Tag
This rule detects the execution of gpresult.exe with specific arguments to query group policy objects, potentially indicating reconnaissance activity by attackers aiming to understand the Active Directory environment for privilege escalation or lateral movement.