diff --git a/rules/windows/process_access/proc_access_win_cred_dump_lsass_access.yml b/rules/windows/process_access/proc_access_win_cred_dump_lsass_access.yml
index 819c68f88..2a5a805aa 100755
--- a/rules/windows/process_access/proc_access_win_cred_dump_lsass_access.yml
+++ b/rules/windows/process_access/proc_access_win_cred_dump_lsass_access.yml
@@ -9,7 +9,7 @@ references:
     - http://security-research.dyndns.org/pub/slides/FIRST2017/FIRST-2017_Tom-Ueltschi_Sysmon_FINAL_notes.pdf
 author: Florian Roth, Roberto Rodriguez, Dimitrios Slamaris, Mark Russinovich, Thomas Patzke, Teymur Kheirkhabarov, Sherif Eldeeb, James Dickenson, Aleksey Potapov, oscd.community (update)
 date: 2017/02/16
-modified: 2022/12/05
+modified: 2023/01/19
 tags:
     - attack.credential_access
     - attack.t1003.001
@@ -80,6 +80,7 @@ detection:
         GrantedAccess:
             - '0x1410'
             - '0x410'
+            - '0x1f3fff'
     filter8:
         SourceImage|endswith:
             - '\thor.exe'