This rule detects potentially malicious PowerShell commands that modify firewall settings to allow inbound traffic on a specified local port. The analytic utilizes PowerShell script block logging to search for commands that include key terms such as 'firewall', 'Inbound', 'Allow', and '-LocalPort'. These modifications may signal an attacker's attempt to create remote access through unauthorized firewall changes. Successful detection could indicate a risk of unauthorized access to the system, potentially leading to further exploitation or data exfiltration. Security teams should investigate instances flagged by this rule, particularly in contexts where inbound traffic preferences are rarely changed or controlled.