feat: Generate low sigma match for new credential logon

rules/windows/builtin/win_susp_logon_newcredentials.yml

@@ -0,0 +1,19 @@
+title: Outgoing Logon with New Credentials
+id: def8b624-e08f-4ae1-8612-1ba21190da6b
+status: experimental
+description: Detects logon events that specify new credentials
+references:
+    - https://go.recordedfuture.com/hubfs/reports/mtp-2021-0914.pdf
+author: Max Altgelt
+date: 2022/04/06
+logsource:
+    product: windows
+    service: security
+detection:
+    selection:
+        EventID: 4624
+        LogonType: 9
+    condition: selection
+falsepositives:
+    - Legitimate remote administration activity
+level: low