This detection rule identifies the execution of the PowerShell command 'Get-DomainTrust' which is part of PowerView. This command is utilized to gather information regarding domain trust relationships within a network environment, making it a potentially useful tool for adversaries conducting reconnaissance. By tracking this command's execution via EDR (Endpoint Detection and Response) telemetry, specifically focusing on process and command-line data, the detection aims to flag possible attempts to map out network infrastructure. This activity is particularly concerning as it may indicate that an attacker is seeking to exploit relationships between domains, paving the way for lateral movement or further attacks that could compromise additional systems within the organization. The detection uses Sysmon logs and Windows Event Log Security to monitor process creation and command execution, allowing for real-time monitoring of suspicious activities associated with domain trust reconnaissance.