This detection rule identifies the execution of Mimikatz-based attacks, specifically focusing on the command-line arguments commonly utilized by Mimikatz to extract credentials from Windows systems. Mimikatz is a well-known hacking tool that is often leveraged by attackers to perform credential dumping, which can include actions such as extracting passwords from memory, Kerberos ticket manipulation, and more. The rule defines a structured selection process that triggers alerts on the presence of specific command line arguments indicating the use of Mimikatz or its various function and module names associated with credential dumping operations. By cataloging these known command line patterns, the rule facilitates the detection of potentially malicious activity in environments where Windows processes and security are critical. The intended outcome is to bolster defenses against unauthorized access and credential theft, ensuring proactive monitoring and response capabilities are in place.