As the ongoing energy transition requires more communication infrastructure in the electricity grid, this intro-duces new possible attack vectors. Current intrusion detection approaches for cyber attacks often neglect the underlying phys-ical environment, which makes it especially hard to detect data injection attacks. We follow a process-aware approach to eval-uate the communicated measurement data within the electricity system in a context-sensitive way and to detect manipulations in the communication layer of the SCADA architecture. This paper proposes a sophisticated tool for intrusion detection, which integrates power flow analysis in real-time and can be applied locally at field stations mainly at the intersection between the medium and low voltage grid. Applicability is illustrated using a simulation testbed with a typical three-node architecture and six different (attack) scenarios. Results show that the sensitivity parameter of the proposed tool can be tuned in advance such that attacks can be detected reliably.