Minor malicious_powershell_process___encoded_command search update

[SirDuckly]

I've noticed that the alert Malicious PowerShell Process - Encoded Command has some regex within the SPL which will currently not match -EncodedCommand events.

The regex string in the search is:

 \"(?i)[\\-|\\/|\u2013\|\u2014|\u2015]e(nc*o*d*e*d*c*o*m*m*a*n*d*)*\\s+[^-]\"

Which will not match events which invoke Encoded command in the following ways:

• -EncodedCommand
• -E
• -En
• etc.

I'd like to change the regex to be similar to the regex fround in the link which was provided (https://regexr.com/662ov) with a small change. Currently the regex looks like this:
[\-|\/|–|—|―][Ee^]{1,2}[NnCcOoDdEeMmAa^]+\s+[A-Za-z0-9+/=]{5,}

I would like to include speech marks around the second part of the regex so it looks like this (added [\"]?):
[\-|\/|–|—|―][Ee^]{1,2}[NnCcOoDdEeMmAa^]+\s+[\"]?[A-Za-z0-9+/=]{5,}[\"]?

This is because you can perform a command like this:
ps.exe -EncodedCommand "$encodedData"
And with the current regex, this will be missed by the alert.