The deprecated analytic rule detects the use of `net.exe` or `net1.exe` with command-line arguments to query elevated domain groups on Windows systems. It utilizes data from Endpoint Detection and Response (EDR) agents, specifically analyzing process names and command-line executions. The execution of these commands can indicate reconnaissance activities by adversaries aiming to identify high-privileged users in Active Directory. If such activities are confirmed malicious, they could enable potential attacks targeting privileged accounts, privilege escalation, or unauthorized access to sensitive information. While this detection rule has been deprecated, it underscores crucial security considerations regarding privileged access management in enterprise environments.