This rule detects potentially suspicious access requests made to the LSASS (Local Security Authority Subsystem Service) process in Windows environments. The detection focuses on specific GrantedAccess flags that are commonly associated with credential dumping or unauthorized access attempts. The rule is geared towards identifying abnormal behavior by monitoring the process access logs for requests targeting 'lsass.exe'. It uses a combination of direct flag matching (such as those that end with or start with specified hex values) and valid filtering against known processes (like Windows Defender and legitimate applications) to minimize false positives. The rule includes extensive filtering options to reduce alerts from legitimate software and aims to alert on access attempts that could indicate a malicious actor attempting to extract credentials from the LSASS memory space.