This detection rule aims to identify when a user attempts to clear Windows console history, which is a common tactic employed by adversaries to obfuscate their activities on a compromised account. By clearing command history, an attacker can prevent forensic analysis and hide their actions during an intrusion. The rule operates by monitoring PowerShell script block logging to catch commands that explicitly clear history or manipulate the history save path. It monitors for specific commands such as 'Clear-History' and operations that remove items related to console history files. The detection logic includes a combination of commands, making it effective in identifying attempts to conceal malicious activity through console history manipulation.