This detection rule is designed to identify potentially malicious PowerShell scripts that have the capability to dump Kerberos tickets from the Local Security Authority (LSA) on Windows endpoints. The rule aims to recognize behaviors consistent with attackers attempting to acquire credentials for lateral movement within a network, utilizing scripts that contain specific commands related to Kerberos ticket retrieval. The detection uses a query in KQL (Kibana Query Language) to filter for PowerShell script executions that mention key functions such as 'LsaCallAuthenticationPackage' and ticket-related messages. The rule is relevant for security professionals monitoring for advanced threats, especially those pertaining to credential accessing techniques established within the MITRE ATT&CK framework. The investigation involves analyzing the script's content, examining execution chains for malicious characteristics, and taking appropriate response actions if malicious activity is confirmed.