This rule identifies the execution of `net.exe` or `net1.exe` with command-line arguments used to list network connections. It detects potential network reconnaissance activities by adversaries or Red Teams, aiming to collect information about the network and Active Directory. The detection relies on telemetry from Endpoint Detection and Response (EDR) agents, focusing on process names and command-line executions to assess if the behavior is malicious and could enable attackers to map out the network or plan lateral movement, leading to data exfiltration.