The HackTool - SharpView detection rule targets the execution of the SharpView tool, which is often leveraged by adversaries to conduct reconnaissance on Active Directory (AD) environments. SharpView is utilized for various operations to gain insight into the network configurations and settings of the systems it accesses. The rule activates upon the creation of processes associated with SharpView.exe and specific PowerShell commands related to AD discovery activities. It implements conditions that comprise checks for the original file name and command line arguments containing strings indicative of discovery operations (e.g., 'Get-DomainUserEvent', 'Invoke-Kerberoast'). As such, this rule is critical for identifying potential misuse of SharpView by threat actors during the discovery phase of an attack.