This detection rule aims to identify malicious PowerShell invocations that utilize Base64 encoding to obfuscate their command execution. It specifically looks for processes that are executing PowerShell with certain characteristics, namely those ending in 'powershell.exe' or 'pwsh.exe' and utilizing the '-e' flag, which is commonly used to execute Base64 encoded commands. The rule also examines the command line for known Base64 encoded strings that are commonly associated with 'Invoke-' cmdlets in PowerShell, which are often exploited for executing malicious payloads. The presence of these encoded commands could indicate an attempt to evade detection by security solutions and run malicious scripts within the Windows environment. Given the rise in attacks utilizing PowerShell for execution due to its powerful capabilities, this rule is critical for detecting sophisticated threats that leverage encoded commands.