This detection rule is designed to identify actions that may indicate an attempt to clear the PowerShell history, a technique commonly used in defense evasion by threat actors. The rule specifically monitors PowerShell script block logs for certain keywords and command patterns typical of commands associated with clearing or preventing the saving of command history. The keywords monitored include `del`, `Remove-Item`, `rm`, and configurations of the `PSReadline` module that change the history save style to `SaveNothing`. The rule requires that Script Block Logging is enabled in the Windows environment to capture these actions effectively. False positives may arise from legitimate PowerShell usage, hence a medium severity level is assigned.