This detection rule identifies suspicious usage of PowerShell, particularly focusing on instances where PowerShell is executed with commands encoded in Base64. The detection mechanism looks for instances of `powershell.exe` or `pwsh.exe` in the `Image` path and checks if the `CommandLine` contains encoding flags such as `-e`, `-en`, `-enc`, or `-enco`, which are often used to obfuscate payloads. The rule also applies additional filtering criteria to weed out common benign uses of the `-Encoding` parameter and specific Azure-related executions, thereby improving the accuracy of the detection. This is significant as cyber attackers frequently use encoded commands to obfuscate malicious actions executed via PowerShell, exploiting the script host to execute unauthorized commands.