The rule titled 'Non-MSIExec .msi Installation' is designed to monitor and detect installations of .msi files that circumvent the standard Windows installer process, which typically utilizes 'msiexec.exe'. This non-standard installation method can pose a risk as it may indicate potential malware or unauthorized software installation practices. The detection logic employs Splunk query functionalities that seek events with Event IDs 4103 or 4104, which are indicative of process creation or command execution, respectively. The rule specifically focuses on PowerShell execution, further filtering events that involve the installation of .msi files without using 'msiexec'. By employing regex to exclude instances where the 'process_name' is 'msiexec', the rule targets potentially malicious installs conducted by alternative means. The collected data is then aggregated and displayed by time, host, and user to facilitate quick analysis of any suspicious activities related to the installation of .msi files.