This rule, developed by Michael Hart at Splunk, identifies potentially malicious command lines utilizing a pretrained machine learning classifier. The detection focuses on command lines from Endpoint Detection and Response (EDR) data that exceed 200 characters and contain suspicious keyword combinations typically associated with adversarial PowerShell code, such as 'streamreader', 'webclient', 'mutex', 'function', and 'computehash'. Such command lines can signify attempts to execute malicious scripts or enable unauthorized communications, potentially leading to data exfiltration or system compromise. The detection implementation requires proper ingestion and normalization of EDR logs to facilitate effective monitoring and assessment of unusual command line activities.