The detection rule 'Powershell Execute Batch Script' is designed to identify potentially malicious usage of PowerShell for executing batch scripts, such as .bat or .cmd files. The rule is based on the idea that attackers may leverage the built-in Windows command shell to run unauthorized commands, taking advantage of batch files for automated execution of scripts. The implementation requires that Script Block Logging be enabled, as the rule detects specific script block texts indicative of these executions. The rule captures instances where the PowerShell command includes calls to 'Start-Process' and where script block text contains either '.cmd' or '.bat'. This serves as a signal for abnormal activity that deviates from standard administrative practices, which may include executing legitimate administration scripts. However, in the event of legitimate scripts being run, false positives are a consideration.