Credential Dumping Activity By Python Based Tool (f8be3e82-46a3-4e4e-ada5-8e538ae8b9c9)

Detects LSASS process access for potential credential dumping by a Python-like tool such as LaZagne or Pypykatz.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Credential Dumping Activity By Python Based Tool (f8be3e82-46a3-4e4e-ada5-8e538ae8b9c9)	Sigma-Rules	1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2