The rule 'Potential Base64 Encoded User-Agent' is designed to identify User-Agent strings that end with an equal sign ('='), which is often indicative of Base64 encoding. Base64 is frequently used for obfuscation or encoding of various types of data, including User-Agent information sent in HTTP requests. The detection mechanism relies on the observation that valid Base64-encoded strings commonly end with one or two equal signs as padding. Such patterns may hint at attempts by malicious actors to disguise their tools or techniques, particularly in command-and-control (C2) scenarios where encoded data is utilized to communicate with an external server. This rule leverages logs from a proxy log source to capture potential instances of encoded User-Agent strings, thereby improving the detection of suspicious or malicious activity. Operations teams should assess the frequency of legitimate applications that use similar patterns to minimize false positives during routine monitoring.