The ProcDump Credential Harvest detection rule identifies instances of the legitimate Microsoft tool 'procdump' being used to dump the memory of the 'lsass.exe' process, which is known to contain sensitive user credentials. This behavior is indicative of credential dumping attacks frequently associated with various threat actors such as Agrius, BlackCat, and others, who utilize such techniques to illicitly obtain credentials for further exploitation. The detection is facilitated through Sysmon event data using a Splunk query that captures specific patterns of process execution involving 'procdump' and 'lsass'. Upon identification, the output displays the related events, including the host, user, and file generated from the memory dump, thus allowing security teams to respond effectively to this potential threat. The detection leverages techniques outlined in the MITRE ATT&CK framework under T1003.001 and can aid in identifying malicious activities that attempt to compromise user accounts and escalate attacks within a target environment.