This detection rule identifies unauthorized changes to computer domain account passwords using the ksetup.exe utility on Windows systems. The ksetup.exe tool is typically used in Windows environments to configure settings for Kerberos authentication, and it also allows for the resetting of computer account passwords within a domain. By monitoring process creation events that involve ksetup.exe, and specifically looking for command-line parameters that include '/setcomputerpassword,' this rule aims to detect any out-of-norm behavior that could signal a security threat. Given that improper use of ksetup.exe can indicate potential privilege escalation or account compromise, this rule serves as a proactive measure to alert security teams to investigate potentially malicious activities. The rule leverages details such as the image name and original file name to maximize detection accuracy.