potential reconnaissance activities within their environments, aiding in the overall security posture against attacks that may exploit discovered services or processes.