This analytic rule detects the execution of the `Get-DomainGroup` PowerShell cmdlet via PowerShell Script Block Logging (EventCode=4104). The `Get-DomainGroup` command is utilized primarily for enumerating domain groups within a Windows Active Directory environment, and it is a part of the PowerView toolkit. The monitoring of this command is crucial as its execution might indicate reconnaissance activity by adversaries or Red Teams, aimed at mapping the Active Directory infrastructure for potential vulnerabilities. Should such activity be confirmed as malicious, it could lead to further attacks including privilege escalation or lateral movement within the network. This rule relies on capturing and analyzing script block text associated with PowerShell events to identify executes of the command, providing security professionals insights into potentially harmful engagements in their network.