This detection rule is designed to identify potentially malicious activity involving the creation of executable script processes on Windows systems. Specifically, it focuses on detecting common script file types such as BAT (batch files), SH (shell scripts), and PS1 (PowerShell scripts) that are spawned by executable parent processes. The logic implemented employs Snowflake SQL to query the CrowdStrike EDR logs for relevant events occurring within the last two hours. It specifically looks for instances where the parent process name ends with '.exe' and where the process matches the regex pattern for script file extensions. This type of alert targets the tactics and techniques associated with Advanced Persistent Threat (APT) actors known for their use of scripting in various attacks, including APT28, APT29, and others listed. The rule's emphasis on executable scripts highlights a common strategy employed by these threat actors to circumvent defenses and execute unauthorized commands.