The rule titled 'PetitPotam Network Share Access Request' detects network share access requests that could indicate an attempt to exploit the PetitPotam attack (CVE-2021-36942). This attack targets Windows environments by coercing authentication from domain controllers through malicious use of NTLM (NT LAN Manager). The detection is based on Windows Event Code 5145, which logs access attempts to network share objects. If attackers successfully exploit this vulnerability, they can gain unauthorized access, escalate privileges, and move laterally within the network. Therefore, this analytic aims to identify and alert on events leveraging the Anonymous Logon credential to assess potential security risks associated with unauthorized access requests to critical network resources. The rule depends on ensuring that Event Code 5145 is enabled via Group Policy, allowing the effective monitoring of suspicious activities related to the network share access requests.