This detection rule identifies potential obfuscation techniques in PowerShell scripts by monitoring for the use of the Set-Alias and New-Alias cmdlets. These cmdlets allow users to create aliases for existing cmdlets, which can be exploited by malicious actors to obscure their intentions or the operations being executed in a PowerShell session. The detection leverages the ScriptBlockText property to examine any executed script blocks for the specified aliases, allowing for real-time alerting on potentially suspicious activities. By requiring that Script Block Logging is enabled, this rule highlights its dependency on Windows PowerShell's logging capabilities to function effectively and provide visibility into potentially malicious script execution.