The detection rule identifies potentially malicious PowerShell scripts that can access the clipboard, a method attackers use to capture sensitive data like credentials and confidential communications. This rule targets attempts where the clipboard is accessed through common PowerShell commands related to clipboard manipulation. The detection utilizes log inputs from Windows environments to track relevant script activities, specifically looking for script block text indicating clipboard access alongside filtering for known benign scripts and ignoring typical system service accounts. The rule emphasizes a structured response strategy, highlighting investigation steps and potential mitigation techniques to prevent risks associated with clipboard data leakage. Its framework aligns with established MITRE ATT&CK techniques, aiding in situational awareness in security operations.