Firstly, Good Post and Question. I am afraid my answer will not make you happy
The maximum you can get in terms of granularity is that you can pick Threat Name ExP:Illegal API Use for the powershell based Exploit Prevention Events. However, This will club all illegal API use events! This is restricted in Automatic Responses.
As you can see the Exploit Prevention Signature rules do not have a separate Event ID by themselves! Hence The Signatures Rule IDs are registered by the endpoint and sent to ePO in the form of Analyzer Rule ID.
I am afraid this would mean that you may have to raise a PER - product Enhancement Request with us.
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Thanks and regards,