The detection rule "Suspicious Powershell Command-Line Arguments" identifies potentially malicious PowerShell executions by analyzing command-line arguments. It focuses on instances where PowerShell is invoked with base64 encoded commands alongside specific parameters that alter the execution policy and silent the interactive prompts. These flags are notable because they signify an attempt to execute obfuscated scripts while bypassing standard security measures. The rule utilizes Sysmon EventID 1 data to pinpoint abnormal PowerShell behaviors within the environment. Although effective, this rule has been marked as deprecated due to its substantial overlap with another detection rule for Malicious PowerShell Process - Encoded Command. The rule captures process activities, including process name, parent process information, and execution timestamps, enabling defenders to investigate suspicious activities swiftly. Implementing the rule requires logging configurations that support Endpoint Detection and Response (EDR) capabilities, ensuring thorough logging of command-line executions, and proper normalization to the Splunk Common Information Model (CIM).