This detection rule identifies the use of the `Invoke-Command` cmdlet in PowerShell, which is commonly employed by adversaries to execute commands on remote systems via Windows Remote Management (WinRM). The rule is designed to capture instances where the cmdlet is used alongside the `-ComputerName` parameter, indicating an attempt to remotely execute scripts on another machine. By leveraging valid accounts, attackers can perform administrative tasks on target machines, which highlights the importance of monitoring such activities to prevent lateral movement within networks. The rule requires Script Block Logging to be enabled to function correctly, as it analyzes the contents of executed scripts for the specified patterns. False positives may arise from legitimate administrative tasks that utilize this cmdlet for standard operational purposes, thus necessitating careful investigation of flagged events.