This analytic is designed to detect PowerShell scripts that execute Base64 encoded content, an approach frequently employed by attackers to obfuscate their malicious payloads. By using PowerShell Script Block Logging (EventCode=4104), the rule inspects the full command sent to PowerShell for any occurrences of the `FromBase64String` method or its reverse representation. This detection is critical for identifying potentially harmful scripts that could lead to unauthorized code execution, thereby compromising system integrity. If the analytic identifies such activity, it raises a flag for further investigation, as the ability to decode and execute hidden commands poses significant risks to network security.