This analytic rule detects suspicious changes to computer account names in Active Directory by monitoring Event ID 4781, which logs account name changes. The specific focus is on instances where the new computer account name does not end with a '$', which is abnormal and may indicate a malicious attempt to exploit vulnerabilities such as CVE-2021-42278 and CVE-2021-42287. Successful exploitation of these vulnerabilities could lead to domain controller impersonation and privilege escalation, allowing an attacker to gain elevated privileges over the domain. The rule leverages Windows Event Log security data and the Splunk platform to identify potentially harmful activities in organizational environments. Actions triggered by this detection can help security teams respond to threats before they escalate into significant security incidents.