This detection rule identifies suspicious activity involving the PowerShell `New-PSDrive` command which may indicate attempts by adversaries to access remote network shares via Server Message Block (SMB). The command allows the creation of a virtual drive to a remote filesystem, and when used in conjunction with parameters indicating administrator access (i.e., mapping to admin shares), can facilitate lateral movement within a network. The script block detection looks for specific keywords within the PowerShell command, such as `New-PSDrive`, `-psprovider filesystem`, and remote path indications (e.g., `\\,` followed by `$`). Proper logging must be enabled for detection to work effectively, particularly Script Block Logging on Windows systems. This rule serves as a proactive measure against potential unauthorized access and lateral movement by malicious actors.