This detection rule is designed to identify and alert on the execution of command-line tools, such as PowerShell or cmd.exe, utilizing arguments that are encoded in Base64. This tactic is commonly employed by threat actors to obfuscate malicious command or script executions, potentially evading traditional security measures or endpoint detection systems. The rule specifically focuses on parameters that contain Base64-encoded commands, which may indicate an attempt to mask malicious intent behind legitimate-looking commands. Compromised systems or users may execute these obfuscated commands to carry out unauthorized actions, so detecting such occurrences is crucial for proactive threat mitigation. The rule leverages CrowdStrike's Falcon platform to scan logs for specific patterns in commands that match this Base64 encoding behavior. A thorough investigation of any alerts triggered by this rule should include decoding the Base64 strings to reveal the actual commands, assisting security personnel in understanding the context and potential risks involved with the detected activity.