title: Testrule
logsource:
    category: process_creation
    product: windows
detection:
    selection:
        CommandLine|base64offset|contains|all:
            - foo
            - bar
    condition: selection