title: Sensitive Privilede Use (Mimikatz)
description: hogehoge
author: DeepblueCLI, Zach Mathis
detection:
    selection:
        Channel: Security
        EventID: 4673
    # condition: selection | count(EventID) >  4
falsepositives:
    - unknown
output: |
    Sensitive Privilege Use Exceeds Threshold
    Potentially indicative of Mimikatz, multiple sensitive priviledge calls have been made.
    UserName:%SubjectUserName% Domain Name:%DomainName%
creation_date: 2020/11/8
updated_date: 2020/11/8
comments: