This detection rule identifies unauthorized access attempts to the Local Security Authority Subsystem Service (LSASS) process from malicious or suspicious tools that include the keyword "dump" in their image names. The LSASS process is critical to Windows security as it handles various security and authentication tasks, including credential storage. By monitoring access requests to LSASS with a focus on tools potentially designed for credential dumping, this rule helps in the detection of credential theft activities which are commonly exploited by attackers. The access levels monitored include a variety of rights that can indicate a serious security threat when attempted by the specified source processes. This rule aims to provide early detection of attempted credential breaches, enabling prompt incident response to mitigate risks to sensitive information and system integrity.