The detection rule titled 'Enable WDigest UseLogonCredential Registry' aims to identify unauthorized modifications to the WDigest registry settings in Windows systems. This rule targets changes made to the 'UseLogonCredential' registry value, which when set to 1, enables the storage of plain-text credentials in memory. Such modifications are typically exploited by malware (notably Mimikatz) to facilitate credential dumping, allowing attackers to capture sensitive user credentials. By monitoring specific registry paths defined in the Endpoint.Registry data model, the rule highlights potentially malicious attempts that could lead to credential theft and subsequent lateral movement within a network. This capability is critical for security professionals to detect and mitigate risks associated with credential exploitation during an attack lifecycle.