This detection rule targets PowerShell script blocks that exhibit high entropy and non-uniform character distributions, characteristics typically associated with obfuscation techniques employed by attackers. The rule examines PowerShell logs for scripts exceeding 1000 characters with entropy values equal to or above 5.3 and a standard deviation of character surprisals over 0.7. These markers suggest possible encoded or encrypted data in the scripts, often used to evade detection mechanisms. It incorporates a review of specific fields that can provide insights into the execution context and the nature of the script contents. False positives may arise from legitimate scripts used in automation or administrative contexts. Therefore, the rule includes extensive investigation steps, focusing on contextual factors, script provenance, and correlation of suspicious activities across systems, ensuring thorough analysis before escalating alerts.