This analytic rule is designed to detect the execution of the Mimikatz binary (mimikatz.exe) on Windows systems. Mimikatz is a notorious tool used for credential dumping, which poses a significant threat to network security by allowing attackers to extract authentication credentials and potentially escalate privileges. This rule utilizes data from various endpoints, particularly from Endpoint Detection and Response (EDR) sources, focusing on related process activities. By examining the process names and original file names, the rule seeks to identify not only straightforward executions of Mimikatz but also instances where the binary might have been renamed to evade detection. Successful identification of this activity is critical, as it can indicate an attempt by malicious actors to harvest sensitive information and move laterally within the network, increasing the risk of data breaches and system compromises.