This detection rule, created by Elastic, monitors for processes that are associated with base64 encoding and decoding activities. Adversaries often use techniques like these to obfuscate their operations and evade detection by security controls. The rule is designed to alert on events categorized as process starts where the process name includes terms related to base64 encoding (e.g., base64, base64plain, base64url, base64mime, base64pem). Its risk score is classified as low, indicating that while the activity may warrant attention, it is not immediately critical. There is acknowledgment of potential false positives from automated tools, such as Jenkins, which may legitimately use encoding mechanisms in their workflows. The rule falls under the 'Defense Evasion' tactic from the MITRE ATT&CK framework and references relevant techniques that involve deobfuscating or decoding files to hide malicious activities. Given its deprecation status effective April 2021, users are encouraged to look for more current detection alternatives.