This detection rule identifies potential process discovery activities on a Windows system by monitoring the execution of the `tasklist.exe` command, which adversaries may use to gather information about currently running processes after gaining access to a system. The rule queries the relevant logs to detect events where `tasklist.exe` is initiated, classified as a process start event. Its primary function is to flag potentially malicious use of the tasklist command, which is part of the broader discovery tactics employed by adversaries. The rule incorporates a moderate risk score of 21, indicating a low level of severity.