You’d need to take an Action to get a directory listing, searching for psexec.exe. Save the resulting file list in a text file, and use an Analysis to read the results list.
This is very similar to the Solarwinds detections, Method 2, described at DHS Emergency Directive 21-01 - Sunburst - SolarWinds thread that you can use as a good reference.