Possible Impacket SecretDump Remote Activity - Zeek (92dae1ed-1c9d-4eff-a567-33acbd95b00e)

Detect AD credential dumping using impacket secretdump HKTL. Based on the SIGMA rules/windows/builtin/win_impacket_secretdump.yml

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Possible Impacket SecretDump Remote Activity - Zeek (92dae1ed-1c9d-4eff-a567-33acbd95b00e)	Sigma-Rules	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	1
Possible Impacket SecretDump Remote Activity - Zeek (92dae1ed-1c9d-4eff-a567-33acbd95b00e)	Sigma-Rules	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	1
Possible Impacket SecretDump Remote Activity - Zeek (92dae1ed-1c9d-4eff-a567-33acbd95b00e)	Sigma-Rules	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	1
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2