This detection rule is designed to identify potentially malicious activity involving the PowerShell cmdlet 'Get-Process', specifically targeting the LSASS (Local Security Authority Subsystem Service) process. The LSASS process is critical for handling security policies and user authentication in Windows operating systems, making it a prime target for credential theft attacks. The rule triggers when a command line is detected containing 'Get-Process lsas' or its aliases 'ps lsas' or 'gps lsas'. This behavior is often associated with attackers attempting to gather sensitive information or manipulate security processes for credential access. The presence of the specified command line might indicate an unauthorized attempt to inspect or compromise the LSASS process and hence is flagged by this rule. As the detection pertains to critical behavioral indicators, it is classified with a high severity level to prompt immediate investigation.